[SCM] Samba Website Repository - branch master updated

2021-05-20 Thread Simo Sorce
The branch, master has been updated
   via  a245a47 Freenode -> Libera.chat
  from  3548fc7 Add Samba 4.13.9.

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit a245a472aff7db78a908473a28c7f1d6e91d624c
Author: Simo Sorce 
Date:   Thu May 20 11:38:33 2021 -0400

Freenode -> Libera.chat

Signed-off-by: Simo Sorce 

---

Summary of changes:
 devel/TODO.html | 4 +++-
 irc.html| 6 ++
 2 files changed, 5 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/devel/TODO.html b/devel/TODO.html
index 1196809..604cef5 100755
--- a/devel/TODO.html
+++ b/devel/TODO.html
@@ -16,7 +16,9 @@
 
 Coding Projects
 
-All coding work needs to be coordinated with a Samba 
Team member, at the very least, on the https://lists.samba.org/listinfo/samba-technical";>samba-technical mailing 
list or on the #samba-technical IRC channel (irc.freenode.net).  Don't just 
start coding and expect patches to automatically be integrated in.  Obviously, 
projects by specific team members need to be coordinated with those team 
members in charge.
+All coding work needs to be coordinated with a Samba
+Team member, at the very least, on the https://lists.samba.org/listinfo/samba-technical";>samba-technical 
mailing list or on the #samba-technical IRC channel (irc.libera.chat).  
Don't just start coding and expect patches to automatically be integrated in.  
Obviously, projects by specific team members need to be coordinated with those 
team members in charge.
 
 For those without Git write access (non-team members), patches should be
 incremental and in the form of context diffs (attached diff -u output or better
diff --git a/irc.html b/irc.html
index 3f312b0..79e612e 100644
--- a/irc.html
+++ b/irc.html
@@ -5,7 +5,7 @@
 Samba IRC Channels
 
 Samba is discussed on two IRC channels on the http://www.freenode.net/";>FreeNode network (irc.freenode.net).
+href="https://libera.chat/";>Libera.Chat network (irc.libera.chat).
 
 
 #samba
@@ -29,8 +29,6 @@ href="http://www.freenode.net/";>FreeNode network 
(irc.freenode.net).
Note: This channel is for discussion about 
development issues only, not for questions about problems with 
Samba!
 
-Logs for #samba-technical are available at http://irclog.samba.org/";>http://irclog.samba.org/.
-
-Freenode has a couple of http://freenode.net/channel_guidelines.shtml";>general notes about 
behaviour in IRC channels.
+Libera.chat has a couple of https://libera.chat/guidelines";>general notes about behaviour in IRC 
channels.
  
 


-- 
Samba Website Repository



[SCM] Samba Shared Repository - branch master updated

2018-03-19 Thread Simo Sorce
The branch, master has been updated
   via  f5e3b1e Remove dead code
   via  01319b6 Revert "Use "localhost" to be ipv6 only friendly"
   via  3e8c509 Use "localhost" to be ipv6 only friendly
  from  f092ac5 Update help text for dbcheck

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f5e3b1e9d31510490976b992074024c5a0c1393b
Author: Simo Sorce 
Date:   Sun Mar 18 14:15:30 2018 -0400

Remove dead code

Signed-off-by: Simo Sorce 
    
    Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144

commit 01319b6e659ab29050dd3aa14d800d6f77e511d5
Author: Simo Sorce 
Date:   Sat Mar 17 14:50:49 2018 -0400

Revert "Use "localhost" to be ipv6 only friendly"

This reverts commit 54548f6dde3cf74f0e90ef577a55fd720dca6d93.

commit 3e8c50901c982aaddd86f81328a89e16f1bb5289
Author: Simo Sorce 
Date:   Sat Mar 17 14:07:37 2018 -0400

Use "localhost" to be ipv6 only friendly

Signed-off-by: Simo Sorce 

---

Summary of changes:
 file_server/file_server.c|  1 -
 file_server/file_server.h| 25 -
 source4/smb_server/service_smb.c |  1 -
 source4/winbind/winbindd.c   |  1 -
 4 files changed, 28 deletions(-)
 delete mode 100644 file_server/file_server.h


Changeset truncated at 500 lines:

diff --git a/file_server/file_server.c b/file_server/file_server.c
index 20fa577..1b6a01b 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -26,7 +26,6 @@
 #include "lib/param/param.h"
 #include "source4/smbd/service.h"
 #include "source4/smbd/process_model.h"
-#include "file_server/file_server.h"
 #include "dynconfig.h"
 #include "nsswitch/winbind_client.h"
 
diff --git a/file_server/file_server.h b/file_server/file_server.h
deleted file mode 100644
index 7da9437..000
--- a/file_server/file_server.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   run s3 file server within Samba4
-
-   Copyright (C) Andrew Tridgell   2011
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
-  open the s3 smb server sockets
-*/
-void s3_smbd_task_init(struct task_server *task);
diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c
index ddf24a9..3f0f009 100644
--- a/source4/smb_server/service_smb.c
+++ b/source4/smb_server/service_smb.c
@@ -33,7 +33,6 @@
 #include "param/share.h"
 #include "dsdb/samdb/samdb.h"
 #include "param/param.h"
-#include "file_server/file_server.h"
 #include "ntvfs/ntvfs.h"
 #include "lib/cmdline/popt_common.h"
 /*
diff --git a/source4/winbind/winbindd.c b/source4/winbind/winbindd.c
index 6aa0418..7fb0836 100644
--- a/source4/winbind/winbindd.c
+++ b/source4/winbind/winbindd.c
@@ -27,7 +27,6 @@
 #include "lib/param/param.h"
 #include "source4/smbd/service.h"
 #include "source4/smbd/process_model.h"
-#include "file_server/file_server.h"
 #include "dynconfig.h"
 #include "nsswitch/winbind_client.h"
 


-- 
Samba Shared Repository



[SCM] Samba Shared Repository - branch master updated

2015-05-29 Thread Simo Sorce
The branch, master has been updated
   via  461c69b s3:smb2_server: In CCM and GCM mode we can't reuse nonces
   via  477ecfb libcli/smb: In CCM and GCM mode we can't reuse nonces
  from  3073a2e ctdbd_conn: Fix CID 1301580 Explicit null dereferenced

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 461c69bd7c52c8b980cf56be2abf9ce7accb6048
Author: Simo Sorce 
Date:   Wed May 20 14:01:44 2015 +0200

s3:smb2_server: In CCM and GCM mode we can't reuse nonces

Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Simo Sorce 
Signed-off-by: Stefan Metzmacher 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri May 29 22:38:50 CEST 2015 on sn-devel-104

commit 477ecfbdaf73a8a2b7af31938c14b84242336460
Author: Stefan Metzmacher 
Date:   Thu May 28 15:20:54 2015 +0200

libcli/smb: In CCM and GCM mode we can't reuse nonces

Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300

Signed-off-by: Stefan Metzmacher 
    Reviewed-by: Simo Sorce 

---

Summary of changes:
 libcli/smb/smb2_constants.h|  5 +++
 libcli/smb/smbXcli_base.c  | 71 +--
 source3/librpc/idl/smbXsrv.idl |  2 ++
 source3/smbd/smb2_server.c | 76 +-
 source3/smbd/smb2_sesssetup.c  | 31 +++--
 5 files changed, 148 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 2bda4e9..f6edf6b 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -138,6 +138,11 @@
 /* Values for the SMB2_ENCRYPTION_CAPABILITIES Context (>= 0x310) */
 #define SMB2_ENCRYPTION_AES128_CCM 0x0001 /* only in dialect >= 0x224 
*/
 #define SMB2_ENCRYPTION_AES128_GCM 0x0002 /* only in dialect >= 0x310 
*/
+#define SMB2_NONCE_HIGH_MAX(nonce_len_bytes) ((uint64_t)(\
+   ((nonce_len_bytes) >= 16) ? UINT64_MAX : \
+   ((nonce_len_bytes) <= 8) ? 0 : \
+   (((uint64_t)1 << (((nonce_len_bytes) - 8)*8)) - 1) \
+   ))
 
 /* SMB2 session (request) flags */
 #define SMB2_SESSION_FLAG_BINDING   0x01
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 2f47fe6..c2ba83a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -34,6 +34,9 @@
 #include "librpc/ndr/libndr.h"
 #include "libcli/smb/smb2_negotiate_context.h"
 #include "lib/crypto/sha512.h"
+#include "lib/crypto/aes.h"
+#include "lib/crypto/aes_ccm_128.h"
+#include "lib/crypto/aes_gcm_128.h"
 
 struct smbXcli_conn;
 struct smbXcli_req;
@@ -150,6 +153,8 @@ struct smb2cli_session {
bool should_encrypt;
DATA_BLOB encryption_key;
DATA_BLOB decryption_key;
+   uint64_t nonce_high_random;
+   uint64_t nonce_high_max;
uint64_t nonce_high;
uint64_t nonce_low;
uint16_t channel_sequence;
@@ -2863,6 +2868,8 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req 
**reqs,
int tf_iov = -1;
const DATA_BLOB *encryption_key = NULL;
uint64_t encryption_session_id = 0;
+   uint64_t nonce_high = UINT64_MAX;
+   uint64_t nonce_low = UINT64_MAX;
 
/*
 * 1 for the nbt length, optional TRANSFORM
@@ -2913,6 +2920,31 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req 
**reqs,
 
encryption_session_id = state->session->smb2->session_id;
 
+   state->session->smb2->nonce_low += 1;
+   if (state->session->smb2->nonce_low == 0) {
+   state->session->smb2->nonce_high += 1;
+   state->session->smb2->nonce_low += 1;
+   }
+
+   /*
+* CCM and GCM algorithms must never have their
+* nonce wrap, or the security of the whole
+* communication and the keys is destroyed.
+* We must drop the connection once we have
+* transfered too much data.
+*
+* NOTE: We assume nonces greater than 8 bytes.
+*/
+   if (state->session->smb2->nonce_high >=
+   state->session->smb2->nonce_high_max)
+   {
+   return NT_STATUS_ENCRYPTION_FAILED;
+   

[SCM] Samba Website Repository - branch master updated

2014-06-12 Thread Simo Sorce
The branch, master has been updated
   via  ca6206d Add Red Hat link to Team members working for RH
  from  244c099 Add Jose to Team page.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit ca6206d2846ff2ec002c92b48ef74fb16f7bc7fc
Author: Simo Sorce 
Date:   Thu Jun 12 10:19:18 2014 -0400

Add Red Hat link to Team members working for RH

---

Summary of changes:
 team/index.html |   14 +++---
 1 files changed, 7 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/team/index.html b/team/index.html
index 2d861ad..3cc1e2c 100755
--- a/team/index.html
+++ b/team/index.html
@@ -52,14 +52,14 @@ mailing list and start contributing to the development 
of Samba.
 mailto:anato...@samba.org";>Anatoliy Atanasov
 http://samba.org/~abartlet/";>Andrew Bartlett
 mailto:k...@samba.org";>Kai Blin
-mailto:a...@samba.org";>Alexander Bokovoy
-mailto:i...@samba.org";>Ira Cooper
+mailto:a...@samba.org";>Alexander Bokovoy (https://www.redhat.com/";>Red Hat)
+mailto:i...@samba.org";>Ira Cooper (https://www.redhat.com/";>Red Hat)
 http://samba.org/~sdanneman/";>Steven Danneman
-http://samba.org/~gd";>Günther Deschner
+http://samba.org/~gd";>Günther Deschner (https://www.redhat.com/";>Red Hat)
 mailto:dd...@samba.org";>David Disseldorp (https://www.suse.com/";>SUSE)
 mailto:sfre...@samba.org";>Steve French
 mailto:pa...@samba.org";>Paul Green
-http://ubiqx.org/";>Chris Hertel
+http://ubiqx.org/";>Chris Hertel (https://www.redhat.com/";>Red Hat)
 mailto:hhet...@samba.org";>Holger Hetterich (https://www.suse.com/";>SUSE)
 http://people.su.se/~lha/";>Love Hörnquist 
Åstrand
 mailto:ami...@samba.org";>Amitay Isaacs
@@ -83,15 +83,15 @@ mailing list and start contributing to the development 
of Samba.
 mailto:jpe...@samba.org";>James Peach
 mailto:t...@samba.org";>Tim Potter
 http://samba.org/~tprouty/";>Tim Prouty
-http://jarrpa.net";>José A. Rivera
+http://jarrpa.net";>José A. Rivera (https://www.redhat.com/";>Red Hat)
 http://ozlabs.org/~rusty/";>Rusty Russell
 mailto:c...@samba.org";>Christof Schmitt
-http://samba.org/~asn/";>Andreas Schneider
+http://samba.org/~asn/";>Andreas Schneider (https://www.redhat.com/";>Red Hat)
 http://martin.meltin.net/";>Martin Schwenke
 mailto:ksee...@samba.org";>Karolin Seeger (http://www.sernet.de/en/";>SerNet)
 http://www.richardsharpe.com";>Richard Sharpe
 mailto:d...@samba.org";>Dan Shearer
-mailto:i...@samba.org";>Simo Sorce
+mailto:i...@samba.org";>Simo Sorce (https://www.redhat.com/";>Red Hat)
 mailto:mi...@samba.org";>Rafal Szczesniak
 mailto:j...@samba.org";>John Terpstra
 http://samba.org/~tridge/";>Andrew Tridgell


-- 
Samba Website Repository


[SCM] Samba Shared Repository - branch master updated

2014-05-13 Thread Simo Sorce
The branch, master has been updated
   via  3f60f0e Fix selfetet environment user gid
  from  c1507bc s4:imessaging: Remove event context from irpc and 
imessaging structures

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 3f60f0e36b6de1be3944f8de039df875a2278078
Author: Simo Sorce 
Date:   Tue May 13 12:57:10 2014 +0200

Fix selfetet environment user gid

The real invoking user's gid should be in the /etc/group file or it may
cause spurious error messages.

Signed-off-by: Simo Sorce 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Tue May 13 15:33:21 CEST 2014 on sn-devel-104

---

Summary of changes:
 selftest/target/Samba4.pm |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 selftest/target/Samba4.pm


Changeset truncated at 500 lines:

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
old mode 100644
new mode 100755
index 86ee4fe..15fb5d2
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -511,6 +511,8 @@ sub provision_raw_prepare($$)
chomp $unix_name;
$ctx->{unix_name} = $unix_name;
$ctx->{unix_uid} = $>;
+   my @mygid = split(" ", $();
+   $ctx->{unix_gid} = $mygid[0];
$ctx->{unix_gids_str} = $);
@{$ctx->{unix_gids}} = split(" ", $ctx->{unix_gids_str});
 
@@ -688,6 +690,7 @@ wheel:x:10:
 users:x:100:
 nobody:x:65533:
 nogroup:x:65534:nobody
+$ctx->{unix_name}:x:$ctx->{unix_gid}:
 ";
close(GRP);
 my $gid_rfc2307test = 65532;


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2014-02-21 Thread Simo Sorce
The branch, master has been updated
   via  2b77b07 s3/libsmb: Free memdup'd local variable
   via  9a9e569 passdb: Patch memory leak in pdb_ldap.c
  from  293aac0 testprogs: Fix pkinit test with system ldb.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2b77b072862accc3fffddc964740917102898567
Author: Jose A. Rivera 
Date:   Thu Feb 20 09:14:59 2014 -0600

s3/libsmb: Free memdup'd local variable

secrets_fetch_machine_password() sets pwd to point to memdup()'d (and thus
malloc()'d) memory. This memory should be freed before we go out of scope.

Change-Id: I07e575819c309fa5b85627dce2eb969bc720ce4e
Coverity-Id: 1168001
Reviewed-by: Ira Cooper 
Signed-off-by: Jose A. Rivera 
    Reviewed-by: Simo Sorce 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Sat Feb 22 00:58:23 CET 2014 on sn-devel-104

commit 9a9e56943d186e5a8655b5d731a339e453da8ae8
Author: Jose A. Rivera 
Date:   Tue Feb 18 07:35:37 2014 -0600

passdb: Patch memory leak in pdb_ldap.c

Moved the call to the talloc autofree function to as early a point as
possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's
a chance that the init will fail after having already allocated memory for
&mods.

Coverity-Id: 1167997
Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64
Reviewed-by: Ira Cooper 
Signed-off-by: Jose A. Rivera 
Reviewed-by: Simo Sorce 

---

Summary of changes:
 source3/libsmb/trusts_util.c |1 +
 source3/passdb/pdb_ldap.c|   10 ++
 2 files changed, 7 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index b38aec6..bb2e977 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -118,6 +118,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context 
*context,
TALLOC_FREE(frame);
return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
}
+   free(pwd);
break;
case SEC_CHAN_DOMAIN:
if (!pdb_get_trusteddom_pw(domain, &pwd, &sid, 
&pass_last_set_time)) {
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6be5fb6..cea8627 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5168,6 +5168,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods 
*my_methods,
uint32_t num_result;
bool is_machine = False;
bool add_posix = False;
+   bool init_okay = False;
LDAPMod **mods = NULL;
struct samu *user;
char *filter;
@@ -5285,7 +5286,10 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods 
*my_methods,
return NT_STATUS_UNSUCCESSFUL;
}
 
-   if (!init_ldap_from_sam(ldap_state, entry, &mods, user, 
pdb_element_is_set_or_changed)) {
+   init_okay = init_ldap_from_sam(ldap_state, entry, &mods, user, 
pdb_element_is_set_or_changed);
+   smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
+
+   if (!init_okay) {
DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -5371,9 +5375,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods 
*my_methods,
smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
}
 
-   smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
-
-   if (add_posix) {
+   if (add_posix) {
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
} else {
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2013-12-16 Thread Simo
On Mon, 2013-12-16 at 13:05 -0800, Jeremy Allison wrote:
> On Mon, Dec 16, 2013 at 03:56:16PM -0500, Simo wrote:
> > On Mon, 2013-12-16 at 10:34 -0800, Jeremy Allison wrote:
> > > On Sat, Dec 14, 2013 at 01:20:04PM +0100, Stefan Metzmacher wrote:
> > > > 
> > > > commit 5baa7402ba8eebd9b2ddc6b259ae9bb2852b4bb1
> > > > Author: Volker Lendecke 
> > > > Date:   Fri Dec 6 14:34:05 2013 +
> > > > 
> > > > smbd: Implement and use full_path_tos
> > > > 
> > > > Yes, this looks like a hack, but talloc_asprintf does show up high 
> > > > in
> > > > profiles called from these routines
> > > > 
> > > > Signed-off-by: Volker Lendecke 
> > > > Reviewed-by: Stefan Metzmacher 
> > > 
> > > Hahaha ! Coming this summer to a cinema near you :
> > > 
> > > "Samba 4 - Revenge of the pstrings" :-) :-).
> > 
> > Uhm, given this string is never passed anywhere and you want to use the
> > stack, why didn't you simply use alloca() + snprintf() ?
> > 
> > That would seem a lot simpler and as effective to me, am I missing
> > something ?
> 
> I don't think alloca is as portable as the code
> Volker wrote.

I see.

Simo.



Re: [SCM] Samba Shared Repository - branch master updated

2013-12-16 Thread Simo
On Mon, 2013-12-16 at 10:34 -0800, Jeremy Allison wrote:
> On Sat, Dec 14, 2013 at 01:20:04PM +0100, Stefan Metzmacher wrote:
> > 
> > commit 5baa7402ba8eebd9b2ddc6b259ae9bb2852b4bb1
> > Author: Volker Lendecke 
> > Date:   Fri Dec 6 14:34:05 2013 +
> > 
> > smbd: Implement and use full_path_tos
> > 
> > Yes, this looks like a hack, but talloc_asprintf does show up high in
> > profiles called from these routines
> > 
> > Signed-off-by: Volker Lendecke 
> > Reviewed-by: Stefan Metzmacher 
> 
> Hahaha ! Coming this summer to a cinema near you :
> 
> "Samba 4 - Revenge of the pstrings" :-) :-).

Uhm, given this string is never passed anywhere and you want to use the
stack, why didn't you simply use alloca() + snprintf() ?

That would seem a lot simpler and as effective to me, am I missing
something ?

Simo.



[SCM] Samba Shared Repository - branch master updated

2013-12-03 Thread Simo Sorce
The branch, master has been updated
   via  4b637c3 ldb: use of NULL pointer bugfix
  from  bdb818d s4-rpc: dnsserver: Ignore duplicate dns zones from multiple 
locations

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4b637c367fdda832e95208f49e8893b0a0cac4b4
Author: Pavel Reichl 
Date:   Tue Dec 3 14:37:20 2013 +

ldb: use of NULL pointer bugfix

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Tue Dec  3 21:13:53 CET 2013 on sn-devel-104

---

Summary of changes:
 lib/ldb/common/ldb.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 3dc6d87..d2b873f 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -572,8 +572,8 @@ int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type 
type)
struct tevent_context *ev;
int ret;
 
-   if (!handle) {
-   return ldb_error(handle->ldb, LDB_ERR_UNAVAILABLE, NULL);
+   if (handle == NULL) {
+   return LDB_ERR_UNAVAILABLE;
}
 
if (handle->state == LDB_ASYNC_DONE) {


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2013-08-23 Thread Simo Sorce
The branch, master has been updated
   via  9423d5a Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ 
pam_winbind.so / winbind
  from  3ddb77f torture: Split the fsinfo check into a separate test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9423d5afb71e272298f4858d82f436e19ee2b07f
Author: Jeremy Allison 
Date:   Fri Aug 2 15:03:39 2013 -0700

Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / 
winbind

Don't use talloc_tos() in something that can be linked to in pam_winbindd.so

Signed-off-by: Jeremy Allison 
Reviewed-by: Simo Sorce 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104

---

Summary of changes:
 source3/lib/util.c |6 --
 1 files changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/util.c b/source3/lib/util.c
index bf6c8c5..5168092 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1462,10 +1462,12 @@ char *myhostname(void)
 
 char *myhostname_upper(void)
 {
-   char *name;
static char *ret;
if (ret == NULL) {
-   name = get_myname(talloc_tos());
+   char *name = get_myname(NULL);
+   if (name == NULL) {
+   return NULL;
+   }
ret = strupper_talloc(NULL, name);
talloc_free(name);
}


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2013-08-16 Thread Simo Sorce
The branch, master has been updated
   via  c8c84b4 vfs_glusterfs: Implement proper mashalling/unmarshalling of 
ACLs
  from  91b0ff7 smbd: Do not wait unnecessarily

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit c8c84b47be6721626dc9a111b186d2b8f658409e
Author: Anand Avati 
Date:   Sun Aug 11 15:59:29 2013 -0400

vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs

Use the primitives available in Samba byteorder.h for implementing
proper (un)marshalling of ACL xattrs.
- Incorporated Raghavendra Talur's comments on v3

Signed-off-by: Anand Avati 
Signed-off-by: Raghavendra Talur 
Reviewed-by: Jeremy Allison 
Reviewed-by: Christopher R. Hertel 
Tested-by: Jose A. Rivera 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri Aug 16 20:34:51 CEST 2013 on sn-devel-104

---

Summary of changes:
 source3/modules/vfs_glusterfs.c |  153 ---
 1 files changed, 111 insertions(+), 42 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index af8d5b7..eac1b24 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -992,13 +992,36 @@ static int vfs_gluster_set_offline(struct 
vfs_handle_struct *handle,
return -1;
 }
 
-/* Posix ACL Operations */
+/*
+  Gluster ACL Format:
+
+  Size = 4 (header) + N * 8 (entry)
+
+  Offset  SizeField (Little Endian)
+  -
+  0-3 4-byte  Version
+
+  4-5 2-byte  Entry-1 tag
+  6-7 2-byte  Entry-1 perm
+  8-114-byte  Entry-1 id
+
+  12-13   2-byte  Entry-2 tag
+  14-15   2-byte  Entry-2 perm
+  16-19   4-byte  Entry-2 id
 
+  ...
+
+ */
+
+/* header version */
 #define GLUSTER_ACL_VERSION 2
+
+/* perm bits */
 #define GLUSTER_ACL_READ0x04
 #define GLUSTER_ACL_WRITE   0x02
 #define GLUSTER_ACL_EXECUTE 0x01
 
+/* tag values */
 #define GLUSTER_ACL_UNDEFINED_TAG  0x00
 #define GLUSTER_ACL_USER_OBJ   0x01
 #define GLUSTER_ACL_USER   0x02
@@ -1009,58 +1032,49 @@ static int vfs_gluster_set_offline(struct 
vfs_handle_struct *handle,
 
 #define GLUSTER_ACL_UNDEFINED_ID  (-1)
 
-struct gluster_ace {
-   uint16_t tag;
-   uint16_t perm;
-   uint32_t id;
-};
-
-struct gluster_acl_header {
-   uint32_t version;
-   struct gluster_ace entries[];
-};
+#define GLUSTER_ACL_HEADER_SIZE4
+#define GLUSTER_ACL_ENTRY_SIZE 8
 
 static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size,
TALLOC_CTX *mem_ctx)
 {
int count;
size_t size;
-   struct gluster_ace *ace;
struct smb_acl_entry *smb_ace;
-   struct gluster_acl_header *hdr;
struct smb_acl_t *result;
int i;
+   int offset;
uint16_t tag;
uint16_t perm;
uint32_t id;
 
size = xattr_size;
 
-   if (size < sizeof(*hdr)) {
-   /* ACL should be at least as big as the header */
+   if (size < GLUSTER_ACL_HEADER_SIZE) {
+   /* ACL should be at least as big as the header (4 bytes) */
errno = EINVAL;
return NULL;
}
 
-   size -= sizeof(*hdr);
+   size -= GLUSTER_ACL_HEADER_SIZE; /* size of header = 4 bytes */
 
-   if (size % sizeof(*ace)) {
+   if (size % GLUSTER_ACL_ENTRY_SIZE) {
/* Size of entries must strictly be a multiple of
-  size of an ACE
+  size of an ACE (8 bytes)
*/
errno = EINVAL;
return NULL;
}
 
-   count = size / sizeof(*ace);
+   count = size / GLUSTER_ACL_ENTRY_SIZE;
 
-   hdr = (void *)buf;
-
-   if (ntohl(hdr->version) != GLUSTER_ACL_VERSION) {
+   /* Version is the first 4 bytes of the ACL */
+   if (IVAL(buf, 0) != GLUSTER_ACL_VERSION) {
DEBUG(0, ("Unknown gluster ACL version: %d\n",
- ntohl(hdr->version)));
+ IVAL(buf, 0)));
return NULL;
}
+   offset = GLUSTER_ACL_HEADER_SIZE;
 
result = sys_acl_init(mem_ctx);
if (!result) {
@@ -1078,10 +1092,19 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, 
size_t xattr_size,
result->count = count;
 
smb_ace = result->acl;
-   ace = hdr->entries;
 
for (i = 0; i < count; i++) {
-   tag = ntohs(ace->tag);
+   /* TAG is the first 2 bytes of an entry */
+   tag = SVAL(buf, offset);
+   offset += 2;
+
+   /* PERM is the next 2 bytes of an entry */
+   perm = SVAL(buf, offset);
+   offset += 2;
+
+  

[SCM] Samba Shared Repository - branch master updated

2013-07-10 Thread Simo Sorce
The branch, master has been updated
   via  1573638 Fix typos in man-pages
  from  e6a58d3 s4:rpc_server: make sure we don't terminate a connection 
with pending requests (bug #9820)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1573638212a9733a44939a4d38a226f38dca36f1
Author: Michele Baldessari 
Date:   Tue Jul 9 23:23:33 2013 +0200

Fix typos in man-pages

Fix some typos in the man-pages.

Signed-off-by: Michele Baldessari 
Reviewed-by: Simo Sorce 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104

---

Summary of changes:
 docs-xml/manpages/dbwrap_tool.1.xml  |2 +-
 docs-xml/manpages/idmap_autorid.8.xml|2 +-
 docs-xml/manpages/net.8.xml  |2 +-
 docs-xml/manpages/pdbedit.8.xml  |2 +-
 docs-xml/manpages/samba.7.xml|2 +-
 docs-xml/manpages/smbclient.1.xml|2 +-
 docs-xml/manpages/smbpasswd.5.xml|2 +-
 docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml |2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/dbwrap_tool.1.xml 
b/docs-xml/manpages/dbwrap_tool.1.xml
index e2b2cee..a1a2f97 100644
--- a/docs-xml/manpages/dbwrap_tool.1.xml
+++ b/docs-xml/manpages/dbwrap_tool.1.xml
@@ -49,7 +49,7 @@
fetch: fetch a record
store: create or modify a 
record
delete: remove a record
-   exists: test for existance of a 
record
+   exists: test for existence of a 
record
erase: remove all records
listkeys: list all available 
records
listwatchers: list processes, which are waiting 
for changes in a record
diff --git a/docs-xml/manpages/idmap_autorid.8.xml 
b/docs-xml/manpages/idmap_autorid.8.xml
index c35f903..7446d53 100644
--- a/docs-xml/manpages/idmap_autorid.8.xml
+++ b/docs-xml/manpages/idmap_autorid.8.xml
@@ -109,7 +109,7 @@
EXAMPLES

This example shows you the minimal configuration that will
-   work for the principial domain and 19 trusted domains / range
+   work for the principal domain and 19 trusted domains / range
extensions.

 
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index dd5b3ab..0df2e07 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1671,7 +1671,7 @@ shares created by other users.
 
 Starting with version 3.2.0, a Samba server can be configured by data
 stored in registry. This configuration data can be edited with the new "net
-conf" commands. There is also the possiblity to configure a remote Samba server
+conf" commands. There is also the possibility to configure a remote Samba 
server
 by enabling the RPC conf mode and specifying the the address of the remote 
server.
 
 
diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml
index 4bb3751..c5d6b23 100644
--- a/docs-xml/manpages/pdbedit.8.xml
+++ b/docs-xml/manpages/pdbedit.8.xml
@@ -289,7 +289,7 @@ retype new password
 
 
 
-   pdbedit does not call the unix password 
syncronisation 
+   pdbedit does not call the unix password 
synchronization 
script if 
has been set. It only updates the data in the 
Samba 
user database. 
diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml
index 9299660..cedb4e4 100644
--- a/docs-xml/manpages/samba.7.xml
+++ b/docs-xml/manpages/samba.7.xml
@@ -91,7 +91,7 @@
8
The samba-tool
is the main Samba Administration tool regarding
-   Acitive Directory services.
+   Active Directory services.


 
diff --git a/docs-xml/manpages/smbclient.1.xml 
b/docs-xml/manpages/smbclient.1.xml
index 328fd50..b222c56 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -564,7 +564,7 @@
sent to the server on directory listings and file opens. If
the "backup intent" flag is true, the server will try and
bypass some file system checks if the user has been granted
-   SE_BACKUP or SE_RESTORE privilages. This state is useful when
+   SE_BACKUP or SE_RESTORE privileges. This state is useful when
performing a backup or restore operation.


diff --git a/docs-xml/manpages/smbpasswd.5.xml 
b/docs-xml/manpages/smbpasswd.5.xml
index fc512b8..986dedb 100644
--- a/docs-xml/manpages/

[SCM] Samba Shared Repository - branch master updated

2013-07-05 Thread Simo Sorce
The branch, master has been updated
   via  cf87f85 time: prefer CLOCK_BOOTTIME for clock_gettime_mono()
   via  e3c2dd1 time: don't try to use the coarse clock
  from  2bdaf53 VERSION: change to 4.2.0pre1

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit cf87f8587415df2119995e82ccf51bb64e44115b
Author: Björn Jacke 
Date:   Wed Jul 3 18:57:57 2013 +0200

time: prefer CLOCK_BOOTTIME for clock_gettime_mono()

this clock moves on while the machine was suspended. This is what we prefer
actually.

Signed-off-by: Björn Jacke 
Reviewed-by: Simo Sorce 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri Jul  5 16:47:34 CEST 2013 on sn-devel-104

commit e3c2dd13d4519d89fc78fd36a9ee4552f0f241ac
Author: Björn Jacke 
Date:   Wed Jul 3 18:51:14 2013 +0200

time: don't try to use the coarse clock

as we prefer to use the suspend aware CLOCK_BOOTTIME as monotonic clock 
source
we cannot deal with the mono coarse clock any more. Actually I never saw a 
real
performance gain with it.

Signed-off-by: Björn Jacke 
Reviewed-by: Simo Sorce 

---

Summary of changes:
 lib/util/time.c |   25 ++---
 1 files changed, 14 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/time.c b/lib/util/time.c
index 56b2ec5..05251dd 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -62,26 +62,29 @@ a wrapper to preferably get the monotonic time
 **/
 _PUBLIC_ void clock_gettime_mono(struct timespec *tp)
 {
-   if (clock_gettime(CUSTOM_CLOCK_MONOTONIC,tp) != 0) {
-   clock_gettime(CLOCK_REALTIME,tp);
+/* prefer a suspend aware monotonic CLOCK_BOOTTIME: */
+#ifdef CLOCK_BOOTTIME
+   if (clock_gettime(CLOCK_BOOTTIME,tp) == 0) {
+   return;
+   }
+#endif
+/* then try the  monotonic clock: */
+#if CUSTOM_CLOCK_MONOTONIC != CLOCK_REALTIME
+   if (clock_gettime(CUSTOM_CLOCK_MONOTONIC,tp) == 0) {
+   return;
}
+#endif
+   clock_gettime(CLOCK_REALTIME,tp);
 }
 
 /**
 a wrapper to preferably get the monotonic time in seconds
-as this is only second resolution we can use the cached
-(and much faster) COARSE clock variant
 **/
 _PUBLIC_ time_t time_mono(time_t *t)
 {
struct timespec tp;
-   int rc = -1;
-#ifdef CLOCK_MONOTONIC_COARSE
-   rc = clock_gettime(CLOCK_MONOTONIC_COARSE,&tp);
-#endif
-   if (rc != 0) {
-   clock_gettime_mono(&tp);
-   }
+
+   clock_gettime_mono(&tp);
if (t != NULL) {
*t = tp.tv_sec;
}


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2013-06-11 Thread Simo Sorce
The branch, master has been updated
   via  c0cbf59 Remove remaining references to "password level" in the tree
   via  3f73002 docs: Do not encourage unix passwords, and remove reference 
to password level
   via  26279a9 auth: Remove "password level"
  from  3fba9ba dsdb: reset schema->{classes,attributes}_to_remove_size to 0

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit c0cbf5936f0385ab93315cc366a0aa16c0ebd237
Author: Andrew Bartlett 
Date:   Mon Jun 3 10:38:29 2013 +1000

Remove remaining references to "password level" in the tree

Reviewed-by: Simo Sorce 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104

commit 3f73002f2d5f8a27820e09b024f561fda1560184
Author: Andrew Bartlett 
Date:   Mon Jun 3 10:27:41 2013 +1000

docs: Do not encourage unix passwords, and remove reference to password 
level

Reviewed-by: Simo Sorce 

commit 26279a969879bfbd943dfda03c511ed7e14057ba
Author: Andrew Bartlett 
Date:   Mon Jun 3 10:02:39 2013 +1000

auth: Remove "password level"

We now only lowercase the password, we do not attempt to find another case
combination that the password might be in.

This option is already depricated, so it is now time to remove it.

    Andrew Bartlett

Reviewed-by: Simo Sorce 

---

Summary of changes:
 docs-xml/Samba3-Developers-Guide/unix-smb.xml  |   13 ++--
 docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml|2 +-
 docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml   |7 +--
 docs-xml/smbdotconf/security/passwordlevel.xml |   48 --
 docs-xml/using_samba/appc.xml  |   14 
 docs-xml/using_samba/ch06.xml  |   14 
 examples/dce-dfs/smb.conf  |1 -
 examples/scripts/shares/python/smbparm.py  |1 -
 examples/tridge/smb.conf   |1 -
 examples/tridge/smb.conf.fjall |1 -
 lib/param/loadparm.c   |1 -
 lib/param/param_functions.c|1 -
 lib/param/param_table.c|9 ---
 packaging/LSB/smb.conf |1 -
 python/samba/upgrade.py|1 -
 source3/auth/pass_check.c  |   79 
 source3/param/loadparm.c   |1 -
 17 files changed, 8 insertions(+), 187 deletions(-)
 delete mode 100644 docs-xml/smbdotconf/security/passwordlevel.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml 
b/docs-xml/Samba3-Developers-Guide/unix-smb.xml
index ae6bdcd..6964b7f 100644
--- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml
+++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml
@@ -112,7 +112,7 @@ shares.
 Passwords
 
 
-Many SMB clients uppercase passwords before sending them. I have no
+When plaintext passwords are used, very old SMB clients uppercase passwords 
before sending them. I have no
 idea why they do this. Interestingly WfWg uppercases the password only
 if the server is running a protocol greater than COREPLUS, so
 obviously it isn't just the data entry routines that are to blame.
@@ -123,12 +123,11 @@ Unix passwords are case sensitive. So if users use mixed 
case
 passwords they are in trouble.
 
 
-
-Samba can try to cope with this by either using the "password level"
-option which causes Samba to try the offered password with up to the
-specified number of case changes, or by using the "password server"
-option which allows Samba to do its validation via another machine
-(typically a WinNT server).
+Samba will try an additional all lower cased password
+authentication if it receives an all uppercase password. Samba used to
+support an option called "password level" that would try to crack
+password by trying all case permutations, but that option has been
+removed.
 
 
 
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml 
b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
index 5ea2db2..657cc97 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
@@ -446,7 +446,7 @@ If it says bad 
password, then the likely c
 

You have explicitly disabled encrypted passwords with
-   no have a 
mixed-case password and you haven't enabled the  option at a high enough level.
+   no have a 
mixed-case password.

 
 
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml 
b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
index f0c07d2..4d672c6 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
@@ -494,7 +494,6 @@ when using clear-text authenticat

Re: [SCM] Samba Website Repository - branch master updated

2013-05-27 Thread Simo

On 05/27/2013 04:26 AM, Andrew Bartlett wrote:

The branch, master has been updated
via  b06d18f docs: The russian translation site times out
   from  35e443c docs: Remove dead links

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit b06d18fc18bed2cc9996c01654a58a2fc9ead355
Author: Andrew Bartlett 
Date:   Mon May 27 18:26:41 2013 +1000

 docs: The russian translation site times out

---

Summary of changes:
  docs/index.html |1 -
  1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs/index.html b/docs/index.html
index f3cd1ff..3dd9889 100755
--- a/docs/index.html
+++ b/docs/index.html
@@ -53,7 +53,6 @@ earlier version of Samba then you may find some 
differences.
http://www.samba.gr.jp/project/translation/Samba3-HOWTO/
  ">Samba HOWTO Collection in Japanese
http://smb-conf.ru/";>Samba 3 smb.conf man page in 
Russian
-  http://samba-doc.ru/samba3example/index.html";>Samba 3 by Example in Russian 
(translation in progress)
  
  
  Contributing




Andrew, seem to be working fine here.
Have you contacted the maintainer before just yanking it ?
If not it would be polite to revert and contact the maintainer first.

Simo.



[SCM] Samba Shared Repository - branch master updated

2013-02-16 Thread Simo Sorce
The branch, master has been updated
   via  05235d5 tdb: Fix a typo
  from  10b96e3 Fix the maxfids test so that it does not fork lots of 
processes and so that it works for all cases of maxfids.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 05235d5b444558f6d06ef12ea7d74850800425cf
Author: Volker Lendecke 
Date:   Sat Feb 16 13:26:36 2013 +0100

tdb: Fix a typo

Signed-off-by: Volker Lendecke 

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Sat Feb 16 17:13:32 CET 2013 on sn-devel-104

---

Summary of changes:
 lib/tdb/common/open.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 08b9450..05d7cae 100644
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -215,7 +215,7 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, 
int hash_size, int td
goto fail;
}
 
-   /* now make a copy of the name, as the caller memory might went away */
+   /* now make a copy of the name, as the caller memory might go away */
if (!(tdb->name = (char *)strdup(name))) {
/*
 * set the name as the given string, so that tdb_name() will


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2012-10-30 Thread simo
On Tue, 2012-10-30 at 23:57 +0100, Andrew Bartlett wrote:
> commit cc6d0decc7980028293168aee267e7610752fc80
> Author: Andrew Bartlett 
> Date:   Tue Oct 30 10:21:42 2012 +1100
> 
> ldb: Change ltdb_unpack_data to take an ldb_context
> 
> It always de-references the module to find the ldb anyway.
> 
> Andrew Bartlett 

Andrew,
why are you messing over with these interface conventions ?

I see no rationale for this change, can you please revert and learn a
bit about consistent and predictable interfaces ?

Thanks.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2012-10-05 Thread Simo Sorce
The branch, master has been updated
   via  36ea39e talloc: Convert error cecking macros into fns
  from  7d7e33c Add tests for talloc_memlimit

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 36ea39edf8dd9ede756debaf9632f3ded2a51abb
Author: Simo Sorce 
Date:   Fri Oct 5 10:32:32 2012 -0400

talloc: Convert error cecking macros into fns

This will avoid 'surprise returns' and makes the code cleare to readers.
These macros were complex enough to warrant a full function anyway not
just for readability but also for debuggability.

Thanks David for pointing out this issue.

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri Oct  5 23:24:17 CEST 2012 on sn-devel-104

---

Summary of changes:
 lib/talloc/talloc.c |  111 ++-
 1 files changed, 74 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index afc44b3..3e33fc0 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -222,37 +222,6 @@ static struct {
TC_UNDEFINE_GROW_VALGRIND_CHUNK(_tc, _new_size); \
 } while (0)
 
-#define TALLOC_MEMLIMIT_CHECK(limit, size) do { \
-   struct talloc_memlimit *l; \
-   for (l = limit; l != NULL; l = l->upper) { \
-   if (l->max_size != 0 && \
-   ((l->max_size <= l->cur_size) || \
-(l->max_size - l->cur_size < TC_HDR_SIZE+size))) { \
-   errno = ENOMEM; \
-   return NULL; \
-   } \
-   } \
-} while(0)
-
-#define TALLOC_MEMLIMIT_UPDATE(limit, o_size, n_size) do { \
-   struct talloc_memlimit *l; \
-   ssize_t d; \
-   if (o_size == 0) { \
-   d = n_size + TC_HDR_SIZE; \
-   } else { \
-   d = n_size - o_size; \
-   } \
-   for (l = limit; l != NULL; l = l->upper) { \
-   ssize_t new_size = l->cur_size + d; \
-   if (new_size < 0) { \
-   talloc_abort("cur_size memlimit counter not correct!"); 
\
-   errno = EINVAL; \
-   return NULL; \
-   } \
-   l->cur_size = new_size; \
-   } \
-} while(0)
-
 struct talloc_reference_handle {
struct talloc_reference_handle *next, *prev;
void *ptr;
@@ -266,6 +235,10 @@ struct talloc_memlimit {
size_t cur_size;
 };
 
+static bool talloc_memlimit_check(struct talloc_memlimit *limit, size_t size);
+static bool talloc_memlimit_update(struct talloc_memlimit *limit,
+  size_t old_size, size_t new_size);
+
 typedef int (*talloc_destructor_t)(void *);
 
 struct talloc_chunk {
@@ -608,7 +581,10 @@ static inline void *__talloc(const void *context, size_t 
size)
limit = ptc->limit;
}
 
-   TALLOC_MEMLIMIT_CHECK(limit, (TC_HDR_SIZE+size));
+   if (!talloc_memlimit_check(limit, (TC_HDR_SIZE+size))) {
+   errno = ENOMEM;
+   return NULL;
+   }
 
tc = talloc_alloc_pool(ptc, TC_HDR_SIZE+size);
}
@@ -996,7 +972,11 @@ static void *_talloc_steal_internal(const void *new_ctx, 
const void *ptr)
 
ctx_size = _talloc_total_limit_size(ptr, NULL, NULL);
 
-   TALLOC_MEMLIMIT_UPDATE(tc->limit->upper, ctx_size, 0);
+   if (!talloc_memlimit_update(tc->limit->upper, ctx_size, 0)) {
+   talloc_abort("cur_size memlimit counter not correct!");
+   errno = EINVAL;
+   return NULL;
+   }
 
if (tc->limit->parent == tc) {
tc->limit->upper = NULL;
@@ -1531,7 +1511,10 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void 
*ptr, size_t size, cons
}
 
if (tc->limit && (size - tc->size > 0)) {
-   TALLOC_MEMLIMIT_CHECK(tc->limit, (size - tc->size));
+   if (!talloc_memlimit_check(tc->limit, (size - tc->size))) {
+   errno = ENOMEM;
+   return NULL;
+   }
}
 
/* handle realloc inside a talloc_pool */
@@ -1649,7 +1632,14 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void 
*ptr, size_t size, cons
if (new_chunk_size == old_chunk_size) {
TC_UNDEFINE_GROW_CHUNK(tc, size);
tc->flags &= ~TALLOC_FLAG_FREE;
-   TALLOC_MEMLIMIT_UPDATE(tc->limit, tc->size, size);
+   if (!talloc_memlimit_update(tc->limit,
+   

[SCM] Samba Shared Repository - branch master updated

2012-10-04 Thread Simo Sorce
The branch, master has been updated
   via  7d7e33c Add tests for talloc_memlimit
   via  a33a78c Add memory limiting capability to talloc
  from  7859490 Ensure the masks don't conflict with the ACL checks.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7d7e33c624875a9694fcebdde942147ac3bf5f74
Author: Simo Sorce 
Date:   Sat Sep 22 16:35:21 2012 -0400

Add tests for talloc_memlimit

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri Oct  5 07:36:38 CEST 2012 on sn-devel-104

commit a33a78c302fde61fdb7a6e71669f19be2cf5c836
Author: Simo Sorce 
Date:   Sat Sep 22 16:15:47 2012 -0400

Add memory limiting capability to talloc

By calling talloc_set_memlimit() we can now set a max memory limit
for a whole talloc hierarchy.
ANy attempt to allocate memory beyond the max allowed for the whole
hierarchy wil cause an allocation failure.

Stealing memory correctly accounts for used memory in the old and the new
hierarchy but exceeding the memory limit in the new parent will not cause
a failure.

---

Summary of changes:
 ...oc-util-2.0.6.sigs => pytalloc-util-2.0.8.sigs} |0
 .../ABI/{talloc-2.0.3.sigs => talloc-2.0.8.sigs}   |1 +
 lib/talloc/talloc.c|  277 +---
 lib/talloc/talloc.h|   19 ++
 lib/talloc/testsuite.c |  172 
 lib/talloc/wscript |2 +-
 6 files changed, 431 insertions(+), 40 deletions(-)
 copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs => pytalloc-util-2.0.8.sigs} 
(100%)
 copy lib/talloc/ABI/{talloc-2.0.3.sigs => talloc-2.0.8.sigs} (98%)


Changeset truncated at 500 lines:

diff --git a/lib/talloc/ABI/pytalloc-util-2.0.6.sigs 
b/lib/talloc/ABI/pytalloc-util-2.0.8.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util-2.0.6.sigs
copy to lib/talloc/ABI/pytalloc-util-2.0.8.sigs
diff --git a/lib/talloc/ABI/talloc-2.0.3.sigs b/lib/talloc/ABI/talloc-2.0.8.sigs
similarity index 98%
copy from lib/talloc/ABI/talloc-2.0.3.sigs
copy to lib/talloc/ABI/talloc-2.0.8.sigs
index 6e236d5..15a9e95 100644
--- a/lib/talloc/ABI/talloc-2.0.3.sigs
+++ b/lib/talloc/ABI/talloc-2.0.8.sigs
@@ -43,6 +43,7 @@ talloc_report_full: void (const void *, FILE *)
 talloc_set_abort_fn: void (void (*)(const char *))
 talloc_set_log_fn: void (void (*)(const char *))
 talloc_set_log_stderr: void (void)
+talloc_set_memlimit: int (const void *, size_t)
 talloc_set_name: const char *(const void *, const char *, ...)
 talloc_set_name_const: void (const void *, const char *)
 talloc_show_parents: void (const void *, FILE *)
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 18ee548..afc44b3 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -71,6 +71,7 @@
 #define TALLOC_FLAG_LOOP 0x02
 #define TALLOC_FLAG_POOL 0x04  /* This is a talloc pool */
 #define TALLOC_FLAG_POOLMEM 0x08   /* This is allocated in a pool */
+
 #define TALLOC_MAGIC_REFERENCE ((const char *)1)
 
 /* by default we abort when given a bad pointer (such as when talloc_free() is 
called 
@@ -221,12 +222,50 @@ static struct {
TC_UNDEFINE_GROW_VALGRIND_CHUNK(_tc, _new_size); \
 } while (0)
 
+#define TALLOC_MEMLIMIT_CHECK(limit, size) do { \
+   struct talloc_memlimit *l; \
+   for (l = limit; l != NULL; l = l->upper) { \
+   if (l->max_size != 0 && \
+   ((l->max_size <= l->cur_size) || \
+(l->max_size - l->cur_size < TC_HDR_SIZE+size))) { \
+   errno = ENOMEM; \
+   return NULL; \
+   } \
+   } \
+} while(0)
+
+#define TALLOC_MEMLIMIT_UPDATE(limit, o_size, n_size) do { \
+   struct talloc_memlimit *l; \
+   ssize_t d; \
+   if (o_size == 0) { \
+   d = n_size + TC_HDR_SIZE; \
+   } else { \
+   d = n_size - o_size; \
+   } \
+   for (l = limit; l != NULL; l = l->upper) { \
+   ssize_t new_size = l->cur_size + d; \
+   if (new_size < 0) { \
+   talloc_abort("cur_size memlimit counter not correct!"); 
\
+   errno = EINVAL; \
+   return NULL; \
+   } \
+   l->cur_size = new_size; \
+   } \
+} while(0)
+
 struct talloc_reference_handle {
struct talloc_reference_handle *next, *prev;
void *ptr;
const char *location;
 };
 
+struct talloc_memlimit {
+   struct talloc_chunk *parent;
+   struct talloc_memlimit *upper;
+   size_t max_size;
+   size_t cur_size;
+};
+
 typedef int (*talloc_destructor_t)(void *);
 
 struct talloc_chunk {
@@ -239,6 +278,15 @@ struct talloc_

[SCM] Samba Shared Repository - branch master updated

2012-09-27 Thread Simo Sorce
The branch, master has been updated
   via  a6be8a9 Support UPN_DNS_INFO in the PAC
  from  322e3d4 Fix bug #9209 - Parse of invalid SMB2 create blob can cause 
smbd crash.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a6be8a97f705247c1b1cbb0595887d8924740a71
Author: Simo Sorce 
Date:   Thu Sep 27 14:12:06 2012 -0400

Support UPN_DNS_INFO in the PAC

Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC

Autobuild-User(master): Simo Sorce 
Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on sn-devel-104

---

Summary of changes:
 librpc/idl/krb5pac.idl |   16 +---
 1 files changed, 9 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 8a6540c..0fce16b 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -37,18 +37,20 @@ interface krb5pac
[size_is(num_transited_services)] lsa_String 
*transited_services;
} PAC_CONSTRAINED_DELEGATION;
 
+   typedef [public,bitmap32bit] bitmap {
+   UDI_ACCT_HAS_NO_UPN = 0x0001 /* 1= User account has no 
UPN */
+   } upn_dns_info_flags;
+
typedef struct {
[value(2*strlen_m(upn_name))] uint16 upn_size;
uint16 upn_offset;
[value(2*strlen_m(domain_name))] uint16 domain_size;
uint16 domain_offset;
-   uint16 unknown3; /* 0x01 */
-   uint16 unknown4;
-   uint32 unknown5;
+   upn_dns_info_flags flags;
+   uint32 padding;
[charset(UTF16)] uint8 upn_name[upn_size+2];
[charset(UTF16)] uint8 domain_name[domain_size+2];
-   uint32 unknown6; /* padding */
-   } PAC_UNKNOWN_12;
+   } PAC_UPN_DNS_INFO;
 
typedef [public] struct {
PAC_LOGON_INFO *info;
@@ -64,7 +66,7 @@ interface krb5pac
PAC_TYPE_KDC_CHECKSUM = 7,
PAC_TYPE_LOGON_NAME = 10,
PAC_TYPE_CONSTRAINED_DELEGATION = 11,
-   PAC_TYPE_UNKNOWN_12 = 12
+   PAC_TYPE_UPN_DNS_INFO = 12
} PAC_TYPE;
 
typedef struct {
@@ -78,12 +80,12 @@ interface krb5pac
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
[case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFC01)]
PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
+   [case(PAC_TYPE_UPN_DNS_INFO)]   PAC_UPN_DNS_INFO upn_dns_info;
/* when new PAC info types are added they are supposed to be 
done
   in such a way that they are backwards compatible with 
existing
   servers. This makes it safe to just use a [default] for
   unknown types, which lets us ignore the data */
[default]   [subcontext(0)] DATA_BLOB_REM unknown;
-   /* [case(PAC_TYPE_UNKNOWN_12)]  PAC_UNKNOWN_12 unknown; */
} PAC_INFO;
 
typedef [public,nopush,nopull,noprint] struct {


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2012-08-09 Thread simo
_ldb(self, ldb_conn):
> -dsdb._dsdb_set_schema_from_ldb(self, ldb_conn)
> +def set_schema_from_ldb(self, ldb_conn, write_attributes=True):
> +dsdb._dsdb_set_schema_from_ldb(self, ldb_conn, write_attributes)
>  
>  def dsdb_DsReplicaAttribute(self, ldb, ldap_display_name, ldif_elements):
>  '''convert a list of attribute values to a DRSUAPI 
> DsReplicaAttribute'''
> 
> 

This code would be clearer if you called the variable write_index,
rather then write_attributes

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



Re: [SCM] Samba Shared Repository - branch master updated

2012-06-16 Thread simo
On Sat, 2012-06-16 at 10:14 +0200, Andrew Bartlett wrote: 
> The branch, master has been updated
>via  4edd8b8 s3-auth: Remove auth_netlogond
>via  9c715da s3-passdb: Remove pdb_ads

Andrew,
I would like you to revert these two commits ASAP.

Simo.

> via  d949736 s4-classicupgrade: Also ask testparm for 'smb passwd file'
>via  a0a2f79 WHATSNEW: Bump the version and announce the s3fs default
>via  d9f7195 s4-classicupgrade: Use "samba classic" description for 
> samba3 NT4-like domains in samba3upgrade
>via  39766b7 s4-lib/param: FLAG DAY for the default FILE SERVER
>via  b58dc18 s4-s3upgrade: Assert that administrator has a SID of 
> -500, and only skip root if it is -500
>via  61f7f01 s4-s3upgrade: Add my wins.dat and fix the parsing error
>via  d0b60f0 s4-s3upgrade: improve idmap import to use posixAccount 
> and posixGroup entries
>via  3c65bac s4-idmap: Add mapping using uidNumber and gidNumber like 
> idmap_ad
>   from  bbb7cbf Same fix as bug 8989 - Samba 3.5.x (and probably all 
> other versions of Samba) does not send correct responses to NT Transact 
> Secondary when no data and no params
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -
> commit 4edd8b891a90a89a84fbfa3636cc568d247b04b2
> Author: Andrew Bartlett 
> Date:   Sun Jun 3 10:56:46 2012 +1000
> 
> s3-auth: Remove auth_netlogond
> 
> auth_netlogond was an important module in the development of the
> combined Samba 4.0, and was the first module to link smbd with the AD
> authentication store, showing that it was possible for NTLM
> authentication to be offloaded to the AD server components.
> 
> We now have auth_samba4, which provides the full GENSEC stack to smbd,
> which also matches exactly the group membership and privileges
> assignment and which is supported and tested as part of the official
> Samba 4.0 release configuration.
> 
> Andrew Bartlett
> 
> Autobuild-User(master): Andrew Bartlett 
> Autobuild-Date(master): Sat Jun 16 10:13:20 CEST 2012 on sn-devel-104
> 
> commit 9c715da1cbc256b9ae9298618c92807592607c9b
> Author: Andrew Bartlett 
> Date:   Sun Jun 3 10:54:06 2012 +1000
> 
> s3-passdb: Remove pdb_ads
> 
> pdb_ads was an important module in the development of the combined Samba 
> 4.0, and
> was the first module to show that standard samba3 tools such as smbpasswd 
> can be
> made to operate on the sam.ldb.
> 
> We now have pdb_samba4, which operates directly on the sam.ldb, rather 
> than via
> ldapi://, which uses transactions and which is supported and tested as 
> part
> of the official Samba 4.0 release configuration.
> 
> This module is not as complete (for example, it does not honour the idmap
> configuration) and requires that the samba binary be running to operate.
> 
> Andrew Bartlett
> 
> commit d949736f8dc02eec180723a55f4604b7b3aa83d8
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 15:34:50 2012 +1000
> 
> s4-classicupgrade: Also ask testparm for 'smb passwd file'
> 
> commit a0a2f7999e20ab64dcbfca8299dbf0adfba0dea3
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 13:12:50 2012 +1000
> 
> WHATSNEW: Bump the version and announce the s3fs default
> 
> commit d9f7195a1f5a12d5dc8865aa5553b61a4f770e3d
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 13:06:44 2012 +1000
> 
> s4-classicupgrade: Use "samba classic" description for samba3 NT4-like 
> domains in samba3upgrade
> 
> commit 39766b75a40fbab73fc23dd947de44f8349ed466
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 12:54:12 2012 +1000
> 
> s4-lib/param: FLAG DAY for the default FILE SERVER
> 
> This commit changes the default file server to be s3fs.  Existing
> installs wishing to keep the ntvfs file server need to set this in
> their smb.conf:
> 
> server services = +smb -s3fs
> dcerpc endpoint services = +winreg +srvsvc
> 
> Andrew Bartlett
> 
> commit b58dc1826e69c61a30d38b05e7f451404670baef
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 14:19:42 2012 +1000
> 
> s4-s3upgrade: Assert that administrator has a SID of -500, and only skip 
> root if it is -500
> 
> Many upgraded installations have root as -1000, and so that account needs 
> to be kept.
> 
> Andrew Bartlett
> 
> commit 61f7f0155465b14612f7ac29a12c442ff25031b4
> Author: Andrew Bartlett 
> Date:   Sat Jun 16 13:58:06 2012 +1000
> 
> s4-s3

[SCM] Samba Shared Repository - branch master updated

2012-05-07 Thread Simo Sorce
The branch, master has been updated
   via  e8e5afd krb5samba: Add smb_krb5_make_pac_checksum.
   via  7f9e4d7 s4-auth: Use smb_krb5_make_pac_checksum.
   via  3ef95a0 krb5samba: Add krb5_free_checksum_contents wrapper
  from  470cfb3 lib/util: Map 0x7fffLL as 0x7fffLL 
in time conversion

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e8e5afd4d4038043f1125c5e2afc41e9e87ebfde
Author: Andreas Schneider 
Date:   Thu May 3 17:10:27 2012 +0200

krb5samba: Add smb_krb5_make_pac_checksum.

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue May  8 08:30:52 CEST 2012 on sn-devel-104

commit 7f9e4d70b9a2db7400791fbfef284dd63e79f078
Author: Andreas Schneider 
Date:   Thu May 3 17:10:53 2012 +0200

s4-auth: Use smb_krb5_make_pac_checksum.

Signed-off-by: Simo Sorce 

commit 3ef95a0b59fa2a9ec5d01398d702bd107f290422
Author: Simo Sorce 
Date:   Fri May 4 11:02:48 2012 -0400

krb5samba: Add krb5_free_checksum_contents wrapper

---

Summary of changes:
 lib/krb5_wrap/krb5_samba.c  |   83 +++
 lib/krb5_wrap/krb5_samba.h  |   14 +
 source3/configure.in|2 +
 source4/auth/kerberos/kerberos_pac.c|   78 +
 source4/heimdal_build/wscript_configure |2 +
 wscript_configure_krb5  |3 +-
 6 files changed, 127 insertions(+), 55 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index ddebdd8..16c6901 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2175,6 +2175,89 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context 
context,
 }
 #endif /* HAVE_KRB5_CC_GET_LIFETIME */
 
+#if !defined(HAVE_KRB5_FREE_CHECKSUM_CONTENTS) && defined(HAVE_FREE_CHECKSUM)
+void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum)
+{
+   free_Checksum(cksum);
+}
+#endif
+
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+  DATA_BLOB *pac_data,
+  krb5_context context,
+  const krb5_keyblock *keyblock,
+  uint32_t *sig_type,
+  DATA_BLOB *sig_blob)
+{
+   krb5_error_code ret;
+   krb5_checksum cksum;
+#if defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CREATE_CHECKSUM)
+   krb5_crypto crypto;
+
+
+   ret = krb5_crypto_init(context,
+  keyblock,
+  0,
+  &crypto);
+   if (ret) {
+   DEBUG(0,("krb5_crypto_init() failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+   return ret;
+   }
+   ret = krb5_create_checksum(context,
+  crypto,
+  KRB5_KU_OTHER_CKSUM,
+  0,
+  pac_data->data,
+  pac_data->length,
+  &cksum);
+   if (ret) {
+   DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+   }
+
+   krb5_crypto_destroy(context, crypto);
+
+   if (ret) {
+   return ret;
+   }
+
+   *sig_type = cksum.cksumtype;
+   *sig_blob = data_blob_talloc(mem_ctx,
+   cksum.checksum.data,
+   cksum.checksum.length);
+#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
+   krb5_data input;
+
+   input.data = (char *)pac_data->data;
+   input.length = pac_data->length;
+
+   ret = krb5_c_make_checksum(context,
+  0,
+  keyblock,
+  KRB5_KEYUSAGE_APP_DATA_CKSUM,
+  &input,
+  &cksum);
+   if (ret) {
+   DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+   return ret;
+   }
+
+   *sig_type = cksum.checksum_type;
+   *sig_blob = data_blob_talloc(mem_ctx,
+   cksum.contents,
+   cksum.length);
+
+#else
+#error krb5_create_checksum or krb5_c_make_checksum not available
+#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
+   smb_krb5_free_checksum_contents(context, &cksum);
+
+   return

[SCM] Samba Shared Repository - branch master updated

2012-05-04 Thread Simo Sorce
The branch, master has been updated
   via  d0e7770 waf: Fix com_err detection with MIT krb5.
   via  822e679 s4:auth/kerberos: don't do tracing in MIT build
   via  21d383d s4:torture: auth/pac.c: use Kerberos wrapper for 
krb5_keyblock_init
   via  4875a12 Avoid using Heimdal-specific tests in MIT build
   via  5668845 s4:ntvfs: add missing headers to vfs_ipc
   via  27549b4 Fix direct access to krb5_principal structure
   via  eb9e3e8 auth-session: MIT doesn't have import/export cred yet
   via  5832c61c s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
   via  4d77466 krb5samba: Add a smb_krb5_cc_get_lifetime() function.
   via  6bec64b s4-auth-krb: Make srv_keytab.c build against MIT Kerberos
   via  38c7d8e krb5samba: Add compat function for krb5_kt_compare
   via  548046f Fix incompatible assignment warning
   via  b776bc5 krb5samba: Add compat krb5_make_principal for MIT build
   via  205b032 Fix compiler warning
   via  cf7d15e s4-auth-krb: Use compat code to initialize keyblock contents
   via  93de8e4 krb5samba: Add compat code to initialize keyblock contents
   via  62f3be7 s4-auth-krb: Disable code in MIT build
   via  c2f6632 Move keytab_copy to krb5samba lib
   via  94b9af6 Fix keytab_copy to compile with MIT librariues too
   via  07953e1 keytab_copy: Fix style, whitespaces
   via  57dc8aa kerberos_pac: Fix code to work with MIT too
   via  a2de8a1 s4-auth-krb: smb_rd_req_return_stuff is used only in 
gensec_krb5
   via  3109a3d Split normal kinit from s4u2 flavored kinit
   via  29d284c Move kerberos_kinit_password_cc to krb5samba lib
   via  38a5a2c Move kerberos_kinit_keyblock_cc to krb5samba lib
   via  aa1a0d8 krb-init: define out heimdal specific stuff in mitkrb build
   via  9a585a3 s4-auth-krb: avoid useless condition
   via  afa6c31 krb5samba: Remove unnecessary include file
   via  b7b0903 Fix krb5_samba.c build
  from  eb6e22b s4:torture: add a check for talloc success in 
test_session_reauth

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d0e7770017a1322ad78b13f0840c54514ee1d9bd
Author: Andreas Schneider 
Date:   Thu May 3 11:28:50 2012 +0200

waf: Fix com_err detection with MIT krb5.

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Fri May  4 18:43:05 CEST 2012 on sn-devel-104

commit 822e6794f09ff2440972453adbac38d3efd1c54e
Author: Alexander Bokovoy 
Date:   Thu May 3 12:33:42 2012 +0300

s4:auth/kerberos: don't do tracing in MIT build

Signed-off-by: Simo Sorce 

commit 21d383d04f21755418c755139824cfe7234ff474
Author: Alexander Bokovoy 
Date:   Wed May 2 21:40:13 2012 +0300

s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init

Signed-off-by: Simo Sorce 

commit 4875a12ab840c413b6804050ca2ecd78db98
Author: Alexander Bokovoy 
Date:   Wed May 2 21:16:01 2012 +0300

Avoid using Heimdal-specific tests in MIT build

commit 566884553ccb9c99cc3b05bc6fc84bf5efa9fae2
Author: Alexander Bokovoy 
Date:   Wed May 2 20:59:00 2012 +0300

s4:ntvfs: add missing headers to vfs_ipc

vfs_ipc.c had system/kerberos.h and system/filesys.h missing

Signed-off-by: Simo Sorce 

commit 27549b4e31b47fab23af0bce6bf888e4148f88e9
Author: Simo Sorce 
Date:   Wed May 2 13:22:08 2012 -0400

Fix direct access to krb5_principal structure

commit eb9e3e8a54aa7d6b805d280fd5586f9d1a2a094a
Author: Simo Sorce 
Date:   Wed May 2 12:24:34 2012 -0400

auth-session: MIT doesn't have import/export cred yet

For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and 
this
code is used only in some proxy scenario. Not normally needed for common
configurations.

commit 5832c61c5f9905f91ae6a010f5c90c674cdace91
Author: Andreas Schneider 
Date:   Fri Apr 27 20:29:47 2012 +0200

s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
    
Signed-off-by: Simo Sorce 

commit 4d77466dafdb4def6681534e47c06aa07ccf6e17
Author: Andreas Schneider 
Date:   Fri Apr 27 16:52:26 2012 +0200

krb5samba: Add a smb_krb5_cc_get_lifetime() function.
    
Signed-off-by: Simo Sorce 

commit 6bec64b12a90ba81996ca6d049b56f168ef70bc0
Author: Simo Sorce 
Date:   Thu Apr 26 18:11:09 2012 -0400

s4-auth-krb: Make srv_keytab.c build against MIT Kerberos

commit 38c7d8e4fdf6facd37310aa848eb5b2459d4fbe7
Author: Simo Sorce 
Date:   Thu Apr 26 18:22:43 2012 -0400

krb5samba: Add compat function for krb5_kt_compare

commit 548046ff4df23f08e1f652136e7322623885d7ab
Author: Simo Sorce 
Date:   Thu Apr 26 17:56:38 2012 -0400

Fix incompatible assignment warning

commit b776bc5f72efac87244393a2bf1e5c9278bdaf15
Author: Simo Sorce 
Date:   Thu Apr 26 17:21:22 2012 -0400

krb5samba: Add compa

[SCM] Samba Shared Repository - branch master updated

2012-04-26 Thread Simo Sorce
The branch, master has been updated
   via  1fbc185 replace: Fix use of mktemp
   via  701fc99 addns: clean up headers
  from  05456ac s3: Remove an unused variable

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1fbc18572543ed3056057df6ec4990278726fbf4
Author: Simo Sorce 
Date:   Wed Apr 25 18:55:46 2012 -0400

replace: Fix use of mktemp

mktemp always returns the template, so checking for NULL doesn't cactch any
error. Errors are reported by turning the template into an empty string.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Apr 26 16:14:24 CEST 2012 on sn-devel-104

commit 701fc995b75e392e896edc0c4314d758f7a5bee6
Author: Simo Sorce 
Date:   Wed Apr 25 09:47:47 2012 -0400

addns: clean up headers

All this stuff is already included properly in the replace headers on top.

---

Summary of changes:
 lib/addns/dns.h   |   33 -
 lib/replace/replace.c |4 ++--
 2 files changed, 2 insertions(+), 35 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/addns/dns.h b/lib/addns/dns.h
index 88ba9d1..2e80577 100644
--- a/lib/addns/dns.h
+++ b/lib/addns/dns.h
@@ -38,47 +38,14 @@
 #endif
 #endif /* NO_CONFIG_H */
 
-#include 
-#include 
 #include 
 #include 
-#include 
-#include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
 
 #ifdef HAVE_UUID_UUID_H
 #include 
 #endif
 
-#ifdef HAVE_KRB5_H
-#include 
-#endif
-
-#ifdef HAVE_INTTYPES_H
-#include 
-
-#ifndef int16
-#define int16 int16_t
-#endif
-
-#ifndef uint16
-#define uint16 uint16_t
-#endif
-
-#ifndef int32
-#define int32 int32_t
-#endif
-
-#ifndef uint32
-#define uint32 uint32_t
-#endif
-#endif
-
 #include 
 
 /***
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index c076ba1..322bf49 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -412,8 +412,8 @@ int rep_mkstemp(char *template)
 {
/* have a reasonable go at emulating it. Hope that
   the system mktemp() isn't completely hopeless */
-   char *p = mktemp(template);
-   if (!p)
+   mktemp(template);
+   if (template[0] == 0)
return -1;
return open(p, O_CREAT|O_EXCL|O_RDWR, 0600);
 }


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2012-04-25 Thread simo
On Wed, 2012-04-25 at 11:44 +0200, Andrew Bartlett wrote:
> commit b8055132b1c62dd19981fea2822ab9e1829a8ded
> Author: Andrew Bartlett 
> Date:   Wed Apr 25 17:53:18 2012 +1000
> 
> s4-messaging: Use generate_random() to get a unique ID for
> messaging clients
> 
> The call to random() resulted in duplicate values for s3fs
> configurations
> which, due to the forked child, all started with the same random
> seed.
> 
> A future improvement would be to move to a proven unique value.
> 
> Andrew Bartlett
> 
> Autobuild-User: Andrew Bartlett 
> Autobuild-Date: Wed Apr 25 11:43:40 CEST 2012 on sn-devel-104


Andrew are you sure you need to use /dev/urandom here ? It doesn't look
like you need absolutelu unpredictable numbers here, just non-colliding
numbers.
You changed the code to draw from urandom, and if it is used often it
mean it will suck a lot of entropy out of the system, causing any
application that need to use /dev/random to halt.
Wouldn't it have been simpler to just run srand(time(NULL)*pid) to get a
new seed for the process ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2012-04-23 Thread Simo Sorce
The branch, master has been updated
   via  adbace2 Fix pam_winbind build against newer iniparser library
   via  360c11e Avoid warning about KRB5_DEPRECATE with MIT libs
   via  87c95e4 Cracknames: use krb wrapper functions so it works with MIT
   via  d43c2c0 krb5_samba: Add support for krb5_princ_size when using 
Heimdal
   via  08c733d Make krb5 wrapper library common so they can be used all 
over
   via  f7070c9 For now just disable this Heindal specific stuff in the MIT 
build
   via  110dad8 Make krb5 context initialization not heimdal specific
   via  090f907 Make sure krb5_principal_get_num_comp is identified as 
present for Heimdal build
   via  5cae929 waf: rename SAMBA4_INTERNAL_HEIMDAL to SAMBA4_USES_HEIMDAL
   via  4291fdc waf: move krb5 checks to a separate waf file
  from  5b5b696 Fix bug #8882 - Broken processing of %U with vfs_full_audit 
when force user is set.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit adbace20a24b6ae4fbd6d17b7153833f4ac8c88d
Author: Simo Sorce 
Date:   Mon Apr 23 17:23:35 2012 -0400

Fix pam_winbind build against newer iniparser library

iniparser_getstr is deprecated and has been removed in newer libraries
available in Fedora. Use iniparse_getstring instead.

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104

commit 360c11eaaafb0b74d2cc2e733eea922553407b16
Author: Simo Sorce 
Date:   Sun Apr 22 19:05:31 2012 -0400

Avoid warning about KRB5_DEPRECATE with MIT libs

commit 87c95e49efbcbdbf76e66a240e769f6cb80a40b4
Author: Simo Sorce 
Date:   Sat Apr 21 16:55:35 2012 -0400

Cracknames: use krb wrapper functions so it works with MIT

Also avoid a silly game with directly modifying the principal and
then calling krb5_principal_unparse_flags to get out a string.
If we already assume it is a 2 components name and know what outcome we are
going to get, just go ahead and talloc_asprintf the linearized string.

commit d43c2c094558fcb83aa18358bc724195a9c26001
Author: Simo Sorce 
Date:   Sun Apr 22 21:38:29 2012 -0400

krb5_samba: Add support for krb5_princ_size when using Heimdal

commit 08c733d75fd83fd5e32ced9712d41dd595e0f182
Author: Simo Sorce 
Date:   Sat Apr 21 17:26:18 2012 -0400

Make krb5 wrapper library common so they can be used all over

commit f7070c90b94954835478a09e89a85c03f0f85500
Author: Simo Sorce 
Date:   Sat Apr 21 16:35:48 2012 -0400

For now just disable this Heindal specific stuff in the MIT build

commit 110dad8c9eb95e6729e589b52ef204d369803bdb
Author: Simo Sorce 
Date:   Fri Apr 20 13:14:30 2012 -0400

Make krb5 context initialization not heimdal specific

Turn the logging data to an opaque pointer.
Ifdef code and use MIT logging function when built against system MIT.

commit 090f9072da6974b506901547c0091e3e1b8a11cc
Author: Alexander Bokovoy 
Date:   Mon Apr 23 15:01:07 2012 +0300

Make sure krb5_principal_get_num_comp is identified as present for Heimdal 
build

Common wrappers for MIT / Heimdal use krb5_principal_get_num_comp() to 
replace krb5_princ_size
but rely on krb5_principal_get_num_comp() identified by the build. As we 
know it exists in Heimdal,
define it for waf build.

Signed-off-by: Simo Sorce 

commit 5cae9293d118da8765b301f9872e77993f44ad86
Author: Alexander Bokovoy 
Date:   Fri Apr 20 20:22:39 2012 +0300

waf: rename SAMBA4_INTERNAL_HEIMDAL to SAMBA4_USES_HEIMDAL

SAMBA4_INTERNAL_HEIMDAL is defined unconditionally regardless
where Heimdal comes from, system-wide or embedded version.

This define is not used anywhere. We'll use it to distinguish
between Heimdal and MIT Krb5 builds.

Signed-off-by: Simo Sorce 

commit 4291fdcf3910b37d7dc7ed3849847fb162b5569b
Author: Alexander Bokovoy 
Date:   Fri Apr 20 12:53:11 2012 +0300

waf: move krb5 checks to a separate waf file

With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify
configuration and checks for MIT/Heimdal Kerberos implementations.

1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5
2. Make sure they are called same way (--with-mit-krb5-checks)
3. If no configure checks identified MIT krb5 in system (or were disabled),
   make sure Heimdal build is selected, embedded (default) or 
system-provided.

This makes logic of configuration unchanged for Heimdal builds but adds
less hacky way to use MIT krb5 builds. The latter does not work yet as we
need to untangle more subsystems from HDB/Heimdal-specific details but
lays out a foundation for that.

Signed-off-by: Simo Sorce 

---

Summary of changes:
 auth/credentials/credentials_krb5.c|1 +
 auth/kerberos/gssapi_

[SCM] Samba Shared Repository - branch master updated

2012-04-19 Thread Simo Sorce
The branch, master has been updated
   via  4b29cf5 Move kdc_get_policy helper in the lsa server where it 
belongs.
   via  37e98ff Use loadparm helper to find lifetime defaults
   via  86910e1 loadparm: Add helper function to fetch default lifetime 
policies
   via  74510b0 loadparm: Add convenience function to return long integers
   via  e0f425a loadparm: Fix broken lp_ulong utility function
   via  97f5b28 Move README file in the right place.
  from  00d5f32 Fix bug #8877 - Syslog broken owing to mistyping of 
debug_settings.syslog.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4b29cf5f66c5e75f759a5c2a79ba26629f907778
Author: Simo Sorce 
Date:   Thu Apr 19 17:54:57 2012 -0400

Move kdc_get_policy helper in the lsa server where it belongs.

This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.

Also the kdc-policy file was a single funciton library, that's just 
ridiculous.

The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when 
it's
the time. the code would have to change quite a lot anyway.

Autobuild-User: Simo Sorce 
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104

commit 37e98ff252edc5e76d2c74a8459247ffcb5fd101
Author: Simo Sorce 
Date:   Thu Apr 19 11:17:25 2012 -0400

Use loadparm helper to find lifetime defaults

Implictly fixes buggy use of int for time_t

commit 86910e15feaa490cf70f592c6e9af44f3db7e6f0
Author: Simo Sorce 
Date:   Thu Apr 19 11:16:03 2012 -0400

loadparm: Add helper function to fetch default lifetime policies

This use long to fetch time_t quantities, because there are architectures 
were
time_t is a signed long but long != int, So long is the proper way to deal 
with
it.

commit 74510b059e6852d1491a4cb6eaa9cc7c2ed61fbf
Author: Simo Sorce 
Date:   Thu Apr 19 11:00:45 2012 -0400

loadparm: Add convenience function to return long integers

commit e0f425ab2d49779d0abbc0756326f548ff1ee19b
Author: Simo Sorce 
Date:   Thu Apr 19 10:58:39 2012 -0400

loadparm: Fix broken lp_ulong utility function

commit 97f5b287fbe36e8e0026c3a76f90a7662111e9aa
Author: Simo Sorce 
Date:   Thu Apr 19 10:34:54 2012 -0400

Move README file in the right place.

Someone forgot to move the README when they moved the code ...

---

Summary of changes:
 {source4 => lib}/param/README   |0
 lib/param/loadparm.c|   29 +++-
 lib/param/param.h   |5 +++
 lib/param/util.c|   19 ++
 source4/kdc/db-glue.c   |   17 +++-
 source4/kdc/kdc-policy.h|   25 --
 source4/kdc/policy.c|   48 ---
 source4/kdc/samba_kdc.h |8 +-
 source4/kdc/wscript_build   |   10 +--
 source4/rpc_server/lsa/dcesrv_lsa.c |   26 ++-
 source4/rpc_server/wscript_build|2 +-
 11 files changed, 95 insertions(+), 94 deletions(-)
 rename {source4 => lib}/param/README (100%)
 delete mode 100644 source4/kdc/kdc-policy.h
 delete mode 100644 source4/kdc/policy.c
 mode change 100644 => 100755 source4/kdc/wscript_build


Changeset truncated at 500 lines:

diff --git a/source4/param/README b/lib/param/README
similarity index 100%
rename from source4/param/README
rename to lib/param/README
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 46bae44..d68d585 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1699,11 +1699,11 @@ static int lp_int(const char *s)
 /**
  * convenience routine to return unsigned long parameters.
  */
-static int lp_ulong(const char *s)
+static unsigned long lp_ulong(const char *s)
 {
 
if (!s) {
-   DEBUG(0,("lp_int(%s): is called with NULL!\n",s));
+   DEBUG(0,("lp_ulong(%s): is called with NULL!\n",s));
return -1;
}
 
@@ -1713,6 +1713,20 @@ static int lp_ulong(const char *s)
 /**
  * convenience routine to return unsigned long parameters.
  */
+static long lp_long(const char *s)
+{
+
+   if (!s) {
+   DEBUG(0,("lp_long(%s): is called with NULL!\n",s));
+   return -1;
+   }
+
+   return strtol(s, NULL, 0);
+}
+
+/**
+ * convenience routine to return unsigned long parameters.
+ */
 static double lp_double(const char *s)
 {
 
@@ -1840,6 +1854,17 @@ unsigned long lpcfg_parm_ulong(struct loadparm_context 
*lp_ctx,
re

[SCM] Samba Shared Repository - branch master updated

2012-04-19 Thread Simo Sorce
The branch, master has been updated
   via  e21029a waf: Fix mispelling
   via  70d44a9 Fix Error messages
  from  b31f773 s3/ldap: remove outdated netscape ds 5 schema file

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e21029a270a6e3b8bcc5ff33b74977cb0cd6cd17
Author: Simo Sorce 
Date:   Mon Apr 9 08:33:37 2012 -0400

waf: Fix mispelling

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Apr 19 17:36:41 CEST 2012 on sn-devel-104

commit 70d44a9a177621b173c8a24c7cb503f5632a8ff7
Author: Simo Sorce 
Date:   Thu Apr 19 09:35:08 2012 -0400

Fix Error messages

---

Summary of changes:
 buildtools/wafsamba/samba_deps.py  |   12 ++--
 buildtools/wafsamba/samba_python.py|6 +++---
 buildtools/wafsamba/wafsamba.py|2 +-
 source4/auth/kerberos/srv_keytab.c |6 ++
 source4/scripting/python/wscript_build |2 +-
 5 files changed, 13 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_deps.py 
b/buildtools/wafsamba/samba_deps.py
index 51b7da9..f073e41 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -214,7 +214,7 @@ def add_init_functions(self):
 if m is not None:
 modules.append(m)
 
-sentinal = getattr(self, 'init_function_sentinal', 'NULL')
+sentinel = getattr(self, 'init_function_sentinel', 'NULL')
 
 targets= LOCAL_CACHE(bld, 'TARGET_TYPE')
 cflags = getattr(self, 'samba_cflags', [])[:]
@@ -222,8 +222,8 @@ def add_init_functions(self):
 if modules == []:
 sname = sname.replace('-','_')
 sname = sname.replace('/','_')
-cflags.append('-DSTATIC_%s_MODULES=%s' % (sname, sentinal))
-if sentinal == 'NULL':
+cflags.append('-DSTATIC_%s_MODULES=%s' % (sname, sentinel))
+if sentinel == 'NULL':
 cflags.append('-DSTATIC_%s_MODULES_PROTO' % sname)
 self.ccflags = cflags
 return
@@ -236,11 +236,11 @@ def add_init_functions(self):
 if targets[d['TARGET']] != 'DISABLED':
 init_fn_list.append(d['INIT_FUNCTION'])
 if init_fn_list == []:
-cflags.append('-DSTATIC_%s_MODULES=%s' % (m, sentinal))
-if sentinal == 'NULL':
+cflags.append('-DSTATIC_%s_MODULES=%s' % (m, sentinel))
+if sentinel == 'NULL':
 cflags.append('-DSTATIC_%s_MODULES_PROTO' % m)
 else:
-cflags.append('-DSTATIC_%s_MODULES=%s' % (m, 
','.join(init_fn_list) + ',' + sentinal))
+cflags.append('-DSTATIC_%s_MODULES=%s' % (m, 
','.join(init_fn_list) + ',' + sentinel))
 proto=''
 for f in init_fn_list:
 proto = proto + '_MODULE_PROTO(%s)' % f
diff --git a/buildtools/wafsamba/samba_python.py 
b/buildtools/wafsamba/samba_python.py
index 503fa75..6bc32f0 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -21,7 +21,7 @@ def SAMBA_PYTHON(bld, name,
  realname=None,
  cflags='',
  includes='',
- init_function_sentinal=None,
+ init_function_sentinel=None,
  local_include=True,
  vars=None,
  enabled=True):
@@ -29,8 +29,8 @@ def SAMBA_PYTHON(bld, name,
 
 # when we support static python modules we'll need to gather
 # the list from all the SAMBA_PYTHON() targets
-if init_function_sentinal is not None:
-cflags += '-DSTATIC_LIBPYTHON_MODULES=%s' % init_function_sentinal
+if init_function_sentinel is not None:
+cflags += '-DSTATIC_LIBPYTHON_MODULES=%s' % init_function_sentinel
 
 source = bld.EXPAND_VARIABLES(source, vars=vars)
 
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index fd72cf3..317bca1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -477,7 +477,7 @@ def SAMBA_SUBSYSTEM(bld, modname, source,
 cflags='',
 cflags_end=None,
 group='main',
-init_function_sentinal=None,
+init_function_sentinel=None,
 autoproto=None,
 autoproto_extra_source='',
 depends_on='',
diff --git a/source4/auth/kerberos/srv_keytab.c 
b/source4/auth/kerberos/srv_keytab.c
index ca2d385

[SCM] Samba Shared Repository - branch master updated

2012-04-17 Thread Simo Sorce
The branch, master has been updated
   via  e49efe9 Fix typo
  from  0a4ab49 waf: Use Logs.info() instead of print.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e49efe9e7e8ebd62fa79e35a1e2fff489c3bcc96
Author: Simo Sorce 
Date:   Fri Apr 6 15:22:06 2012 -0400

Fix typo

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Apr 17 22:22:26 CEST 2012 on sn-devel-104

---

Summary of changes:
 buildtools/wafsamba/samba_deps.py |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_deps.py 
b/buildtools/wafsamba/samba_deps.py
index ed2169b..51b7da9 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -298,7 +298,7 @@ def check_duplicate_sources(bld, tgt_list):
 return ret
 
 
-def check_orpaned_targets(bld, tgt_list):
+def check_orphaned_targets(bld, tgt_list):
 '''check if any build targets are orphaned'''
 
 target_dict = LOCAL_CACHE(bld, 'TARGET_TYPE')
@@ -1145,7 +1145,7 @@ def check_project_rules(bld):
 
 debug('deps: project rules stage1 completed')
 
-#check_orpaned_targets(bld, tgt_list)
+#check_orphaned_targets(bld, tgt_list)
 
 if not check_duplicate_sources(bld, tgt_list):
 Logs.error("Duplicate sources present - aborting")


-- 
Samba Shared Repository


[SCM] Samba Website Repository - branch master updated

2012-04-11 Thread Simo Sorce
The branch, master has been updated
   via  31eb555 Add note about patches that apply to alpha18
  from  6698fef Fix typo.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 31eb5557bb01549be26bd4c20aacce0c00f0b262
Author: Simo Sorce 
Date:   Wed Apr 11 09:46:27 2012 -0400

Add note about patches that apply to alpha18

---

Summary of changes:
 security/CVE-2012-1182.html |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/security/CVE-2012-1182.html b/security/CVE-2012-1182.html
index 4aa1ca4..2e3f9c2 100644
--- a/security/CVE-2012-1182.html
+++ b/security/CVE-2012-1182.html
@@ -71,6 +71,9 @@ Due to the seriousness of this vulnerability, patches have 
been
 released for all Samba versions currently out of support and
 maintenance from 3.0.37 onwards.
 
+Patches for the 3.6 series also apply to Samba4 alpha18 and can be used to
+make a pure security release on top of it.
+
 
 ==
 Workaround


-- 
Samba Website Repository


Re: [SCM] Samba Shared Repository - branch master updated

2012-04-10 Thread simo
On Tue, 2012-04-10 at 11:15 +0200, Andrew Bartlett wrote:
> index cafc020..f07bbc9 100644
> --- a/lib/ldb/include/ldb_private.h
> +++ b/lib/ldb/include/ldb_private.h
> @@ -181,4 +181,12 @@ struct ldb_val ldb_binary_decode(TALLOC_CTX
> *mem_ctx, const char *str);
>  const char *ldb_options_find(struct ldb_context *ldb, const char
> *options[],
>  const char *option_name);
>  
> +struct ldif_read_file_state {
> +   FILE *f;
> +   size_t line_no;
> +};

Andrew,
can you put this back in ldb_ldif.c and provide a getter function for
the line number instead ?
Let's avoid keeping spreading structures all over.

> +struct ldb_ldif *ldb_ldif_read_file_state(struct ldb_context *ldb, 
> +     struct ldif_read_file_state
> *state);
> + 
-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2012-02-15 Thread Simo Sorce
The branch, master has been updated
   via  b5b2041 Rename obscure defined constants.
  from  95d3096 s3-selftest: Remove .posix_s3 from s3 test names

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b5b204184aa6d0f14e7d3bd08322a98dc4f432e6
Author: Christopher R. Hertel (crh) 
Date:   Tue Feb 14 21:51:35 2012 -0600

Rename obscure defined constants.

Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.

Small changes to clarify some comments regarding the two transport
types.

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/auth/auth_ntlmssp.c  |4 ++--
 source3/client/client.c  |9 +
 source3/include/smb.h|4 ++--
 source3/lib/util_sock.c  |5 +++--
 source3/libsmb/libsmb_server.c   |2 +-
 source3/libsmb/smbsock_connect.c |   14 +++---
 source3/nmbd/nmbd_synclists.c|2 +-
 source3/smbd/reply.c |4 ++--
 source3/torture/torture.c|2 +-
 source3/utils/smbfilter.c|4 ++--
 source3/winbindd/winbindd_cm.c   |2 +-
 11 files changed, 27 insertions(+), 25 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 00a99c3..b5935e6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -143,8 +143,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct 
ntlmssp_state *ntlmssp_state,
NTSTATUS nt_status;
bool username_was_mapped;
 
-   /* the client has given us its machine name (which we otherwise would 
not get on port 445).
-  we need to possibly reload smb.conf if smb.conf includes depend on 
the machine name */
+   /* The client has given us its machine name (which we only get over NBT 
transport).
+  We need to possibly reload smb.conf if smb.conf includes depend on 
the machine name. */
 

set_remote_machine_name(gensec_ntlmssp->ntlmssp_state->client.netbios_name, 
True);
 
diff --git a/source3/client/client.c b/source3/client/client.c
index 89fd1d4..9d4ef15 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5168,7 +5168,7 @@ static int do_host_query(const char *query_host)
}
}
 
-   if (port != 139) {
+   if (port != NBT_SMB_PORT) {
 
/* Workgroups simply don't make sense over anything
   else but port 139... */
@@ -5177,7 +5177,8 @@ static int do_host_query(const char *query_host)
status = cli_cm_open(talloc_tos(), NULL,
 have_ip ? dest_ss_str : query_host,
 "IPC$", auth_info, true, smb_encrypt,
-max_protocol, 139, name_type, &cli);
+max_protocol, NBT_SMB_PORT, name_type,
+&cli);
if (!NT_STATUS_IS_OK(status)) {
cli = NULL;
}
@@ -5242,7 +5243,7 @@ static int do_message_op(struct user_auth_info *a_info)
NTSTATUS status;
 
status = cli_connect_nb(desthost, have_ip ? &dest_ss : NULL,
-   port ? port : 139, name_type,
+   port ? port : NBT_SMB_PORT, name_type,
lp_netbios_name(), SMB_SIGNING_DEFAULT, 0, 
&cli);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Connection to %s failed. Error %s\n", desthost, 
nt_errstr(status));
@@ -5354,7 +5355,7 @@ static int do_message_op(struct user_auth_info *a_info)
exit(ENOMEM);
}
if( !port )
-   port = 139;
+   port = NBT_SMB_PORT;
message = true;
break;
case 'I':
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 22653cd..7dd77ec 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -44,8 +44,8 @@
 
 #define NMB_PORT 137
 #define DGRAM_PORT 138
-#define SMB_PORT1 445
-#define SMB_PORT2 139
+#define NBT_SMB_PORT  139   /* Port for SMB over NBT transport (IETF STD#19). 
*/
+#define TCP_SMB_PORT  445   /* Port for SMB over naked TCP transport. 
*/
 #define SMB_PORTS "445 139"
 
 #define Undefined (-1)
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.

Re: [SCM] Samba Shared Repository - branch master updated

2011-10-28 Thread simo
On Fri, 2011-10-28 at 11:35 +0200, Andreas Schneider wrote:
> +Requires=smb.service nmb.service
> +After=syslog.target network.target smb.service nmb.service

This looks wrong, winbind does not require smb or nmb to run, if you
have a laptop and do not offer shares you may want to run just winbind
and no smb or nmb service.
And actually I think you probably want to start winbind before smb *if*
you are using winbind on a samba file server.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2011-10-18 Thread Simo Sorce
The branch, master has been updated
   via  605d7d9 pdb-interface: Do not use unid_t here
  from  94799db s3-auth move the s3 auth context onto gensec_ntlmssp once 
we start

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 605d7d965a33d6a4be632dde9b15abb42801fdaf
Author: Simo Sorce 
Date:   Tue Oct 18 10:44:52 2011 -0400

pdb-interface: Do not use unid_t here

This interface needs to be publicly available, unid_t here is not really 
useful
and makes it harder to use it as unid_t is not a public union.

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/include/passdb.h|4 ++--
 source3/passdb/lookup_sid.c |   14 --
 source3/passdb/pdb_ads.c|   13 ++---
 source3/passdb/pdb_interface.c  |   36 
 source3/passdb/pdb_ldap.c   |   15 ---
 source3/passdb/pdb_samba4.c |   13 ++---
 source3/passdb/py_passdb.c  |7 ---
 source3/winbindd/idmap_passdb.c |9 +
 8 files changed, 59 insertions(+), 52 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index cd3880c..70b21c9 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -563,7 +563,7 @@ struct pdb_methods
bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
   struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid 
*sid,
- union unid_t *id, enum lsa_SidType *type);
+ uid_t *uid, gid_t *gid, enum lsa_SidType *type);
 
uint32_t (*capabilities)(struct pdb_methods *methods);
bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid);
@@ -868,7 +868,7 @@ bool pdb_set_account_policy(enum pdb_policy_type type, 
uint32_t value);
 bool pdb_get_seq_num(time_t *seq_num);
 bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
 bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
-bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id,
+bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid,
   enum lsa_SidType *type);
 uint32_t pdb_capabilities(void);
 bool pdb_new_rid(uint32_t *rid);
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index a02c941..cfc78ad 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1193,11 +1193,12 @@ static bool legacy_sid_to_uid(const struct dom_sid 
*psid, uid_t *puid)
enum lsa_SidType type;
 
if (sid_check_is_in_our_domain(psid)) {
-   union unid_t id;
+   uid_t uid;
+   gid_t gid;
bool ret;
 
become_root();
-   ret = pdb_sid_to_id(psid, &id, &type);
+   ret = pdb_sid_to_id(psid, &uid, &gid, &type);
unbecome_root();
 
if (ret) {
@@ -1207,7 +1208,7 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, 
uid_t *puid)
  sid_type_lookup(type)));
return false;
}
-   *puid = id.uid;
+   *puid = uid;
goto done;
}
 
@@ -1234,7 +1235,6 @@ done:
 static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
 {
GROUP_MAP *map;
-   union unid_t id;
enum lsa_SidType type;
 
map = talloc_zero(NULL, GROUP_MAP);
@@ -1260,10 +1260,12 @@ static bool legacy_sid_to_gid(const struct dom_sid 
*psid, gid_t *pgid)
}
 
if (sid_check_is_in_our_domain(psid)) {
+   uid_t uid;
+   gid_t gid;
bool ret;
 
become_root();
-   ret = pdb_sid_to_id(psid, &id, &type);
+   ret = pdb_sid_to_id(psid, &uid, &gid, &type);
unbecome_root();
 
if (ret) {
@@ -1274,7 +1276,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, 
gid_t *pgid)
  sid_type_lookup(type)));
return false;
}
-   *pgid = id.gid;
+   *pgid = gid;
goto done;
}
 
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 5742534..8dc9585 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2204,7 +2204,7 @@ static bool pdb_ads_gid_to_sid(struct pdb_methods *m, 
gid_t gid,
 }
 
 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
- 

[SCM] Samba Shared Repository - branch master updated

2011-10-10 Thread Simo Sorce
The branch, master has been updated
   via  6bed577 pac: Fix wrong memory allocation check
   via  c9eba24 ndr.pc: needs samba-util not samba-hostconfig
  from  b787b6e libcli/cldap: don't pass tevent_context to 
cldap_socket_init()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6bed57788c2341a92e1c4431ea764bf037431254
Author: Simo Sorce 
Date:   Mon Oct 10 17:48:02 2011 -0400

pac: Fix wrong memory allocation check

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Oct 11 01:18:22 CEST 2011 on sn-devel-104

commit c9eba24886806bca795f294183b7543e4f9376ca
Author: Simo Sorce 
Date:   Mon Oct 10 15:52:38 2011 -0400

ndr.pc: needs samba-util not samba-hostconfig

---

Summary of changes:
 librpc/ndr.pc.in   |2 +-
 source4/kdc/pac-glue.c |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/ndr.pc.in b/librpc/ndr.pc.in
index f7a1651..1ee50cc 100644
--- a/librpc/ndr.pc.in
+++ b/librpc/ndr.pc.in
@@ -5,7 +5,7 @@ includedir=@includedir@
 
 Name: ndr
 Description: Network Data Representation Core Library
-Requires: samba-hostconfig talloc
+Requires: samba-util talloc
 Version: 0.0.1
 Libs: @LIB_RPATH@ -L${libdir} -lndr
 Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1 -D_GNU_SOURCE=1
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index e92a511..5718452 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -51,7 +51,7 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
}
 
pac_info.logon_info.info = talloc_zero(mem_ctx, struct PAC_LOGON_INFO);
-   if (!mem_ctx) {
+   if (!pac_info.logon_info.info) {
return NT_STATUS_NO_MEMORY;
}
 


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-08-21 Thread Simo Sorce
The branch, master has been updated
   via  d713f9e s3-passdb: Only delete 1 entry from memcache.
   via  99bb3ee s3-passdb: Remove always the user from getpwsid cache.
   via  1152aa8 s3-passdb: Keep caches coherent
   via  61ada70 s3-id_cache: Use better names for id cache management ops
   via  177db0a s3-id_cache: Move id caches mgmt out of smbd
   via  0f4ee5d s3-lsasd: Listen on \PIPE\lsass.
   via  8efdac8 s3-lsasd: Add missing ncalrpc listeners.
   via  b501f6f s3-rpc_server: Add create_dcerpc_ncalrpc_socket().
   via  8a1572f s3-rpc_server: Increase epm monitor wait time.
   via  51d4b3c s3-prefork: Listening fds must be in non-blocking mode
   via  a4188aa s3-spoolss: Remove useless check
   via  2c45954 s3-lsasd: Remove useless check
   via  7bb4b99 s3-prefork: Fix code to retire children
   via  feadd84 s3-spoolssd: Listen on parent messages
   via  cce8c72 s3-lsasd: Listen on parent messages
   via  91ba8ae s3-prefork: Add parent->client messaging
   via  98d2bf0 s3-lsasd: Send a message to the parent when we accept a 
connection
   via  7274649 s3-spoolssd: Send a message to the parent when we accept a 
connection
   via  5c1a8dc s3-messaging: Add preforked child-parent message types
   via  0f71639 s3-prefork: Improve error detection when handling new 
connections
   via  75f3da7 s3-prefork: Improve heuristics
   via  89dde6b s3-lsasd: User new prefork helpers to simplify code.
   via  f07f5c5 s3-spoolssd: User new prefork helpers to simplify code.
   via  308e4e0 s3-prefork: add a few more utility functions
   via  df6f320 s3-prefrok: Handle only valid children
   via  e3736f8 s3-prefork: Fix worker flags handling.
   via  ee0c69a s3-prefork: do not use a lock_fd, just race on accept()
   via  0723871 rpc_server: Add forward declaration for dcerpc_transport_t.
   via  5de61e6 s3-waf: Fix build with lsasd.
   via  c538b01 s3-lsasd: Use prefrok utils to manage children
   via  884969e s3-spoolssd: Use prefrok utils to manage children
   via  3451f42 s3-prefork: Add common utilities for daemons
   via  0647a93 s3-spoolss: Introduce helper function to manage pool.
   via  2a0aac0 s3-prefork: Allow better management of allowed_clients
   via  eb8a0c7 s3-winbind: We need to use internal rpc connections in 
winbind.
   via  bfd9624 s3-spoolssd: Fix spoolss logging.
   via  5b3eb83 s3-lsasd: Import fixes from spoolssd
   via  d5ba5de selftest: Enable testing of the lsa service daemon.
   via  d1bc22e s3-rpc_server: Use rpc_epmapper_mode() in ep_register()
   via  32a53be s3-rpc_server: Use rpc_service_mode() in np_open()
   via  ef24917 s3-rpc_server: Use rpc_service_mode() in 
rpc_pipe_open_interface()
   via  f9c7b59 selftest: Fix daemon testing to use the new syntax.
   via  23e7e1c s3-rpc_server: Replace RPC_SERVICE_MODE_DAEMON checks
   via  11cbe24 s3-rpc_server: Move config helpers in one place.
   via  5a4e0dd s3-rpc_server: Add helper to define/retrieve daemons 
configuration
   via  9738ee4 s3-rpc_server: Reduce code duplication
   via  7b715f1 s3-smbd: Start lsasd as deamon.
   via  7abdf6e s3-rpc_server: Correctly register lsa, samr and netlogon.
   via  0364bf0 s3-lsasd: Create a lsa service daemon.
   via  dea2161 s3-spoolssd: Check if we were able to create the prefork 
pool.
   via  5169dff s3-prefork: Fix cast warning.
   via  e4b566d s3-rpc_server: Make dcerpc_ncacn_accept() public.
   via  312c519 s3-rpc_server: Check explicit for external and daemon 
server type.
   via  ea3fa58 s3-rpc_server: Fix include order in srv_pipe_hnd.c.
  from  9fa8f27 talloc: Fix talloc-compat pc files/headers.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d713f9e9f50dfe680f66798098ee5ede3ee80e06
Author: Andreas Schneider 
Date:   Sat Aug 20 16:19:43 2011 +0200

s3-passdb: Only delete 1 entry from memcache.

If we delete or update one user we shouldn't flush the complete
memcache.

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Sun Aug 21 16:39:10 CEST 2011 on sn-devel-104

commit 99bb3eed1dac5d2e81fd213beda414bd65076eea
Author: Andreas Schneider 
Date:   Sat Aug 20 14:48:38 2011 +0200

s3-passdb: Remove always the user from getpwsid cache.

We should do it always, not only in the pdb_default_delete_user()
function.

Signed-off-by: Simo Sorce 

commit 1152aa8e0354ed2446397725b75e905bef3c4afb
Author: Andreas Schneider 
Date:   Fri Aug 19 17:36:53 2011 +0200

s3-passdb: Keep caches coherent

When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actu

[SCM] Samba Shared Repository - branch master updated

2011-08-19 Thread Simo Sorce
The branch, master has been updated
   via  0825a52 Revert "s3-messaging: IDMAP_ messages belongs to the 
Winbind range"
  from  0db0e93 s3-passdb pdb_samba4 handles PDB_PWHISTORY already

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0825a52a369883ec422efbebfce5eaac78bf94a5
Author: Simo Sorce 
Date:   Fri Aug 19 08:07:30 2011 -0400

Revert "s3-messaging: IDMAP_ messages belongs to the Winbind range"

This reverts commit 102f39ae3e7df26faf81595c8e0120b2e2a45bbd.

These messages are handled by smbd not winbind, and could potentially be of
general interest.

Autobuild-User: Simo Sorce 
Autobuild-Date: Fri Aug 19 16:16:05 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/librpc/idl/messaging.idl |8 
 1 files changed, 4 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl
index 41df791..aca90c4 100644
--- a/source3/librpc/idl/messaging.idl
+++ b/source3/librpc/idl/messaging.idl
@@ -35,6 +35,10 @@ interface messaging
MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C,
MSG_SHUTDOWN= 0x000D,
 
+   MSG_IDMAP_FLUSH = 0x000E,
+   MSG_IDMAP_DELETE= 0x000F,
+   MSG_IDMAP_KILL  = 0x0010,
+
/* Changes to smb.conf are really of general interest */
MSG_SMB_CONF_UPDATED= 0x0021,
 
@@ -90,10 +94,6 @@ interface messaging
MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409,
MSG_WINBIND_IP_DROPPED  = 0x040A,
 
-   MSG_IDMAP_FLUSH = 0x040E,
-   MSG_IDMAP_DELETE= 0x040F,
-   MSG_IDMAP_KILL  = 0x0410,
-
/* event messages */
MSG_DUMP_EVENT_LIST = 0x0500,
 


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-08-16 Thread Simo Sorce
The branch, master has been updated
   via  102f39a s3-messaging: IDMAP_ messages belongs to the Winbind range
  from  6c8ee02 s3: Use ZERO_STRUCT where appropriate

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 102f39ae3e7df26faf81595c8e0120b2e2a45bbd
Author: Simo Sorce 
Date:   Tue Aug 16 10:46:17 2011 -0400

s3-messaging: IDMAP_ messages belongs to the Winbind range

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Aug 16 22:27:05 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/librpc/idl/messaging.idl |8 
 1 files changed, 4 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl
index aca90c4..41df791 100644
--- a/source3/librpc/idl/messaging.idl
+++ b/source3/librpc/idl/messaging.idl
@@ -35,10 +35,6 @@ interface messaging
MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C,
MSG_SHUTDOWN= 0x000D,
 
-   MSG_IDMAP_FLUSH = 0x000E,
-   MSG_IDMAP_DELETE= 0x000F,
-   MSG_IDMAP_KILL  = 0x0010,
-
/* Changes to smb.conf are really of general interest */
MSG_SMB_CONF_UPDATED= 0x0021,
 
@@ -94,6 +90,10 @@ interface messaging
MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409,
MSG_WINBIND_IP_DROPPED  = 0x040A,
 
+   MSG_IDMAP_FLUSH = 0x040E,
+   MSG_IDMAP_DELETE= 0x040F,
+   MSG_IDMAP_KILL  = 0x0410,
+
/* event messages */
MSG_DUMP_EVENT_LIST = 0x0500,
 


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-08-14 Thread Simo Sorce
The branch, master has been updated
   via  2e5fc83 s3-prefork: Do not use mmap/mremap/munmap directly
   via  039ddef util: add function to extend anonymous shared memory
   via  a171938 replace: Check if we have mremap() available
  from  88ecf1a Use public pytalloc header file.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2e5fc8335022df44a015817d4628a48e9195e311
Author: Simo Sorce 
Date:   Sun Aug 14 18:11:18 2011 -0400

s3-prefork: Do not use mmap/mremap/munmap directly

Use the wrappers in util.h as they deal with trying to do the best they can 
on
platfroms that do not support mmap extensions.

Autobuild-User: Simo Sorce 
Autobuild-Date: Mon Aug 15 04:13:51 CEST 2011 on sn-devel-104

commit 039ddef20900322760093a04881007dbb0897b50
Author: Simo Sorce 
Date:   Sun Aug 14 18:10:53 2011 -0400

util: add function to extend anonymous shared memory

commit a171938408adde0d787b9ff40a4cebeee66d747a
Author: Simo Sorce 
Date:   Sun Aug 14 18:05:27 2011 -0400

replace: Check if we have mremap() available

---

Summary of changes:
 lib/replace/libreplace.m4|7 
 lib/replace/test/shared_mremap.c |   48 
 lib/util/util.c  |   64 ++
 lib/util/util.h  |1 +
 source3/lib/server_prefork.c |   20 ++-
 5 files changed, 131 insertions(+), 9 deletions(-)
 create mode 100644 lib/replace/test/shared_mremap.c


Changeset truncated at 500 lines:

diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 808d5d1..d644e50 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -98,6 +98,13 @@ if test x"$libreplace_cv_HAVE_MMAP" = x"yes"; then
 AC_DEFINE(HAVE_MMAP,1,[Whether mmap works])
 fi
 
+AC_CACHE_CHECK([for working mremap],libreplace_cv_HAVE_MREMAP,[
+AC_TRY_RUN([#include "$libreplacedir/test/shared_mremap.c"],
+   
libreplace_cv_HAVE_MREMAP=yes,libreplace_cv_HAVE_MREMAP=no,libreplace_cv_HAVE_MREMAP=cross)])
+if test x"$libreplace_cv_HAVE_MREMAP" = x"yes"; then
+AC_DEFINE(HAVE_MREMAP,1,[Whether mremap works])
+fi
+
 
 AC_CHECK_HEADERS(sys/syslog.h syslog.h)
 AC_CHECK_HEADERS(sys/time.h time.h)
diff --git a/lib/replace/test/shared_mremap.c b/lib/replace/test/shared_mremap.c
new file mode 100644
index 000..05032ad
--- /dev/null
+++ b/lib/replace/test/shared_mremap.c
@@ -0,0 +1,48 @@
+/* this tests whether we can use mremap */
+
+#if defined(HAVE_UNISTD_H)
+#include 
+#endif
+#include 
+#include 
+#include 
+#include 
+
+#define DATA "conftest.mmap"
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (int *)-1
+#endif
+
+main()
+{
+   int *buf;
+   int fd;
+   int err = 1;
+
+   fd = open(DATA, O_RDWR|O_CREAT|O_TRUNC, 0666);
+   if (fd == -1) {
+   exit(1);
+   }
+
+   buf = (int *)mmap(NULL, 0x1000, PROT_READ | PROT_WRITE,
+ MAP_FILE | MAP_SHARED, fd, 0);
+   if (buf == MAP_FAILED) {
+   goto done;
+   }
+
+   buf = mremap(buf, 0x1000, 0x2000, MREMAP_MAYMOVE);
+   if (buf == MAP_FAILED) {
+   goto done;
+   }
+
+   err = 0;
+done:
+   close(fd);
+   unlink(DATA);
+   exit(err);
+}
diff --git a/lib/util/util.c b/lib/util/util.c
index 2d1d830..b700f37 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -1073,6 +1073,70 @@ void *anonymous_shared_allocate(size_t orig_bufsz)
return ptr;
 }
 
+void *anonymous_shared_resize(void *ptr, size_t new_size, bool maymove)
+{
+#ifdef HAVE_MREMAP
+   void *buf;
+   size_t pagesz = getpagesize();
+   size_t pagecnt;
+   size_t bufsz;
+   struct anonymous_shared_header *hdr;
+   int flags = 0;
+
+   if (ptr == NULL) {
+   errno = EINVAL;
+   return NULL;
+   }
+
+   hdr = (struct anonymous_shared_header *)ptr;
+   hdr--;
+   if (hdr->u.length > (new_size + sizeof(*hdr))) {
+   errno = EINVAL;
+   return NULL;
+   }
+
+   bufsz = new_size + sizeof(*hdr);
+
+   /* round up to full pages */
+   pagecnt = bufsz / pagesz;
+   if (bufsz % pagesz) {
+   pagecnt += 1;
+   }
+   bufsz = pagesz * pagecnt;
+
+   if (new_size >= bufsz) {
+   /* integer wrap */
+   errno = ENOSPC;
+   return NULL;
+   }
+
+   if (bufsz <= hdr->u.length) {
+   return ptr;
+   }
+
+   if (maymove) {
+   flags = MREMAP_MAYMOVE;
+   }
+
+   buf = mremap(hdr, hdr->u.length, bufsz, flags);
+
+   if (buf == MAP_FAILED) {
+   errno = ENOSPC;
+ 

[SCM] Samba Shared Repository - branch master updated

2011-08-13 Thread Simo Sorce
The branch, master has been updated
   via  c84caab s4:misc: remove last usage of legacy event_ fn names
   via  15efcba s4:lib: use tevent_ fns names instead of legcay event_ ones
   via  edc3266 s4:smbd: use tevent_ fn names instead of leagcy event_ ones
   via  b1feb9d s4:ntvfs: use tevent_ fn names instead of legacy event_ ones
   via  4a8fdc3 s4:librpc: use tevent_ fn names instead of legacy event_ 
ones
   via  ab81505 s4:libcli: use tevent_ fn names instead of legacy event_ 
ones
   via  f364dae s4:dsdb: use tevent_ fn names instaed of legacy event_ ones
   via  47b6457 s4:messaging: use tevent_ function names instead of legacy 
event_ ones
   via  b120c5f torture: use tevent_ functions names instead of the legacy 
event_ ones
  from  813bdf4 ldb: Remove use after free in error case

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit c84caabf8c5061af75d9e046813c1e2e8eff3722
Author: Simo Sorce 
Date:   Tue May 25 15:29:14 2010 -0400

s4:misc: remove last usage of legacy event_ fn names

Autobuild-User: Simo Sorce 
Autobuild-Date: Sun Aug 14 00:38:13 CEST 2011 on sn-devel-104

commit 15efcbaa09472b306a875178ee535a06d1b01811
Author: Simo Sorce 
Date:   Tue May 25 15:28:35 2010 -0400

s4:lib: use tevent_ fns names instead of legcay event_ ones

commit edc32665d0f5cfd5d86f975c8ac8e8ff100956f7
Author: Simo Sorce 
Date:   Tue May 25 15:28:10 2010 -0400

s4:smbd: use tevent_ fn names instead of leagcy event_ ones

commit b1feb9d4324dfca7190ec3816d43392b65a94671
Author: Simo Sorce 
Date:   Tue May 25 15:27:41 2010 -0400

s4:ntvfs: use tevent_ fn names instead of legacy event_ ones

commit 4a8fdc3958b7bc42bd90d4307f6fb0556944b300
Author: Simo Sorce 
Date:   Tue May 25 15:27:11 2010 -0400

s4:librpc: use tevent_ fn names instead of legacy event_ ones

commit ab81505e080e72c2217cb3946b04eee872397763
Author: Simo Sorce 
Date:   Tue May 25 15:26:42 2010 -0400

s4:libcli: use tevent_ fn names instead of legacy event_ ones

commit f364daed2203170bc772c8ff9bb28f78da615669
Author: Simo Sorce 
Date:   Tue May 25 15:26:00 2010 -0400

s4:dsdb: use tevent_ fn names instaed of legacy event_ ones

commit 47b64573c0d41d418d441ffc40325b822bfadb26
Author: Simo Sorce 
Date:   Tue May 25 15:25:26 2010 -0400

s4:messaging: use tevent_ function names instead of legacy event_ ones

commit b120c5f28876fd9efe032a6dbecebfaaff7dfd14
Author: Simo Sorce 
Date:   Tue May 25 15:23:55 2010 -0400

torture: use tevent_ functions names instead of the legacy event_ ones

---

Summary of changes:
 source3/torture/torture.c   |6 +++---
 source4/auth/gensec/socket.c|6 +++---
 source4/dsdb/kcc/kcc_periodic.c |2 +-
 source4/dsdb/repl/drepl_notify.c|2 +-
 source4/dsdb/repl/drepl_periodic.c  |2 +-
 source4/lib/com/main.c  |2 +-
 source4/lib/messaging/messaging.c   |   16 
 source4/lib/messaging/tests/irpc.c  |6 +++---
 source4/lib/messaging/tests/messaging.c |4 ++--
 source4/lib/socket/connect.c|4 ++--
 source4/lib/socket/connect_multi.c  |2 +-
 source4/lib/stream/packet.c |   16 
 source4/lib/tls/tls.c   |   20 ++--
 source4/libcli/composite/composite.c|8 
 source4/libcli/dgram/dgramsocket.c  |   12 ++--
 source4/libcli/dgram/mailslot.c |2 +-
 source4/libcli/raw/clitransport.c   |   14 +++---
 source4/libcli/raw/rawrequest.c |2 +-
 source4/libcli/resolve/dns_ex.c |2 +-
 source4/libcli/smb2/request.c   |2 +-
 source4/libcli/smb2/transport.c |   14 +++---
 source4/librpc/rpc/dcerpc.c |8 
 source4/librpc/rpc/dcerpc_connect.c |2 +-
 source4/librpc/rpc/dcerpc_sock.c|8 
 source4/nbt_server/register.c   |2 +-
 source4/nbt_server/wins/winsclient.c|4 ++--
 source4/ntvfs/posix/pvfs_notify.c   |2 +-
 source4/ntvfs/posix/pvfs_search.c   |2 +-
 source4/ntvfs/posix/pvfs_wait.c |2 +-
 source4/ntvfs/posix/pvfs_write.c|4 ++--
 source4/rpc_server/echo/rpc_echo.c  |2 +-
 source4/smbd/process_onefork.c  |2 +-
 source4/smbd/process_prefork.c  |6 +++---
 source4/smbd/process_standard.c |4 ++--
 source4/smbd/process_thread.c   |4 ++--
 source4/torture/basic/base.c|2 +-
 source4/torture/basic/misc.c|2 +-
 source4/torture/nbt/dgram.c |   20 ++--
 source4/torture/nbt/query.c |4 ++--
 source4/torture/nbt/wins.c  |4 ++--
 source4/torture/nbt/winsbench.c |4 ++--
 source4

[SCM] Samba Shared Repository - branch master updated

2011-08-11 Thread Simo Sorce
The branch, master has been updated
   via  ce93b4f tevent: fix documentation for tevent_context_init_byname()
   via  158b208 tevent: Set FD_CLOEXEC on epoll handle
  from  d52343a s3-messaging: Do not register to classes we are not going 
to use.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ce93b4f4645b15e204590633a8047c2bfec13154
Author: Sumit Bose 
Date:   Thu Aug 11 12:39:57 2011 +0200

tevent: fix documentation for tevent_context_init_byname()

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Aug 11 21:56:37 CEST 2011 on sn-devel-104

commit 158b208dfd75c04698f9f9196161322b16a020a2
Author: Sumit Bose 
Date:   Thu Aug 11 12:30:48 2011 +0200

tevent: Set FD_CLOEXEC on epoll handle

If an application using libtevent starts a new process the epoll file 
descriptor
is leaked to the new process if the event context is not freed explicitly. 
By
setting FD_CLOEXEC this is not needed anymore.

Signed-off-by: Simo Sorce 

---

Summary of changes:
 lib/tevent/tevent.h  |4 ++--
 lib/tevent/tevent_epoll.c|   19 +--
 lib/tevent/tevent_standard.c |   17 +
 lib/tevent/tevent_util.c |   17 +
 lib/tevent/tevent_util.h |1 +
 5 files changed, 54 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tevent/tevent.h b/lib/tevent/tevent.h
index 6e3ed76..c38f7c3 100644
--- a/lib/tevent/tevent.h
+++ b/lib/tevent/tevent.h
@@ -111,7 +111,7 @@ typedef void (*tevent_signal_handler_t)(struct 
tevent_context *ev,
 struct tevent_context *tevent_context_init(TALLOC_CTX *mem_ctx);
 
 /**
- * @brief Create a event_context structure and name it.
+ * @brief Create a event_context structure and select a specific backend.
  *
  * This must be the first events call, and all subsequent calls pass this
  * event_context as the first element. Event handlers also receive this as
@@ -119,7 +119,7 @@ struct tevent_context *tevent_context_init(TALLOC_CTX 
*mem_ctx);
  *
  * @param[in]  mem_ctx  The memory context to use.
  *
- * @param[in]  name The name for the tevent context.
+ * @param[in]  name The name of the backend to use.
  *
  * @return  An allocated tevent context, NULL on error.
  */
diff --git a/lib/tevent/tevent_epoll.c b/lib/tevent/tevent_epoll.c
index 3ab8283..33e1d3f 100644
--- a/lib/tevent/tevent_epoll.c
+++ b/lib/tevent/tevent_epoll.c
@@ -78,11 +78,20 @@ static int epoll_ctx_destructor(struct epoll_event_context 
*epoll_ev)
 static int epoll_init_ctx(struct epoll_event_context *epoll_ev)
 {
epoll_ev->epoll_fd = epoll_create(64);
-   epoll_ev->pid = getpid();
-   talloc_set_destructor(epoll_ev, epoll_ctx_destructor);
if (epoll_ev->epoll_fd == -1) {
+   tevent_debug(epoll_ev->ev, TEVENT_DEBUG_FATAL,
+"Failed to create epoll handle.\n");
return -1;
}
+
+   if (!ev_set_close_on_exec(epoll_ev->epoll_fd)) {
+   tevent_debug(epoll_ev->ev, TEVENT_DEBUG_WARNING,
+"Failed to set close-on-exec, file descriptor may 
be leaked to children.\n");
+   }
+
+   epoll_ev->pid = getpid();
+   talloc_set_destructor(epoll_ev, epoll_ctx_destructor);
+
return 0;
 }
 
@@ -108,6 +117,12 @@ static void epoll_check_reopen(struct epoll_event_context 
*epoll_ev)
 "Failed to recreate epoll handle after fork\n");
return;
}
+
+   if (!ev_set_close_on_exec(epoll_ev->epoll_fd)) {
+   tevent_debug(epoll_ev->ev, TEVENT_DEBUG_WARNING,
+"Failed to set close-on-exec, file descriptor may 
be leaked to children.\n");
+   }
+
epoll_ev->pid = getpid();
for (fde=epoll_ev->ev->fd_events;fde;fde=fde->next) {
epoll_add_event(epoll_ev, fde);
diff --git a/lib/tevent/tevent_standard.c b/lib/tevent/tevent_standard.c
index 35f7ded..e2ca44f 100644
--- a/lib/tevent/tevent_standard.c
+++ b/lib/tevent/tevent_standard.c
@@ -100,6 +100,17 @@ static int epoll_ctx_destructor(struct std_event_context 
*std_ev)
 static void epoll_init_ctx(struct std_event_context *std_ev)
 {
std_ev->epoll_fd = epoll_create(64);
+   if (std_ev->epoll_fd == -1) {
+   tevent_debug(std_ev->ev, TEVENT_DEBUG_FATAL,
+"Failed to create epoll handle.\n");
+   return;
+   }
+
+   if (!ev_set_close_on_exec(std_ev->epoll_fd)) {
+   tevent_debug(std_ev->ev, TEVENT_DEBUG_WARNING,
+"Failed to set close-on-exec, file descriptor may 
be leaked to children

[SCM] Samba Shared Repository - branch master updated

2011-07-28 Thread Simo Sorce
The branch, master has been updated
   via  e84c7a2 s3-rpc_server: Use talloc for pipe_rpc_fns
   via  48a7166 s3-rpc_server: remove useless code
   via  262af47 s3-rpc_server: remove unnecessary talloc_free
   via  0a72744 s3-rpc_server: Remove dead code
  from  a97fef3 s3-spoolss: Use existing handle in 
printer_driver_files_in_use().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e84c7a2e26d206f38bcb94d4d1b6c854cdd4094c
Author: Simo Sorce 
Date:   Wed Jul 27 16:40:21 2011 -0400

s3-rpc_server: Use talloc for pipe_rpc_fns

Everything uses talloc in the rpc server nowadays, remove this ancient use 
of
malloc. This also allows us to remove the free fucntion and let talloc 
handle
it properly.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Jul 28 17:41:08 CEST 2011 on sn-devel-104

commit 48a71664f21f50616749b467e6f082b6c20036a1
Author: Simo Sorce 
Date:   Wed Jul 27 16:30:42 2011 -0400

s3-rpc_server: remove useless code

We do not reuse pies_struct so there is no reason to SERO_STRUCT() it when 
we
are freeing it as we are done using it anyways.

commit 262af4713e192ba80327c1e6607ba8f92d3cc7ea
Author: Simo Sorce 
Date:   Wed Jul 27 16:27:17 2011 -0400

s3-rpc_server: remove unnecessary talloc_free

The auth_ctx is a child of pipes_struct, and this function is a used only 
as a
destructor on pipes_struct. So it is not really necessary to free this 
struct
in the destructor as it will be freed soon enough anyway.

commit 0a72744dd247298fe6aff160d77ae50dc97b8c4f
Author: Simo Sorce 
Date:   Wed Jul 27 15:51:17 2011 -0400

s3-rpc_server: Remove dead code

srv_str and cli_str are not used anymore.

---

Summary of changes:
 source3/rpc_server/rpc_handles.c  |   20 
 source3/rpc_server/rpc_ncacn_np.c |7 ---
 source3/rpc_server/rpc_server.c   |   16 
 source3/rpc_server/srv_pipe.c |6 +++---
 4 files changed, 7 insertions(+), 42 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index f9251ee..87145ca 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -107,20 +107,6 @@ bool check_open_pipes(void)
  Close an rpc pipe.
 /
 
-static void free_pipe_rpc_context_internal(struct pipe_rpc_fns *list)
-{
-   struct pipe_rpc_fns *tmp = list;
-   struct pipe_rpc_fns *tmp2;
-
-   while (tmp) {
-   tmp2 = tmp->next;
-   SAFE_FREE(tmp);
-   tmp = tmp2;
-   }
-
-   return;
-}
-
 int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
 {
if (!p) {
@@ -128,17 +114,11 @@ int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
return False;
}
 
-   TALLOC_FREE(p->auth.auth_ctx);
-
/* Free the handles database. */
close_policy_by_pipe(p);
 
-   free_pipe_rpc_context_internal( p->contexts );
-
DLIST_REMOVE(InternalPipes, p);
 
-   ZERO_STRUCTP(p);
-
return 0;
 }
 
diff --git a/source3/rpc_server/rpc_ncacn_np.c 
b/source3/rpc_server/rpc_ncacn_np.c
index 2ed4a01..1080a98 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -80,10 +80,11 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX 
*mem_ctx,
return NULL;
}
 
-   context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
+   context_fns = talloc(p, struct pipe_rpc_fns);
if (context_fns == NULL) {
-   DEBUG(0,("malloc() failed!\n"));
-   return False;
+   DEBUG(0,("talloc() failed!\n"));
+   TALLOC_FREE(p);
+   return NULL;
}
 
context_fns->next = context_fns->prev = NULL;
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 269b701..2e109a5 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -934,8 +934,6 @@ static void dcerpc_ncacn_accept(struct tevent_context 
*ev_ctx,
dcerpc_ncacn_disconnect_fn fn) {
struct dcerpc_ncacn_conn *ncacn_conn;
struct tevent_req *subreq;
-   const char *cli_str;
-   const char *srv_str = NULL;
bool system_user = false;
char *pipe_name;
NTSTATUS status;
@@ -1046,20 +1044,6 @@ static void dcerpc_ncacn_accept(struct tevent_context 
*ev_ctx,
return;
}
 
-   if (tsocket_address_is_inet(ncacn_conn->client, "ip")) {
-   cli_str = ncacn_conn->client_name;
-   } else {
-   cli_str = "";
-   }
-
-   if (ncacn_conn-&

[SCM] Samba Shared Repository - branch master updated

2011-07-21 Thread Simo Sorce
The branch, master has been updated
   via  b19b05c s3-rpc_server: Do not set msg_ctx twice
  from  2b1fc7c s3:winbindd_cm: remove unused checks for address family

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b19b05cd0aa0e3f82c134f8d9d5d486dad60dd5a
Author: Simo Sorce 
Date:   Thu Jul 21 17:10:06 2011 -0400

s3-rpc_server: Do not set msg_ctx twice

msg_ctx was already passed to make_base_pipes_struct,
no need to set it again.

Autobuild-User: Simo Sorce 
Autobuild-Date: Fri Jul 22 00:47:28 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/rpc_server/rpc_server.c |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 2a0f675..269b701 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -74,7 +74,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
*perrno = ret;
return -1;
}
-   p->msg_ctx = msg_ctx;
 
if (session_info->unix_token && session_info->unix_info && 
session_info->security_token) {
/* Don't call create_local_token(), we already have the full 
details here */


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-06-11 Thread Simo Sorce
The branch, master has been updated
   via  d566146 s3-passdb: Implement new pdb trust calls for the default 
backend
  from  97af358 s4:libcli/raw/raw*.c - add unhandled enum values

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d5661467e17cc233fe8605e8138991b4a459e78f
Author: Sumit Bose 
Date:   Tue May 31 15:32:29 2011 +0200

s3-passdb: Implement new pdb trust calls for the default backend

Signed-off-by: Simo Sorce 

Autobuild-User: Simo Sorce 
Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/Makefile.in|   15 --
 source3/passdb/pdb_interface.c |  104 +++-
 source3/torture/pdbtest.c  |   83 
 3 files changed, 194 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index a06c8c7..3ef7541 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1037,6 +1037,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) 
$(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+   $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) ../lib/util/asn1.o
 
 SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@@ -1320,6 +1321,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o 
pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o 
../lib/util/asn1.o
 PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) 
$(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
+   $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
 
 IDMAP_RW_OBJ = winbindd/idmap_rw.o
@@ -1502,6 +1504,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) 
$(POPT_LIB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+   $(DRSUAPI_OBJ) \
$(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
 
 
@@ -1871,11 +1874,11 @@ bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS) 
$(SMBPASSWD_OBJ) @BUILD_POPT@ $(LIBTALL
$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) 
$(ZLIB_LIBS)
 
-bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ 
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ 
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
-   $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
+   $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
 
 bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ $(LIBTALLOC) 
$(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@@ -3115,17 +3118,17 @@ bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) 
@BUILD_POPT@ $(LIBTALLOC) $(
$(LIBWBCLIENT_LIBS)
 
 bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
-   $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+   $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) 
$(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
-   $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
+   $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) $(ZLIB_LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) 
@INIPARSERLIBS@
 
-bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) 
$(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
+bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) 
$(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) $(ZLIB_LIBS)
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) 
-lpam $(DYNEXP) \
-   $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+   $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
 
 bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC) 
$(LIBTDB)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b3d62bc..94ed355 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -25,6 +25,8 @@
 #include "passdb.h"
 #include &

Re: talloc dep for talloc.h

2011-05-20 Thread simo
On Tue, 2011-01-04 at 11:30 +0100, Jelmer Vernooij wrote:
> On Tue, 2011-01-04 at 21:27 +1100, Andrew Bartlett wrote:
> > On Tue, 2011-01-04 at 09:55 +0100, Jelmer Vernooij wrote:
> > > On Tue, 2011-01-04 at 05:40 +0100, Andrew Bartlett wrote:
> > > > commit 640028d158583825ea5ffd1266f099cf8776db5d
> > > > Author: Andrew Bartlett 
> > > > Date:   Tue Jan 4 14:41:38 2011 +1100
> > > > 
> > > > nsswitch Add talloc depencency for nsstest
> > > > 
> > > > nsstest does not use talloc, but it includes talloc.h via 
> > > > includes.h,
> > > > and so without this it cannot find the right internal header.
> > > > 
> > > > This wasn't noticed before, as most linux developer boxes have a 
> > > > talloc.h.
> > > > 
> > > > The issue was reported by Adam Tauno Williams  > > > whitemice.org>
> > > I'm a bit puzzled by this, as e.g. sn doesn't have talloc.h installed
> > > either and neither have most of the build farm hosts. Perhaps it happens
> > > if talloc.h is installed but not in /usr/include ?
> > 
> > That is odd, but I reproduced it locally, by removing libtalloc-devel
> > from my Fedora 12 laptop.  I've tested it before and after this commit
> > (including a waf configure).
> That is odd indeed. Is talloc.pc perhaps part of the the libtalloc
> package on RedHat instead of libtalloc-devel ?

talloc.pc is in libtalloc-devel in fedora and in RHEL.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch v3-6-test updated

2011-05-13 Thread Simo Sorce
The branch, v3-6-test has been updated
   via  f07f3d5 Fix 3.6 headers
   via  ad8415c s3-gse: Use gss_get_name_attribute to fetch the pac
  from  3db7254 WHATSNEW: Start 3.6.0rc1 release notes.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit f07f3d5d11b57321dc0616b88afc78199a59e2d8
Author: Simo Sorce 
Date:   Fri May 13 16:36:42 2011 -0400

Fix 3.6 headers

commit ad8415cb8a7bbd1f653eecce1aa2b88242bcc9e5
Author: Simo Sorce 
Date:   Mon May 9 11:33:41 2011 -0400

s3-gse: Use gss_get_name_attribute to fetch the pac

This is the only way to be sure the pac signatures are correct.
It requires a fairly new version of MIT Kerberos, but that should be fine, 
it
is new functionality in 3.6 anyways.

---

Summary of changes:
 source3/configure.in|1 +
 source3/include/proto.h |   28 +-
 source3/lib/netapi/netapi_private.h |2 +
 source3/librpc/crypto/gse.c |   74 +++
 source3/librpc/crypto/gse.h |3 +-
 source3/librpc/rpc/dcerpc_ep.c  |1 +
 source3/rpc_client/cli_winreg_int.h |1 +
 source3/rpc_server/dcesrv_gssapi.c  |   42 +---
 source3/rpc_server/rpc_ncacn_np.h   |2 +
 source3/smbd/lanman.c   |1 +
 10 files changed, 61 insertions(+), 94 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index d8c59b6..72568d8 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3860,6 +3860,7 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_get_credentials_for_user, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_get_host_realm, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
 
   # MIT krb5 1.8 does not expose this call (yet)
   AC_CHECK_DECLS(krb5_get_credentials_for_user, [], [], [#include ])
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5f0e878..6c76029 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2667,33 +2667,6 @@ const struct ndr_interface_table *get_iface_from_syntax(
 const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
  const struct ndr_syntax_id *syntax);
 
-/* The following definitions come from rpc_server/rpc_ncacn_np.c  */
-struct auth_serversupplied_info;
-struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
- const struct ndr_syntax_id 
*syntax,
- struct client_address *client_id,
- const struct 
auth_serversupplied_info *session_info,
- struct messaging_context 
*msg_ctx);
-struct dcerpc_binding_handle;
-NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
-  const struct ndr_interface_table *ndr_table,
-  struct client_address *client_id,
-  const struct auth_serversupplied_info 
*session_info,
-  struct messaging_context *msg_ctx,
-  struct dcerpc_binding_handle **binding_handle);
-NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
-   const struct ndr_syntax_id *abstract_syntax,
-   const struct auth_serversupplied_info 
*serversupplied_info,
-   struct client_address *client_id,
-   struct messaging_context *msg_ctx,
-   struct rpc_pipe_client **presult);
-NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
-const struct ndr_syntax_id *syntax,
-const struct auth_serversupplied_info 
*session_info,
-struct client_address *client_id,
-struct messaging_context *msg_ctx,
-struct rpc_pipe_client **cli_pipe);
-
 /* The following definitions come from rpc_client/cli_pipe_schannel.c  */
 
 NTSTATUS get_schannel_session_key(struct cli_state *cli,
@@ -2703,6 +2676,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
 
 /* The following definitions come from rpc_server/rpc_handles.c  */
 
+struct pipes_struct;
 size_t num_pipe_handles(struct pipes_struct *p);
 bool init_pipe_handles(struct pipes_struct *p, const struct ndr_syntax_id 
*syntax);
 bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, void 
*data_ptr);
diff --git a/source3/lib/netapi/netapi_private.h 
b/source3/lib/netapi/netapi_private.h
index 7559c61..349287b 100644
--- a/source3/lib/netapi/netapi_pri

Re: [SCM] Samba Shared Repository - branch master updated

2011-05-07 Thread simo
On Sat, 2011-05-07 at 02:21 +0200, Jeremy Allison wrote:
> The branch, master has been updated
>via  ac25835 Fix Samba3 on OpenIndiana.
>   from  f7b3909 A couple more off-by-one calculations with strlcpy.
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -
> commit ac25835ab7b76226bd59fec9ffef46d5c5817d54
> Author: Gordon Ross 
> Date:   Fri May 6 16:00:08 2011 -0700
> 
> Fix Samba3 on OpenIndiana.
> 
> I'd like Samba to use the native OpenLDAP and MIT Kerberos libs.
> Attached are some patches to do that. (relative to git master)
> It does not build for me without these.
> 
> (OpenIndiana is an off-shoot of OpenSolaris  See 
> http://www.openindiana.org)
> 
> Autobuild-User: Jeremy Allison 
> Autobuild-Date: Sat May  7 02:20:14 CEST 2011 on sn-devel-104
> 
> ---
> 
> Summary of changes:
>  auth/kerberos/gssapi_pac.c|   24 
>  lib/replace/system/kerberos.h |4 +++-
>  source3/configure.in  |   26 +-
>  source3/wscript   |2 +-
>  4 files changed, 49 insertions(+), 7 deletions(-)
> 
> 
> Changeset truncated at 500 lines:
> 
> diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
> index d89a649..e115cfe 100644
> --- a/auth/kerberos/gssapi_pac.c
> +++ b/auth/kerberos/gssapi_pac.c
> @@ -23,6 +23,30 @@
>  
>  #include "libcli/auth/krb5_wrap.h"
>  
> +#if 0
> +/* FIXME - need proper configure/waf test
> + * to determine if gss_mech_krb5 and friends
> + * exist. JRA.
> + */
> +/*
> + * These are not exported by Solaris -lkrb5
> + * Maybe move to libreplace somewhere?
> + */
> +static const gss_OID_desc krb5_gss_oid_array[] = {
> + /* this is the official, rfc-specified OID */
> + { 9, "\052\206\110\206\367\022\001\002\002" },
> + /* this is the pre-RFC mech OID */
> + { 5, "\053\005\001\005\002" },
> + /* this is the unofficial, incorrect mech OID emitted by MS */
> + { 9, "\052\206\110\202\367\022\001\002\002" },
> + { 0, 0 }
> +};

Jeremy something looks wrong here.
The comments seem to imply the MS and the official OID should be
different, (the MS being wrong), yet I see non difference between them.


Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2011-04-19 Thread Simo Sorce
The branch, master has been updated
   via  1804d9a tdb_backup: avoid transaction on backup file, use lockall
  from  9bf3dc3 Fix Bug #8099 setpwent() actually does endpwent() and vice 
versa on FreeBSD

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1804d9a64662d37f6c7c50bdd7b8edd80f42192b
Author: Simo Sorce 
Date:   Sat Apr 9 22:21:35 2011 -0400

tdb_backup: avoid transaction on backup file, use lockall

Transactions have the side effect of generating bigger files.
By removing the transaction files get as much as 30% smaller.

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Apr 19 23:34:37 CEST 2011 on sn-devel-104

---

Summary of changes:
 lib/tdb/tools/tdbbackup.c |   21 +
 1 files changed, 13 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tdb/tools/tdbbackup.c b/lib/tdb/tools/tdbbackup.c
index 6aca8dd..11ecaa0 100644
--- a/lib/tdb/tools/tdbbackup.c
+++ b/lib/tdb/tools/tdbbackup.c
@@ -152,8 +152,9 @@ static int backup_tdb(const char *old_name, const char 
*new_name, int hash_size)
return 1;
}
 
-   if (tdb_transaction_start(tdb_new) != 0) {
-   printf("Failed to start transaction on new tdb\n");
+   /* lock the backup tdb so that nobody else can change it */
+   if (tdb_lockall(tdb_new) != 0) {
+   printf("Failed to lock backup tdb\n");
tdb_close(tdb);
tdb_close(tdb_new);
unlink(tmp_name);
@@ -177,12 +178,16 @@ static int backup_tdb(const char *old_name, const char 
*new_name, int hash_size)
/* close the old tdb */
tdb_close(tdb);
 
-   if (tdb_transaction_commit(tdb_new) != 0) {
-   fprintf(stderr, "Failed to commit new tdb\n");
-   tdb_close(tdb_new);
-   unlink(tmp_name);
-   free(tmp_name); 
-   return 1;
+   /* copy done, unlock the backup tdb */
+   tdb_unlockall(tdb_new);
+
+#ifdef HAVE_FDATASYNC
+   if (fdatasync(tdb_fd(tdb_new)) != 0) {
+#else
+   if (fsync(tdb_fd(tdb_new)) != 0) {
+#endif
+   /* not fatal */
+   fprintf(stderr, "failed to fsync backup file\n");
}
 
/* close the new tdb and re-open read-only */


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch v3-6-test updated

2011-03-24 Thread Simo Sorce
The branch, v3-6-test has been updated
   via  17fe342 s3-epmapper: fix vars init and return errors
   via  8a8f4df librpc: Return an error if we a broken floor.
   via  e41b818 cleanup: fix some trailing spaces
   via  7ae0d64 s3-epmapper: Fix allocation of data on the wrong context
   via  409e67e s3-epmapper: Make sure we work on a description duplicate.
   via  bdd17bb librpc: Added a dcerpc_binding_dup() function.
   via  5f47e57 s3-epmapper: Refactor the cleanup of endpoints.
   via  824f65c s3-epmapper: Use strcmp instead of strequal and check IPv6.
  from  2896698 s3: Fix some errno assignments in SMBC_opendir_ctx

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 17fe34287e582f804cc139a6164563699877d440
Author: Simo Sorce 
Date:   Thu Mar 24 11:49:27 2011 -0400

s3-epmapper: fix vars init and return errors

Properly initialize variables at each cycle.
Convert to the right error when returning EPMAPPER ones.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Mar 24 20:43:49 CET 2011 on sn-devel-104

commit 8a8f4dfe617d4d9625e3788c33f788e140e37f06
Author: Andreas Schneider 
Date:   Thu Mar 24 13:45:32 2011 +0100

librpc: Return an error if we a broken floor.

Pair-Programmed-With: Simo Sorce 

commit e41b8186557bef3b2205fa998be514d7c9f61f1f
Author: Simo Sorce 
Date:   Thu Mar 24 09:21:11 2011 -0400

cleanup: fix some trailing spaces

commit 7ae0d6404ed4a02702be139329939b2d7f0c9c5d
Author: Simo Sorce 
Date:   Thu Mar 24 08:23:48 2011 -0400

s3-epmapper: Fix allocation of data on the wrong context

p->mem_ctx is the short-lived per request context, while this data is long
lived, allocate on p instead.

commit 409e67e780ad8b90d7d7a1a11f8c920e9a86381b
Author: Andreas Schneider 
Date:   Thu Mar 24 14:39:56 2011 +0100

s3-epmapper: Make sure we work on a description duplicate.

commit bdd17bb4b2785988f8f546ef60b54d655712a946
Author: Andreas Schneider 
Date:   Thu Mar 24 14:39:37 2011 +0100

librpc: Added a dcerpc_binding_dup() function.

commit 5f47e5763459fa2582a609074b448201854b4fa7
Author: Andreas Schneider 
Date:   Thu Mar 24 13:07:54 2011 +0100

s3-epmapper: Refactor the cleanup of endpoints.

commit 824f65c5e3dede8a2f29fe3bb92f89c03f3d4070
Author: Andreas Schneider 
Date:   Thu Mar 24 13:07:05 2011 +0100

s3-epmapper: Use strcmp instead of strequal and check IPv6.

---

Summary of changes:
 librpc/rpc/binding.c   |  101 +--
 librpc/rpc/rpc_common.h|2 +
 source3/rpc_server/epmapper/srv_epmapper.c |   62 ++---
 3 files changed, 132 insertions(+), 33 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 2a0295b..422537e 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -646,13 +646,22 @@ _PUBLIC_ const char 
*derpc_transport_string_by_transport(enum dcerpc_transport_t
return NULL;
 }
 
-_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx, 
-  struct epm_tower *tower, 
-  struct dcerpc_binding **b_out)
+_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
+   struct epm_tower *tower,
+   struct dcerpc_binding **b_out)
 {
NTSTATUS status;
struct dcerpc_binding *binding;
 
+   /*
+* A tower needs to have at least 4 floors to carry useful
+* information. Floor 3 is the transport identifier which defines
+* how many floors are required at least.
+*/
+   if (tower->num_floors < 4) {
+   return NT_STATUS_INVALID_PARAMETER;
+   }
+
binding = talloc_zero(mem_ctx, struct dcerpc_binding);
NT_STATUS_HAVE_NO_MEMORY(binding);
 
@@ -669,15 +678,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX 
*mem_ctx,
return NT_STATUS_NOT_SUPPORTED;
}
 
-   if (tower->num_floors < 1) {
-   return NT_STATUS_OK;
-   }
-
/* Set object uuid */
status = dcerpc_floor_get_lhs_data(&tower->floors[0], &binding->object);
 
if (!NT_STATUS_IS_OK(status)) {
-   DEBUG(1, ("Error pulling object uuid and version: %s", 
nt_errstr(status))); 
+   DEBUG(1, ("Error pulling object uuid and version: %s", 
nt_errstr(status)));
return status;
}
 
@@ -702,6 +707,86 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX 
*mem_ctx,
return NT_STATUS_OK;
 }
 
+_PUBLIC_ struct dcerpc_binding *dcerpc_binding_dup(TALLOC_CTX *mem_ctx,
+  const struct dce

[SCM] Samba Shared Repository - branch master updated

2011-03-24 Thread Simo Sorce
The branch, master has been updated
   via  72bd60b s3-epmapper: fix vars init and return errors
   via  edc2600 librpc: Return an error if we a broken floor.
   via  95daebe cleanup: fix some trailing spaces
   via  dbe957e s3-epmapper: Fix allocation of data on the wrong context
   via  5ebf007 s3-epmapper: Make sure we work on a description duplicate.
   via  f534dcd librpc: Added a dcerpc_binding_dup() function.
   via  e8912b9 s3-epmapper: Refactor the cleanup of endpoints.
   via  fd89e29 s3-epmapper: Use strcmp instead of strequal and check IPv6.
   via  bf1e330 s3-epmapper: Increase debug levels.
  from  155c4fb s3: Fix some errno assignments in SMBC_opendir_ctx

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 72bd60b2fee20dc85c1cc88d5d4e2efdfb74b701
Author: Simo Sorce 
Date:   Thu Mar 24 11:49:27 2011 -0400

s3-epmapper: fix vars init and return errors

Properly initialize variables at each cycle.
Convert to the right error when returning EPMAPPER ones.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Mar 24 20:43:49 CET 2011 on sn-devel-104

commit edc26007bf50ce165b8f8dfba5e1c7f86f6918e6
Author: Andreas Schneider 
Date:   Thu Mar 24 13:45:32 2011 +0100

librpc: Return an error if we a broken floor.

Pair-Programmed-With: Simo Sorce 

commit 95daebe1c339cefe87bcb5d4e2afc79a45af3b62
Author: Simo Sorce 
Date:   Thu Mar 24 09:21:11 2011 -0400

cleanup: fix some trailing spaces

commit dbe957e48fec13aec39b7c2675cd4b7cde55d9d0
Author: Simo Sorce 
Date:   Thu Mar 24 08:23:48 2011 -0400

s3-epmapper: Fix allocation of data on the wrong context

p->mem_ctx is the short-lived per request context, while this data is long
lived, allocate on p instead.

commit 5ebf0072336ece5acf120bcdeb6612445fa059f1
Author: Andreas Schneider 
Date:   Thu Mar 24 14:39:56 2011 +0100

s3-epmapper: Make sure we work on a description duplicate.

commit f534dcdca3184a342df2d702663088a4afba6571
Author: Andreas Schneider 
Date:   Thu Mar 24 14:39:37 2011 +0100

librpc: Added a dcerpc_binding_dup() function.

commit e8912b9ad31154adca4d2065b2986661a956a959
Author: Andreas Schneider 
Date:   Thu Mar 24 13:07:54 2011 +0100

s3-epmapper: Refactor the cleanup of endpoints.

commit fd89e29e7ee5065b6f4349e391c90c5f81e7c476
Author: Andreas Schneider 
Date:   Thu Mar 24 13:07:05 2011 +0100

s3-epmapper: Use strcmp instead of strequal and check IPv6.

commit bf1e330f69951400f12ecb17c82adadd1e901a58
Author: Andreas Schneider 
Date:   Thu Mar 24 10:44:14 2011 +0100

s3-epmapper: Increase debug levels.

---

Summary of changes:
 librpc/rpc/binding.c   |  101 +--
 librpc/rpc/rpc_common.h|2 +
 source3/rpc_server/epmapper/srv_epmapper.c |   78 -
 3 files changed, 140 insertions(+), 41 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 2a0295b..422537e 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -646,13 +646,22 @@ _PUBLIC_ const char 
*derpc_transport_string_by_transport(enum dcerpc_transport_t
return NULL;
 }
 
-_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx, 
-  struct epm_tower *tower, 
-  struct dcerpc_binding **b_out)
+_PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
+   struct epm_tower *tower,
+   struct dcerpc_binding **b_out)
 {
NTSTATUS status;
struct dcerpc_binding *binding;
 
+   /*
+* A tower needs to have at least 4 floors to carry useful
+* information. Floor 3 is the transport identifier which defines
+* how many floors are required at least.
+*/
+   if (tower->num_floors < 4) {
+   return NT_STATUS_INVALID_PARAMETER;
+   }
+
binding = talloc_zero(mem_ctx, struct dcerpc_binding);
NT_STATUS_HAVE_NO_MEMORY(binding);
 
@@ -669,15 +678,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX 
*mem_ctx,
return NT_STATUS_NOT_SUPPORTED;
}
 
-   if (tower->num_floors < 1) {
-   return NT_STATUS_OK;
-   }
-
/* Set object uuid */
status = dcerpc_floor_get_lhs_data(&tower->floors[0], &binding->object);
 
if (!NT_STATUS_IS_OK(status)) {
-   DEBUG(1, ("Error pulling object uuid and version: %s", 
nt_errstr(status))); 
+   DEBUG(1, ("Error pulling object uuid and version: %s", 
nt_errstr(status)));
return status;
}
 
@@ -702,6 +707,86 @@ _PUBLIC_ NTSTATUS dcerpc_bindin

[SCM] Samba Shared Repository - branch master updated

2011-03-23 Thread Simo Sorce
The branch, master has been updated
   via  7f1fd07 s3-epmapper: Log error if we can't register the endpoint.
   via  b38517b s3-epmapper: Setup epm in smbd to forward np requests.
   via  73e985f s3-epmapper: Remove unregister on shutdown.
   via  da1a18c s3-epmd: Cleanup endpoints on service pipe disconnect.
   via  0d97741 s3-epmapper: Added function to delete endpoint entries.
   via  e69d922 s3-rpc_server: Added disconnect callback function.
   via  044eabe s3-rpc_server: Rename req to subreq.
   via  73faa82 s3-rpc_server: Implement an endpoint monitor loop.
   via  b2bdc20 s3-rpc_server: Added a memory context to the ep regsiter 
state.
   via  81a2046 s3-librpc: Leave the epm registration connection open.
   via  d6a1469 s3-epmd: Cleanup endpoint mapper correctly.
   via  de77524 s3-epmapper: Shutdown the embedded epmapper cleanly.
   via  661ac49 s3-epmapper: Added a cleanup function.
   via  da718a5 s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc.
   via  3766f3e s3-rpc_server: Rename system_user to ncalrpc_as_system.
  from  177df3c s3: Fix a shadowed declaration warning

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7f1fd07fbe99fc167eb529d482b084142c39ea8a
Author: Andreas Schneider 
Date:   Mon Mar 21 16:14:19 2011 +0100

s3-epmapper: Log error if we can't register the endpoint.

Autobuild-User: Simo Sorce 
Autobuild-Date: Wed Mar 23 18:06:54 CET 2011 on sn-devel-104

commit b38517bbdc746fe53e0bd804623b2ea7b0e98cbc
Author: Andreas Schneider 
Date:   Thu Mar 17 17:56:37 2011 +0100

s3-epmapper: Setup epm in smbd to forward np requests.

commit 73e985fe4b1b4c3e879f4d7fe7bc2f98851aee6e
Author: Andreas Schneider 
Date:   Thu Mar 17 16:59:10 2011 +0100

s3-epmapper: Remove unregister on shutdown.

This is done automatically now.

commit da1a18cd032760c33cf4573124c5b88507b84425
Author: Andreas Schneider 
Date:   Thu Mar 17 11:14:12 2011 +0100

s3-epmd: Cleanup endpoints on service pipe disconnect.

commit 0d97741b9b825350e3e04b5dc49b4e039bd744dc
Author: Andreas Schneider 
Date:   Wed Mar 16 13:42:26 2011 +0100

s3-epmapper: Added function to delete endpoint entries.

commit e69d92236744bb06d60faa4f21f3cd748ec5629d
Author: Andreas Schneider 
Date:   Mon Mar 14 12:29:49 2011 +0100

s3-rpc_server: Added disconnect callback function.

commit 044eabe425f9ae6e2fcea5ec1481b33c35b173f7
Author: Andreas Schneider 
Date:   Thu Mar 10 13:02:31 2011 +0100

s3-rpc_server: Rename req to subreq.

commit 73faa82bf9ebebdff9662e60715e9fd4f1614b9f
Author: Andreas Schneider 
Date:   Thu Mar 10 10:17:51 2011 +0100

s3-rpc_server: Implement an endpoint monitor loop.

commit b2bdc20f65f0d5fda5b9fdb9dc6222e2f219bbea
Author: Andreas Schneider 
Date:   Wed Mar 9 10:38:00 2011 +0100

s3-rpc_server: Added a memory context to the ep regsiter state.

commit 81a2046879299a051e69fd4d78b3a8e49b690f1b
Author: Andreas Schneider 
Date:   Wed Mar 9 10:17:06 2011 +0100

s3-librpc: Leave the epm registration connection open.

commit d6a1469f4350fa24204e11bb9aee0e33f8d21c34
Author: Andreas Schneider 
Date:   Mon Mar 14 14:50:09 2011 +0100

s3-epmd: Cleanup endpoint mapper correctly.

commit de775244a97b011fa34e52987a76ff81a5d36fb0
Author: Andreas Schneider 
Date:   Mon Mar 14 17:14:19 2011 +0100

s3-epmapper: Shutdown the embedded epmapper cleanly.

commit 661ac49794a0594003463e1cf3ae1bf806f24213
Author: Andreas Schneider 
Date:   Mon Mar 14 14:49:51 2011 +0100

s3-epmapper: Added a cleanup function.

commit da718a5961c3404435f9bc64bebabb71b53455eb
Author: Andreas Schneider 
Date:   Mon Mar 21 09:29:14 2011 +0100

s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc.

commit 3766f3ec0e495277c79df8eb8918cb739bc14358
Author: Andreas Schneider 
Date:   Mon Mar 14 10:47:41 2011 +0100

s3-rpc_server: Rename system_user to ncalrpc_as_system.

---

Summary of changes:
 source3/include/ntdomain.h |5 +-
 source3/librpc/rpc/dcerpc_ep.c |   50 ++-
 source3/librpc/rpc/dcerpc_ep.h |   18 +-
 source3/rpc_client/cli_pipe.c  |2 +-
 source3/rpc_server/epmapper/srv_epmapper.c |   65 +++
 .../rpc_server/epmapper/srv_epmapper.h |   27 +-
 source3/rpc_server/epmd.c  |   19 +-
 source3/rpc_server/rpc_ep_setup.c  |  549 
 source3/rpc_server/rpc_server.c|   30 +-
 source3/rpc_server/rpc_server.h|5 +-
 source3/rpc_server/srv_pipe.c  |5 +-
 11 files changed, 386 insertions(+), 389 deletions(-)
 copy lib/replace/socket.c => source3/rpc_server/epmapper/srv_epmapper.h (64%)


Changeset truncated at 500

[SCM] Samba Shared Repository - branch master updated

2011-03-17 Thread Simo Sorce
The branch, master has been updated
   via  5d55ae0 lib-util: put data_blob back in the public library
  from  1413af9 s3-waf: add --with-pam_smbpass configure option.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5d55ae0a2907b5ead5fb7d131aa00788d806ed9a
Author: Simo Sorce 
Date:   Thu Mar 17 09:02:57 2011 -0400

lib-util: put data_blob back in the public library

data_blob is defined ina public header, so it needs to be exposed in the 
public
library.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Mar 17 15:39:08 CET 2011 on sn-devel-104

---

Summary of changes:
 lib/util/wscript_build |4 ++--
 source3/wscript_build  |2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 lib/util/wscript_build
 mode change 100644 => 100755 source3/wscript_build


Changeset truncated at 500 lines:

diff --git a/lib/util/wscript_build b/lib/util/wscript_build
old mode 100644
new mode 100755
index e8883a3..7c18075
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -6,7 +6,7 @@ bld.SAMBA_LIBRARY('samba-util-common',
   source='''talloc_stack.c smb_threads.c xfile.c
   util_file.c time.c rbtree.c rfc1738.c select.c
   genrand.c fsusage.c blocking.c become_daemon.c
-  data_blob.c signal.c system.c params.c util.c util_id.c 
util_net.c
+  signal.c system.c params.c util.c util_id.c util_net.c
   util_strlist.c idtree.c debug.c''',
   public_deps='talloc pthread LIBCRYPTO',
   # until we get all the dependencies in this library in common
@@ -20,7 +20,7 @@ bld.SAMBA_LIBRARY('samba-util-common',
 
 if bld.env._SAMBA_BUILD_ == 4:
 bld.SAMBA_LIBRARY('samba-util',
-  source='''dprintf.c fault.c
+  source='''dprintf.c fault.c data_blob.c
   ms_fnmatch.c parmlist.c substitute.c util_str.c
   ''',
   deps='samba-util-common',
diff --git a/source3/wscript_build b/source3/wscript_build
old mode 100644
new mode 100755
index 3f7e3b6..dbfb465
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -962,7 +962,7 @@ bld.SAMBA3_SUBSYSTEM('CHARSET3',
 deps='DYNCONFIG')
 
 bld.SAMBA3_SUBSYSTEM('samba-util3',
-source='',
+source='../lib/util/data_blob.c',
 deps='talloc CHARSET3 samba-util-common')
 
 bld.SAMBA3_SUBSYSTEM('ldb3',


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-03-16 Thread Simo Sorce
The branch, master has been updated
   via  2a608ba dcerpc: we do not need these as public headers
  from  ab37eae s3: Fix Coverity ID 2231, REVERSE_INULL

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2a608ba856a4f28c13f295ac554e46168f3f045c
Author: Simo Sorce 
Date:   Wed Mar 16 15:32:53 2011 -0400

dcerpc: we do not need these as public headers

latest openchange doesn't need these headers either
fix _PRINTF_ATTRIBUTE in tdr.h, as it was failing to work after removing
proto.h due to side effects. PRINTF_ATTRIBUTE is ok and is define in 
talloc.h
which is included by tdr.h

Autobuild-User: Simo Sorce 
Autobuild-Date: Wed Mar 16 23:45:20 CET 2011 on sn-devel-104

---

Summary of changes:
 lib/tdr/tdr.h|2 +-
 source4/rpc_server/wscript_build |2 --
 2 files changed, 1 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 source4/rpc_server/wscript_build


Changeset truncated at 500 lines:

diff --git a/lib/tdr/tdr.h b/lib/tdr/tdr.h
index cd4785e..fa0a4d7 100644
--- a/lib/tdr/tdr.h
+++ b/lib/tdr/tdr.h
@@ -95,6 +95,6 @@ struct tdr_push *tdr_push_init(TALLOC_CTX *mem_ctx);
 struct tdr_pull *tdr_pull_init(TALLOC_CTX *mem_ctx);
 
 NTSTATUS tdr_push_to_fd(int fd, tdr_push_fn_t push_fn, const void *p);
-void tdr_print_debug_helper(struct tdr_print *tdr, const char *format, ...) 
_PRINTF_ATTRIBUTE(2,3);
+void tdr_print_debug_helper(struct tdr_print *tdr, const char *format, ...) 
PRINTF_ATTRIBUTE(2,3);
 
 #endif /* __TDR_H__ */
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
old mode 100644
new mode 100755
index a1d1fc5..f1d3c0d
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -9,8 +9,6 @@ bld.SAMBA_SUBSYSTEM('DCERPC_SHARE',
 bld.SAMBA_SUBSYSTEM('DCERPC_COMMON',
source='common/forward.c common/reply.c dcesrv_auth.c',
autoproto='common/proto.h',
-   public_headers='common/common.h common/proto.h',
-   header_path='dcerpc_server',
deps='ldb DCERPC_SHARE samba_server_gensec'
)
 


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-03-14 Thread Simo Sorce
The branch, master has been updated
   via  a57c2b0 Fix public header not to include private (not installed) 
ones.
  from  72c1fe0 librpc/rpc: move DCERPC_ flags to rpc_common.h

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a57c2b02f13569bce8e485c39924bce980a61403
Author: Simo Sorce 
Date:   Mon Mar 14 11:01:47 2011 -0400

Fix public header not to include private (not installed) ones.

Autobuild-User: Simo Sorce 
Autobuild-Date: Mon Mar 14 17:01:20 CET 2011 on sn-devel-104

---

Summary of changes:
 source4/auth/auth.h|1 +
 source4/auth/session.h |2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 0e0aa01..9eb3e7d 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -158,6 +158,7 @@ struct auth_critical_sizes {
 
 #include "auth/session.h"
 #include "auth/system_session_proto.h"
+#include "libcli/security/security.h"
 
 struct ldb_message;
 struct ldb_context;
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 8ab6288..97a8aba 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -21,7 +21,7 @@
 #ifndef _SAMBA_AUTH_SESSION_H
 #define _SAMBA_AUTH_SESSION_H
 
-#include "libcli/security/security.h"
+#include "librpc/gen_ndr/security.h"
 #include "librpc/gen_ndr/netlogon.h"
 #include "librpc/gen_ndr/auth.h"
 


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2011-03-09 Thread simo
On Wed, 2011-03-09 at 09:04 +0100, Andrew Bartlett wrote:
> The branch, master has been updated
>via  9728b5a librpc/ndr use hyper for uid_t/gid_t rather than udlong
>   from  c4b52fb s3: Use talloc_tos() in idmap_nss_sids_to_unixids
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -
> commit 9728b5a0d5a5c09615a09a97bf217bcacb773579
> Author: Andrew Bartlett 
> Date:   Wed Mar 2 19:06:15 2011 +1100
> 
> librpc/ndr use hyper for uid_t/gid_t rather than udlong
> 
> This has 8 byte alignment, which is what was specified in pidl for
> these types.

I am puzzled, uid_t and gid_t are 32 bit quantitiers on all platforms I
know, do you know of platforms that use 64 bit uid/gid types ?

If not, why do you use a 64 bit type for them ?

Also uid_t and gid_t are signed in many platforms while here you seem to
be casting to uint64_t, and that doesn't look right to me.

Care to comment ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



Re: [SCM] Samba Shared Repository - branch master updated

2011-03-01 Thread simo
On Tue, 2011-03-01 at 07:35 +0100, Volker Lendecke wrote:
> On Tue, Mar 01, 2011 at 04:33:01AM +0100, Andrew Bartlett wrote:
> > The branch, master has been updated
> >via  5f5ca91 lib/util: new merged debug system
> >via  4acef31 lib/util move debug.[ch] out of the way
> >   from  b1f68b6 s4-libnet_vampire: Ignore some attributes when building 
> > working schema cache
> > 
> > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > 
> > 
> > - Log -
> > commit 5f5ca913b7abfcf95782339fac2dc8c1541b1126
> > Author: Andrew Bartlett 
> > Date:   Thu Feb 24 16:14:03 2011 +1100
> > 
> > lib/util: new merged debug system
> > 
> > This is the s3 debug system, with a number of changes to tidy it up
> > for common use.  The debug class system is simplified by the removal of 
> > the
> > ISSET table, the system no longer attempts to cope with assignment of
> > DEBUGLEVEL, and the full class table is always available (rather than
> > just DEBUGLEVEL_CLASS[DBCG_ALL]) from startup.  It is also no longer
> > confusingly described as a hack, but as the initial table.
> 
> The way git diff / git whatchanged works makes it more
> difficult than necessary to compare the actual code changes
> if you make changes and move the files at the same time.
> Next time, can you please split those two changes into two
> commits?

Volker,

If you want to see this patch in a slightly better form you can use a
command like this:
git showh -M -C --patience 5f5ca913b7abfcf95782339fac2dc8c1541b1126

With this one git is told to detect the rename and does show only the
differences.

you can use the same arguments for generating better patches when you
want to send them around for review, like this:
 git format-patch -M -C --patience --full-index -1
5f5ca913b7abfcf95782339fac2dc8c1541b1126

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2011-02-23 Thread Simo Sorce
The branch, master has been updated
   via  63af546 Fix broken build with make dist tarballs
  from  0516112 s3:libsmb only log a dead connection if it was not closed

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 63af5468a58436121a3b3cc658e9dd672238d8cf
Author: Simo Sorce 
Date:   Wed Feb 23 15:09:48 2011 -0500

Fix broken build with make dist tarballs

Autobuild-User: Simo Sorce 
Autobuild-Date: Wed Feb 23 22:02:06 CET 2011 on sn-devel-104

---

Summary of changes:
 wscript |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
 mode change 100644 => 100755 wscript


Changeset truncated at 500 lines:

diff --git a/wscript b/wscript
old mode 100644
new mode 100755
index b2e6f2a..0dd8c90
--- a/wscript
+++ b/wscript
@@ -21,7 +21,7 @@ samba_dist.DIST_DIRS('.')
 #samba-4.0.0 branded tarball (until the merge is complete) and the
 #core elements of the autotools build system (which is known to
 #produce buggy binaries).
-samba_dist.DIST_BLACKLIST('README Manifest Read-Manifest-Now Roadmap source3/ 
' +
+samba_dist.DIST_BLACKLIST('README Manifest Read-Manifest-Now Roadmap ' +
   'packaging/ docs-xml/ examples/ swat/ WHATSNEW.txt 
MAINTAINERS ')
 # install in /usr/local/samba by default
 Options.default_prefix = '/usr/local/samba'


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-02-14 Thread Simo Sorce
The branch, master has been updated
   via  18926e5 Fix private libdir and codepages paths
  from  64c63a3 s3: Fix a C++ warning

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 18926e5907ac91881fe5b8cf35193c4bc010500a
Author: Simo Sorce 
Date:   Mon Feb 14 19:46:42 2011 -0500

Fix private libdir and codepages paths

The private libraries need to be arch specific as well.

With --enable-fhs the codepages should go in /usr/share/samba and not
in /usr/lib{64}/samba as they are data files not libraries.

Autobuild-User: Simo Sorce 
Autobuild-Date: Tue Feb 15 04:22:37 CET 2011 on sn-devel-104

---

Summary of changes:
 buildtools/wafsamba/wscript |2 +-
 source4/dynconfig/wscript   |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 buildtools/wafsamba/wscript
 mode change 100644 => 100755 source4/dynconfig/wscript


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
old mode 100644
new mode 100755
index ad5b938..4f93bb1
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -277,7 +277,7 @@ def configure(conf):
 conf.env.RPATH_ON_INSTALL = (conf.env.RPATH_ON_BUILD and
  not Options.options.disable_rpath_install)
 if not conf.env.PRIVATELIBDIR:
-conf.env.PRIVATELIBDIR = '${PREFIX}/lib/%s' % 
Utils.g_module.APPNAME
+conf.env.PRIVATELIBDIR = '%s/%s' % (conf.env.LIBDIR, 
Utils.g_module.APPNAME)
 conf.env.RPATH_ON_INSTALL_PRIVATE = (
 not Options.options.disable_rpath_private_install)
 else:
diff --git a/source4/dynconfig/wscript b/source4/dynconfig/wscript
old mode 100644
new mode 100755
index 50ae44f..c2741fd
--- a/source4/dynconfig/wscript
+++ b/source4/dynconfig/wscript
@@ -57,7 +57,6 @@ dyn_cflags_fhs = {
 'LOGFILEBASE': '${LOCALSTATEDIR}/log/samba',
 'LOCKDIR': '${LOCALSTATEDIR}/lib/samba',
 'PIDDIR' : '${LOCALSTATEDIR}/run/samba',
-'DATADIR': '${DATADIR}/samba',
 'SETUPDIR'   : '${DATADIR}/samba/setup',
 'WINBINDD_SOCKET_DIR': '${LOCALSTATEDIR}/run/samba/winbindd',
 'WINBINDD_PRIVILEGED_SOCKET_DIR' : 
'${LOCALSTATEDIR}/run/samba/winbindd_privileged',
@@ -69,6 +68,7 @@ dyn_cflags_fhs = {
 'INCLUDEDIR' : '${INCLUDEDIR}/samba-4.0',
 'PKGCONFIGDIR'   : '${LIBDIR}/pkgconfig',
 'SWATDIR': '${DATADIR}/swat',
+'CODEPAGEDIR': '${DATADIR}/samba',
 }
 
 def get_varname(v):


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-02-14 Thread Simo Sorce
The branch, master has been updated
   via  0a05a36 Increase minor version since a public header has changed
  from  3722f65 librpc: make NDR_KRB5PAC a shared library 
(libndr-krb5pac.so).

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0a05a364f3a8bb2ec89e261e372e762ab05d5e6b
Author: Simo Sorce 
Date:   Mon Feb 14 11:49:41 2011 -0500

Increase minor version since a public header has changed

Samba4 now depends on a new macro defined in the public ldb_modules.h 
header:
LDB_FLAG_INTERNAL_FORCE_SINGLE_VALUE_CHECK.

Bump up the minor release of ldb accordingly.

Autobuild-User: Simo Sorce 
Autobuild-Date: Mon Feb 14 19:39:31 CET 2011 on sn-devel-104

---

Summary of changes:
 .../ldb/ABI/{ldb-0.9.24.sigs => ldb-1.0.1.sigs}|0
 source4/lib/ldb/wscript|2 +-
 2 files changed, 1 insertions(+), 1 deletions(-)
 copy source4/lib/ldb/ABI/{ldb-0.9.24.sigs => ldb-1.0.1.sigs} (100%)
 mode change 100644 => 100755 source4/lib/ldb/wscript


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/ABI/ldb-0.9.24.sigs 
b/source4/lib/ldb/ABI/ldb-1.0.1.sigs
similarity index 100%
copy from source4/lib/ldb/ABI/ldb-0.9.24.sigs
copy to source4/lib/ldb/ABI/ldb-1.0.1.sigs
diff --git a/source4/lib/ldb/wscript b/source4/lib/ldb/wscript
old mode 100644
new mode 100755
index 73125fc..69d8725
--- a/source4/lib/ldb/wscript
+++ b/source4/lib/ldb/wscript
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 APPNAME = 'ldb'
-VERSION = '1.0.0'
+VERSION = '1.0.1'
 
 blddir = 'bin'
 


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2011-02-14 Thread Simo Sorce
The branch, master has been updated
   via  d6a41c2 Return NULL if tevent_add_fd() is passed a negative fd
  from  b423d83 s4:ldapcmp: cope with range retrivals of multivalued 
attributes

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d6a41c2723cda59b3cd6ae9a1e77b62f25067663
Author: Stephen Gallagher 
Date:   Mon Feb 14 10:29:49 2011 -0500

Return NULL if tevent_add_fd() is passed a negative fd

Autobuild-User: Simo Sorce 
Autobuild-Date: Mon Feb 14 17:47:03 CET 2011 on sn-devel-104

---

Summary of changes:
 lib/tevent/tevent_fd.c |6 ++
 1 files changed, 6 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tevent/tevent_fd.c b/lib/tevent/tevent_fd.c
index c58e8e1..455961b 100644
--- a/lib/tevent/tevent_fd.c
+++ b/lib/tevent/tevent_fd.c
@@ -51,6 +51,12 @@ struct tevent_fd *tevent_common_add_fd(struct tevent_context 
*ev, TALLOC_CTX *me
 {
struct tevent_fd *fde;
 
+   /* tevent will crash later on select() if we save
+* a negative file descriptor. Better to fail here
+* so that consumers will be able to debug it
+*/
+   if (fd < 0) return NULL;
+
fde = talloc(mem_ctx?mem_ctx:ev, struct tevent_fd);
if (!fde) return NULL;
 


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch v3-6-test updated

2011-02-08 Thread simo
On Tue, 2011-02-08 at 19:19 +0100, Günther Deschner wrote:
> s3-spoolss: Dont wipe out all drivers when only one should be
> deleted.
> 
> Great catch from Bjoern Baumbach  !
> 
> Andreas, Simo, please check.
> 
> We now have a torture test
> (rpc.spoolss.driver.driver.multiple_drivers) for this.

Good catch indeed.
Looks good to me.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2011-02-07 Thread Simo Sorce
The branch, master has been updated
   via  1d27f0b mit-samba: Allow nesting on the event context
  from  1d58fcc libcli/security: Make add_sid_to_array_unique use a uin32_t 
counter

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1d27f0b26431d32d969d1ad10d47c396d1c7517f
Author: Simo Sorce 
Date:   Thu Feb 3 20:51:45 2011 -0500

mit-samba: Allow nesting on the event context

This context is used in ldb, and ldb modules apparently abort if nesting is 
not
allowed.

Autobuild-User: Simo Sorce 
Autobuild-Date: Mon Feb  7 20:58:02 CET 2011 on sn-devel-104

---

Summary of changes:
 source4/kdc/mit_samba.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index b959978..dcabe39 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -17,6 +17,8 @@
along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#define TEVENT_DEPRECATED 1
+
 #include "includes.h"
 #include "param/param.h"
 #include "dsdb/samdb/samdb.h"
@@ -68,6 +70,7 @@ static int mit_samba_context_init(struct mit_samba_context 
**_ctx)
ret = ENOMEM;
goto done;
}
+   tevent_loop_allow_nesting(base_ctx.ev_ctx);
base_ctx.lp_ctx = loadparm_init_global(false);
if (!base_ctx.lp_ctx) {
ret = ENOMEM;


-- 
Samba Shared Repository


[offlist] Re: [SCM] Samba Shared Repository - branch v3-6-test updated

2010-12-13 Thread simo
On Mon, 2010-12-13 at 19:21 -0800, Jeremy Allison wrote:
> On Tue, Dec 14, 2010 at 04:20:48AM +0100, Jeremy Allison wrote:
> > The branch, v3-6-test has been updated
> >via  274fc73 Ensure we use vfs_fsp_stat(), not VFS_STAT directly, 
> > and store into fsp->fsp_name->st instead of a SMB_STRUCT_STAT on the stack.
> >via  2ff6822 Merge branch 'v3-6-test' of 
> > ssh://git.samba.org/data/git/samba into v3-6-test
> >via  dc38715 smbtorture: correct error handling in BASE-OPEN.
> >   from  1ef50b1 Change crediting so that the credits are returned on 
> > the interim async response. (cherry picked from commit 
> > 58ebe1de32050fca71059c521f74488cfa5b3729)
> > 
> > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> > 
> > 
> > - Log -
> > commit 274fc732d751429c7a6ce9d4257b3bde68ffa8cd
> > Author: Jeremy Allison 
> > Date:   Mon Dec 13 19:17:57 2010 -0800
> > 
> > Ensure we use vfs_fsp_stat(), not VFS_STAT directly, and store into 
> > fsp->fsp_name->st
> > instead of a SMB_STRUCT_STAT on the stack.
> > 
> > Jeremy.
> > (cherry picked from commit 68f8f220dcd20f4f04bc95916ae04da81a2cdda1)
> > 
> > commit 2ff682226bed8ac1f55caee4aaa7cc1e8c0d1a47
> > Merge: dc38715527d282545ba7b05051bda70067fe5d6a 
> > 1ef50b15da1ca23afc2d3af6abe7f375e57946a1
> > Author: Jeremy Allison 
> > Date:   Mon Dec 13 17:08:08 2010 -0800
> > 
> > Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into 
> > v3-6-test
> 
> Arg. Sorry for the bloody merge commit. Didn't see that
> one happen :-(.

If you want to avoid merges you can use this alias that I use all the
time:

alias git-get='git fetch origin master && git rebase -i origin/master'

Use git-get instead of git pull

It will always cause an interactive rebase, but I find it the best way
to avoid really annoying merges all over.

Simo.


-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2010-11-18 Thread Simo Sorce
The branch, master has been updated
   via  0b3180b ldb: error out when modules are not found
  from  47784a1 s4-tests: Descriptor tests should use the existing samdb 
domain_dn method instead of defining a new one

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0b3180bbf5933943cf0c5b0e9d47da33cf4ff99c
Author: Simo Sorce 
Date:   Thu Nov 18 08:01:15 2010 -0500

ldb: error out when modules are not found

We shouldn't proceed without all required modules, it could cause damage to 
the
ldb if operations are performed w/o the needed modules.

Autobuild-User: Simo Sorce 
Autobuild-Date: Thu Nov 18 14:02:34 UTC 2010 on sn-devel-104

---

Summary of changes:
 source4/lib/ldb/common/ldb_modules.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/common/ldb_modules.c 
b/source4/lib/ldb/common/ldb_modules.c
index 123d218..e330137 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -312,7 +312,7 @@ int ldb_module_load_list(struct ldb_context *ldb, const 
char **module_list,
if (ops == NULL) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "WARNING: Module [%s] 
not found - do you need to set LDB_MODULES_PATH?",
  module_list[i]);
-   continue;
+   return LDB_ERR_OPERATIONS_ERROR;
}
 
current = talloc_zero(ldb, struct ldb_module);


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-10-20 Thread Simo Sorce
The branch, master has been updated
   via  feb6034 talloc: make header C++ safe
  from  c8000c9 smbtorture: Fix typo in status message.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit feb60345816f0fd45ea9b381fbd374b21542f518
Author: Simo Sorce 
Date:   Wed Oct 20 13:09:57 2010 -0400

talloc: make header C++ safe

Autobuild-User: Simo Sorce 
Autobuild-Date: Wed Oct 20 18:15:09 UTC 2010 on sn-devel-104

---

Summary of changes:
 lib/talloc/talloc.h |8 
 1 files changed, 8 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h
index 8b9ade2..bc5b0fa 100644
--- a/lib/talloc/talloc.h
+++ b/lib/talloc/talloc.h
@@ -29,6 +29,10 @@
 #include 
 #include 
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * @defgroup talloc The talloc API
  *
@@ -1701,4 +1705,8 @@ void talloc_set_log_stderr(void);
 #define TALLOC_MAX_DEPTH 1
 #endif
 
+#ifdef __cplusplus
+} /* end of extern "C" */
+#endif
+
 #endif


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2010-09-28 Thread simo
On Wed, 2010-09-29 at 01:23 +0200, Günther Deschner wrote:
> The branch, master has been updated
>via  ec33a87 s3-printing: skip metadata entry when traversing 
> printerlist.
>   from  fcee50b pidl: add support for pointers in typedefs
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -
> commit ec33a87d5855348e6de4c1f0f02d3bd5a0638985
> Author: Günther Deschner 
> Date:   Wed Sep 29 01:18:07 2010 +0200
> 
> s3-printing: skip metadata entry when traversing printerlist.
> 
> We were creating a new printer (with a very broken name) out of the
> lasttimestamp entry all the time.
> 
> Simo, please check.
> 
> Guenther
> 
> ---
> 
> Summary of changes:
>  source3/printing/printer_list.c |5 +
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> 
> Changeset truncated at 500 lines:
> 
> diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c
> index 667ff70..8e9e06a 100644
> --- a/source3/printing/printer_list.c
> +++ b/source3/printing/printer_list.c
> @@ -380,6 +380,11 @@ static int printer_list_exec_fn(struct db_record *rec, 
> void *private_data)
>   char *comment;
>   int ret;
>  
> + /* always skip PL_TIMESTAMP_KEY key */
> + if (strequal((const char *)rec->key.dptr, PL_TIMESTAMP_KEY)) {
> + return 0;
> + }
> +
>   ret = tdb_unpack(rec->value.dptr, rec->value.dsize,
>    PL_DATA_FORMAT, &time_h, &time_l, &name, &comment);
>   if (ret == -1) {
> 
> 

Obviously correct, sorry for introducing this bug :/

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



Re: [SCM] Samba Shared Repository - branch master updated

2010-09-24 Thread simo
On Fri, 2010-09-24 at 08:58 -0700, Jeremy Allison wrote:
> On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote:
> > On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
> > > diff --git a/source3/rpc_server/dcesrv_spnego.c
> > > b/source3/rpc_server/dcesrv_spnego.c
> > > index 4686534..fb758e3 100644
> > > --- a/source3/rpc_server/dcesrv_spnego.c
> > > +++ b/source3/rpc_server/dcesrv_spnego.c
> > > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
> > > *mem_ctx,
> > >  
> > > ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
> > > sp_ctx->oid_list, NULL,
> > > &token_in);
> > > -   if (!ret) {
> > > +   if (!ret || sp_ctx->oid_list[0] == NULL) {
> > > DEBUG(3, ("Invalid SPNEGO message\n"));
> > > status = NT_STATUS_INVALID_PARAMETER;
> > > goto done; 
> > 
> > Jeremy, not sure this is right.
> > In the dcerpc server I think w can easily cope with a missing OId by
> > sending a packet with the OIDs we support instead.
> > 
> > (I looked only at this diff though, so I am not 100% confident).
> > 
> > Is the test supposed to get back an error ?
> 
> Well it's not supposed to crash, which is what it did :-).
> 
> Actually it didn't crash here, but in the sessionsetup code,
> but when I fixed that I fixed all places we use spnego_parse_negTokenInit().
> 
> In your new code here it wouldn't crash, but would fall back
> silently to NTLMSSP, but I decided that sending no OIDs
> was probably a client error, so telling them about it was
> the appropriate thing to do.

Do you know how windows behaves against the same test ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



Re: [SCM] Samba Shared Repository - branch master updated

2010-09-24 Thread simo
On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
> diff --git a/source3/rpc_server/dcesrv_spnego.c
> b/source3/rpc_server/dcesrv_spnego.c
> index 4686534..fb758e3 100644
> --- a/source3/rpc_server/dcesrv_spnego.c
> +++ b/source3/rpc_server/dcesrv_spnego.c
> @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
> *mem_ctx,
>  
> ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
> sp_ctx->oid_list, NULL,
> &token_in);
> -   if (!ret) {
> +   if (!ret || sp_ctx->oid_list[0] == NULL) {
> DEBUG(3, ("Invalid SPNEGO message\n"));
> status = NT_STATUS_INVALID_PARAMETER;
> goto done; 

Jeremy, not sure this is right.
In the dcerpc server I think w can easily cope with a missing OId by
sending a packet with the OIDs we support instead.

(I looked only at this diff though, so I am not 100% confident).

Is the test supposed to get back an error ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Website Repository - branch master updated

2010-09-14 Thread Simo Sorce
The branch, master has been updated
   via  08e2cfa Fix one more place where 2069 was used instead of 3069
  from  ac5be36 Fix typo

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 08e2cfa1164329f09a0e6423a0e89c06565b4c7c
Author: Simo Sorce 
Date:   Tue Sep 14 10:06:30 2010 -0400

Fix one more place where 2069 was used instead of 3069

---

Summary of changes:
 security/CVE-2010-3069.html |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/security/CVE-2010-3069.html b/security/CVE-2010-3069.html
index 898e183..8683b91 100644
--- a/security/CVE-2010-3069.html
+++ b/security/CVE-2010-3069.html
@@ -8,7 +8,7 @@
 
 
 
-   CVE-2010-2069: 
+   CVE-2010-3069: 
 
 
 


-- 
Samba Website Repository


[SCM] Samba Website Repository - branch master updated

2010-09-14 Thread Simo Sorce
The branch, master has been updated
   via  ac5be36 Fix typo
  from  c06c99b Fix CVE number, it's 3069, not 2069

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit ac5be36eaa61864039006fdae6a8069251b6fb00
Author: Simo Sorce 
Date:   Tue Sep 14 09:50:08 2010 -0400

Fix typo

---

Summary of changes:
 history/security.html |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/history/security.html b/history/security.html
index f0ee28a..b1c7882 100755
--- a/history/security.html
+++ b/history/security.html
@@ -31,7 +31,7 @@ link to full release notes for each release.
patch for Samba 3.5.4
Buffer Overrun Vulnerability
all current releases
-   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369";>CVE-2010-3069
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069";>CVE-2010-3069
Announcement
 
 


-- 
Samba Website Repository


[SCM] Samba Website Repository - branch master updated

2010-09-14 Thread Simo Sorce
The branch, master has been updated
   via  c06c99b Fix CVE number, it's 3069, not 2069
  from  31cbb3e Update latest stable release.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit c06c99b5ec1d3c31b926166241a8ed0342152f1a
Author: Simo Sorce 
Date:   Tue Sep 14 09:48:05 2010 -0400

Fix CVE number, it's 3069, not 2069

---

Summary of changes:
 history/security.html  |   10 +-
 .../{CVE-2010-2069.html => CVE-2010-3069.html} |0
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename security/{CVE-2010-2069.html => CVE-2010-3069.html} (100%)


Changeset truncated at 500 lines:

diff --git a/history/security.html b/history/security.html
index f3ef89a..f0ee28a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -23,16 +23,16 @@ link to full release notes for each release.
 
 
14 Sep 2010
-   
+   
patch for Samba 3.3.13
-   
+   
patch for Samba 3.4.8
-   
+   
patch for Samba 3.5.4
Buffer Overrun Vulnerability
all current releases
-   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2069";>CVE-2010-2069
-   Announcement
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369";>CVE-2010-3069
+   Announcement
 
 
 
diff --git a/security/CVE-2010-2069.html b/security/CVE-2010-3069.html
similarity index 100%
rename from security/CVE-2010-2069.html
rename to security/CVE-2010-3069.html


-- 
Samba Website Repository


[SCM] Samba Shared Repository - branch master updated

2010-08-30 Thread Simo Sorce
The branch, master has been updated
   via  20e7b4e s3-auth: The unlock of the account is now done by the 
get_sampwnam call.
   via  c5cfad1 s3-passdb: Try to unlock the account if it is locked out.
   via  2ab0b63 s3-passdb: Added a pdb_try_account_unlock function.
   via  9dd7e7f s3-auth: Use SamInfo3_for_guest to create guest server_info.
  from  5f419ea packaging: Build with -O3

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 20e7b4ec744dead1544a4b7625dc3fcb5d802418
Author: Andreas Schneider 
Date:   Mon Aug 23 23:02:44 2010 +0200

s3-auth: The unlock of the account is now done by the get_sampwnam call.

Signed-off-by: Simo Sorce 

commit c5cfad142c6bc5cd4819726cf2444108bc7639c3
Author: Andreas Schneider 
Date:   Mon Aug 23 10:08:53 2010 +0200

s3-passdb: Try to unlock the account if it is locked out.

Signed-off-by: Simo Sorce 

commit 2ab0b63bd89d2d833695dc33aecec7a63ccbab0c
Author: Andreas Schneider 
Date:   Mon Aug 23 10:08:34 2010 +0200

s3-passdb: Added a pdb_try_account_unlock function.

The function checks if the account has been autolocked. If we have a
lockout_duration and a bad password time it checks if we can unlock the
account.

Signed-off-by: Simo Sorce 

commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
Author: Andreas Schneider 
Date:   Wed Aug 18 17:17:42 2010 +0200

s3-auth: Use SamInfo3_for_guest to create guest server_info.

Signed-off-by: Simo Sorce 

---

Summary of changes:
 source3/auth/auth_util.c   |   89 +--
 source3/auth/check_samsec.c|7 +--
 source3/passdb/pdb_interface.c |  131 +--
 3 files changed, 196 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1ff9714..23f557a 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -25,6 +25,7 @@
 #include "smbd/globals.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../lib/crypto/arcfour.h"
+#include "rpc_client/init_lsa.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -631,6 +632,54 @@ NTSTATUS make_server_info_pw(struct 
auth_serversupplied_info **server_info,
return NT_STATUS_OK;
 }
 
+static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
+   struct netr_SamInfo3 *info3)
+{
+   const char *guest_account = lp_guestaccount();
+   struct dom_sid domain_sid;
+   struct passwd *pwd;
+   const char *tmp;
+   NTSTATUS status;
+
+   pwd = getpwnam_alloc(mem_ctx, guest_account);
+   if (pwd == NULL) {
+   DEBUG(0,("SamInfo3_for_guest: Unable to locate guest "
+"account [%s]!\n", guest_account));
+   return NT_STATUS_NO_SUCH_USER;
+   }
+
+   /* Set acount name */
+   tmp = talloc_strdup(mem_ctx, pwd->pw_name);
+   if (tmp == NULL) {
+   return NT_STATUS_NO_MEMORY;
+   }
+   init_lsa_String(&info3->base.account_name, tmp);
+
+   /* Set domain name */
+   tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+   if (tmp == NULL) {
+   return NT_STATUS_NO_MEMORY;
+   }
+   init_lsa_StringLarge(&info3->base.domain, tmp);
+
+   /* Domain sid */
+   sid_copy(&domain_sid, get_global_sam_sid());
+
+   info3->base.domain_sid = sid_dup_talloc(mem_ctx, &domain_sid);
+   if (info3->base.domain_sid == NULL) {
+   return NT_STATUS_NO_MEMORY;
+   }
+
+   /* Guest rid */
+   info3->base.rid = DOMAIN_RID_GUEST;
+
+   /* Primary gid */
+   info3->base.primary_gid = BUILTIN_RID_GUESTS;
+
+   TALLOC_FREE(pwd);
+   return status;
+}
+
 /***
  Make (and fill) a user_info struct for a guest login.
  This *must* succeed for smbd to start. If there is no mapping entry for
@@ -639,43 +688,42 @@ NTSTATUS make_server_info_pw(struct 
auth_serversupplied_info **server_info,
 
 static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info 
**server_info)
 {
+   static const char zeros[16] = {0};
+   const char *guest_account = lp_guestaccount();
+   const char *domain = global_myname();
+   struct netr_SamInfo3 info3;
+   TALLOC_CTX *tmp_ctx;
NTSTATUS status;
-   struct samu *sampass = NULL;
-   struct dom_sid guest_sid;
-   bool ret;
-   static const char zeros[16] = {0, };
fstring tmp;
 
-   if ( !(sampass = samu_new( NULL )) ) {
+   tmp_ctx = talloc_stackframe();
+   if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
 
-

[SCM] Samba Shared Repository - branch v3-6-test updated

2010-08-23 Thread Simo Sorce
The branch, v3-6-test has been updated
   via  64a4b02... Do not leak pkt data on the long term cli memory context
  from  0529160... s3: Fix netgrent configure checks for compilers not 
supporting -Werror-implicit-function-declaration

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 64a4b0206bf9f7d28af39cdce8d712b0e6c2b3d2
Author: Simo Sorce 
Date:   Mon Aug 23 18:21:17 2010 -0400

Do not leak pkt data on the long term cli memory context

---

Summary of changes:
 source3/rpc_client/cli_pipe.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 87575cb..d3e0c60 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -383,7 +383,7 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX 
*mem_ctx,
NTSTATUS ret = NT_STATUS_OK;
size_t pad_len = 0;
 
-   ret = dcerpc_pull_ncacn_packet(cli, pdu, pkt, false);
+   ret = dcerpc_pull_ncacn_packet(pkt, pdu, pkt, false);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-08-23 Thread Simo Sorce
The branch, master has been updated
   via  a782a80... s3-dcerpc: Allocate structure members on the right 
context
  from  a16a56f... s3: PAM_RHOST and PAM_TTY are enums on FreeBSD

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a782a80d2f5e70d40708bd578a1f456c451d2979
Author: Simo Sorce 
Date:   Mon Aug 23 17:11:32 2010 -0400

s3-dcerpc: Allocate structure members on the right context

---

Summary of changes:
 source3/rpc_client/cli_pipe.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index daf30d7..c9b1ef6 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -827,7 +827,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
return;
}
 
-   status = dcerpc_pull_ncacn_packet(state,
+   status = dcerpc_pull_ncacn_packet(state->pkt,
  &state->incoming_frag,
  state->pkt,
  !state->endianess);


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-08-19 Thread Simo Sorce
The branch, master has been updated
   via  cbe9f87... s3-ads: Fix wrong test in if statement
  from  861566c... s3-waf: fix the build.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit cbe9f879afc7b212c1e105fcb54b4563d5f6dfe0
Author: Simo Sorce 
Date:   Thu Aug 19 07:35:01 2010 -0400

s3-ads: Fix wrong test in if statement

---

Summary of changes:
 source3/include/krb5_protos.h|2 ++
 source3/libads/kerberos_keytab.c |2 +-
 2 files changed, 3 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index e229a14..7ac0f3e 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -137,6 +137,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
   krb5_creds **creds_p);
 char *smb_krb5_principal_get_realm(krb5_context context,
   krb5_principal principal);
+
+
 #endif /* HAVE_KRB5 */
 
 int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 10c7087..94698c6 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -56,7 +56,7 @@ static krb5_error_code 
seek_and_delete_old_entries(krb5_context context,
ZERO_STRUCT(zero_kt_entry);
 
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-   if (ret == KRB5_KT_END && ret == ENOENT ) {
+   if (ret == KRB5_KT_END || ret == ENOENT ) {
/* no entries */
return 0;
}


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-08-18 Thread Simo Sorce
The branch, master has been updated
   via  1ab17f1... s3-ads: Remove unused wrapper and make function static
  from  d7c8fb2... s3: async cli_list

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1ab17f13a27429d34439c0ba3b77685e3a55c2c3
Author: Simo Sorce 
Date:   Wed Aug 18 09:36:54 2010 -0400

s3-ads: Remove unused wrapper and make function static

---

Summary of changes:
 source3/include/krb5_protos.h|8 ---
 source3/libads/kerberos_keytab.c |   39 +++--
 2 files changed, 12 insertions(+), 35 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index 0b8aa71..e229a14 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -124,14 +124,6 @@ krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
 krb5_context context,
 krb5_keytab keytab,
 const char **keytab_name);
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries);
 krb5_error_code smb_krb5_get_credentials(krb5_context context,
 krb5_ccache ccache,
 krb5_principal me,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index d2215ec..10c7087 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -180,14 +180,14 @@ out:
return ret;
 }
 
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries)
+static int smb_krb5_kt_add_entry(krb5_context context,
+krb5_keytab keytab,
+krb5_kvno kvno,
+const char *princ_s,
+krb5_enctype *enctypes,
+krb5_data password,
+bool no_salt,
+bool keep_old_entries)
 {
krb5_error_code ret;
krb5_keytab_entry kt_entry;
@@ -250,23 +250,6 @@ out:
return (int)ret;
 }
 
-static int smb_krb5_kt_add_entry(krb5_context context,
-krb5_keytab keytab,
-krb5_kvno kvno,
-const char *princ_s,
-krb5_enctype *enctypes,
-krb5_data password)
-{
-   return smb_krb5_kt_add_entry_ext(context,
-keytab,
-kvno,
-princ_s,
-enctypes,
-password,
-false,
-false);
-}
-
 /**
  Adds a single service principal, i.e. 'host' to the system keytab
 ***/
@@ -415,7 +398,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char 
*srvPrinc)
 
/* add the fqdn principal to the keytab */
ret = smb_krb5_kt_add_entry(context, keytab, kvno,
-   princ_s, enctypes, password);
+   princ_s, enctypes, password,
+   false, false);
if (ret) {
DEBUG(1, (__location__ ": Failed to add entry to keytab\n"));
goto out;
@@ -424,7 +408,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char 
*srvPrinc)
/* add the short principal name if we have one */
if (short_princ_s) {
ret = smb_krb5_kt_add_entry(context, keytab, kvno,
-   short_princ_s, enctypes, password);
+   short_princ_s, enctypes, password,
+   false, false);
if (ret) {
DEBUG(1, (__location__
   

[SCM] Samba Shared Repository - branch master updated

2010-08-18 Thread Simo Sorce
The branch, master has been updated
   via  71dfa62... s3-ads: cleanup ads_keytab_list()
   via  64d8300... s3-ads: cleanup ads_keytab_create_default()
   via  3a99123... s3-ads: cleanup ads_keytab_add_entry()
   via  d6d1ed8... s3-ads: Split, simplify and cleanup keytab functions
  from  b9353c6... s3: Fix serverid_register_msg_flags

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 71dfa62b61380396785c7856c38f45c77c966ff0
Author: Simo Sorce 
Date:   Wed Aug 18 06:46:53 2010 -0400

s3-ads: cleanup ads_keytab_list()

commit 64d8300a56eb0891389a5a2afc5e4902c2d909a2
Author: Simo Sorce 
Date:   Wed Aug 18 06:09:27 2010 -0400

s3-ads: cleanup ads_keytab_create_default()

commit 3a9912370dc36500d207aeb9d1ae58834526b6c3
Author: Simo Sorce 
Date:   Wed Aug 18 04:33:32 2010 -0400

s3-ads: cleanup ads_keytab_add_entry()

commit d6d1ed8bdfb290ac6e1fa4264f2b84d0e4790d98
Author: Simo Sorce 
Date:   Wed Aug 18 04:16:41 2010 -0400

s3-ads: Split, simplify and cleanup keytab functions

add helper function for both smb_krb5_kt_add_entry_ext() and
ads_keytab_flush()

---

Summary of changes:
 source3/libads/kerberos_keytab.c |  756 --
 1 files changed, 404 insertions(+), 352 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 386ce83..d2215ec 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -35,130 +35,184 @@
 /**
 **/
 
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries)
+static krb5_error_code seek_and_delete_old_entries(krb5_context context,
+  krb5_keytab keytab,
+  krb5_kvno kvno,
+  const char *princ_s,
+  krb5_principal princ,
+  bool flush,
+  bool keep_old_entries)
 {
-   krb5_error_code ret = 0;
+   krb5_error_code ret;
krb5_kt_cursor cursor;
+   krb5_kt_cursor zero_csr;
krb5_keytab_entry kt_entry;
-   krb5_principal princ = NULL;
-   int i;
+   krb5_keytab_entry zero_kt_entry;
char *ktprinc = NULL;
 
-   ZERO_STRUCT(kt_entry);
ZERO_STRUCT(cursor);
-   
-   ret = smb_krb5_parse_name(context, princ_s, &princ);
-   if (ret) {
-   DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_parse_name(%s) 
failed (%s)\n", princ_s, error_message(ret)));
-   goto out;
-   }
+   ZERO_STRUCT(zero_csr);
+   ZERO_STRUCT(kt_entry);
+   ZERO_STRUCT(zero_kt_entry);
 
-   /* Seek and delete old keytab entries */
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-   if (ret != KRB5_KT_END && ret != ENOENT ) {
-   DEBUG(3,("smb_krb5_kt_add_entry_ext: Will try to delete old 
keytab entries\n"));
-   while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) 
{
-   bool compare_name_ok = False;
+   if (ret == KRB5_KT_END && ret == ENOENT ) {
+   /* no entries */
+   return 0;
+   }
+
+   DEBUG(3, (__location__ ": Will try to delete old keytab entries\n"));
+   while (!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
+   bool name_ok = False;
 
-   ret = smb_krb5_unparse_name(talloc_tos(), context, 
kt_entry.principal, &ktprinc);
+   if (!flush && (princ_s != NULL)) {
+   ret = smb_krb5_unparse_name(talloc_tos(), context,
+   kt_entry.principal,
+   &ktprinc);
if (ret) {
-   DEBUG(1,("smb_krb5_kt_add_entry_ext: 
smb_krb5_unparse_name failed (%s)\n",
-   error_message(ret)));
+   DEBUG(1, (__location__
+ ": smb_krb5_unparse_name failed "
+   

[SCM] Samba Shared Repository - branch master updated

2010-08-17 Thread Simo Sorce
The branch, master has been updated
   via  0a89722... s3-ads: Remove unused function and file
  from  aca7b22... s3:winbindd: don't ignore 'result' in 
wb_dsgetdcname_done()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0a89722671aa7fba8d7befa530dc69bb67260919
Author: Simo Sorce 
Date:   Tue Aug 17 06:40:38 2010 -0400

s3-ads: Remove unused function and file

---

Summary of changes:
 source3/Makefile.in|2 +-
 source3/libads/ads_proto.h |2 --
 source3/libads/ads_utils.c |   28 
 3 files changed, 1 insertions(+), 31 deletions(-)
 delete mode 100644 source3/libads/ads_utils.c


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index fac4e0b..6d08f43 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -460,7 +460,7 @@ LIBADS_OBJ = libads/ldap.o \
 libads/kerberos_util.o \
 libads/ldap_user.o \
 libads/ads_struct.o libads/kerberos_keytab.o \
- libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
+ libads/disp_sec.o libads/ldap_utils.o \
 libads/ldap_schema.o libads/util.o libads/ndr.o
 
 LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index aedd23f..b924034 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -9,8 +9,6 @@ ADS_STRUCT *ads_init(const char *realm,
 bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
 void ads_destroy(ADS_STRUCT **ads);
 
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
-
 /* The following definitions come from libads/disp_sec.c  */
 
 void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct 
security_descriptor *sd);
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
deleted file mode 100644
index ec3efa8..000
--- a/source3/libads/ads_utils.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-   ads (active directory) utility library
-
-   Copyright (C) Stefan (metze) Metzmacher 2002
-   Copyright (C) Andrew Tridgell 2001
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "ads.h"
-
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
-{
-   return ads->config.ldap_server_name;
-}


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-08-17 Thread Simo Sorce
The branch, master has been updated
   via  f40ef7e... s3-dcerpc: Use common send functions for ntlmssp too
   via  86914b8... s3-dcerpc: properly implement gse/spnego_get_session_key
   via  26a3ba6... s3-dcerpc: Check data and return appropriate error
   via  9b8c7d4... s3-dcerpc: Remove unused function
   via  7b12513... s3-dcerpc: make a few local functions as static
   via  9a9a38c... Change debug statements to use __location__
   via  72a0098... s3-dcerpc: Pull packet in the caller, before validation
   via  558320c... Add my (c)
  from  1791d05... s3-samr: Fixed some build warnings.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f40ef7e24cda2d25dcb04cb7e83cd1f3d62a66e4
Author: Simo Sorce 
Date:   Tue Aug 3 05:11:28 2010 -0400

s3-dcerpc: Use common send functions for ntlmssp too

Remove unused function.

commit 86914b8fab764667ca5021f44b61c0222dbb2e09
Author: Simo Sorce 
Date:   Mon Aug 2 12:15:43 2010 -0400

s3-dcerpc: properly implement gse/spnego_get_session_key

commit 26a3ba60e661bc2eaf05a2c03f8851d252515d3e
Author: Simo Sorce 
Date:   Mon Aug 2 12:05:45 2010 -0400

s3-dcerpc: Check data and return appropriate error

commit 9b8c7d47f98dffe961dc513f5452dfd72b508136
Author: Simo Sorce 
Date:   Mon Aug 2 12:18:58 2010 -0400

s3-dcerpc: Remove unused function

commit 7b12513d125e13a4db3f32adc05030fbb302f510
Author: Simo Sorce 
Date:   Mon Aug 2 10:28:10 2010 -0400

s3-dcerpc: make a few local functions as static

commit 9a9a38c666a8285fdfac35758aa85f5d33ba6e95
Author: Simo Sorce 
Date:   Mon Aug 2 10:14:02 2010 -0400

Change debug statements to use __location__

commit 72a0098415c1d676a77a032c0f5fda90e9c1b905
Author: Simo Sorce 
Date:   Mon Aug 2 10:03:04 2010 -0400

s3-dcerpc: Pull packet in the caller, before validation

commit 558320cf582a5ebc50af28061f5e33f7e4158fba
Author: Simo Sorce 
Date:   Mon Aug 2 09:47:01 2010 -0400

Add my (c)

---

Summary of changes:
 source3/include/proto.h |4 -
 source3/librpc/rpc/dcerpc_gssapi.c  |   51 +-
 source3/librpc/rpc/dcerpc_gssapi.h  |3 +-
 source3/librpc/rpc/dcerpc_helpers.c |1 +
 source3/librpc/rpc/dcerpc_spnego.c  |   11 ++-
 source3/librpc/rpc/dcerpc_spnego.h  |3 +-
 source3/rpc_client/cli_pipe.c   |  184 +++---
 source3/rpc_server/srv_pipe.c   |   27 +
 8 files changed, 147 insertions(+), 137 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 70a2102..ebb3432 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4742,10 +4742,6 @@ NTSTATUS rpc_pipe_register_commands(int version, const 
char *clnt,
const struct ndr_syntax_id *interface,
const struct api_struct *cmds, int size);
 bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax);
-bool api_pipe_bind_req(struct pipes_struct *p, struct ncacn_packet *pkt);
-bool api_pipe_alter_context(struct pipes_struct *p, struct ncacn_packet *pkt);
-void free_pipe_rpc_context( PIPE_RPC_FNS *list );
-bool api_pipe_request(struct pipes_struct *p, struct ncacn_packet *pkt);
 
 /* The following definitions come from rpc_server/srv_pipe_hnd.c  */
 
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c 
b/source3/librpc/rpc/dcerpc_gssapi.c
index 2de46b5..777f5f1 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -28,6 +28,21 @@
 #include 
 #include 
 
+#ifndef GSS_KRB5_INQ_SSPI_SESSION_KEY_OID
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID 
"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+#endif
+
+#ifndef GSS_KRB5_SESSION_KEY_ENCTYPE_OID
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID  
"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04"
+#endif
+
+gss_OID_desc gse_sesskey_inq_oid = { GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH,
+   (void *)GSS_KRB5_INQ_SSPI_SESSION_KEY_OID };
+gss_OID_desc gse_sesskeytype_oid = { GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+   (void *)GSS_KRB5_SESSION_KEY_ENCTYPE_OID };
+
 static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min);
 
 struct gse_context {
@@ -44,8 +59,6 @@ struct gse_context {
gss_name_t server_name;
gss_cred_id_t cli_creds;
 
-   DATA_BLOB session_key;
-
bool more_processing;
 };
 
@@ -348,9 +361,39 @@ bool gse_require_more_processing(struct gse_context 
*gse_ctx)
return gse_ctx->more_processing;
 }
 
-DATA_BLOB gse_get_session_key(struct gse_context *gse_ctx)
+DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx,
+  

[SCM] Samba Shared Repository - branch master updated

2010-08-13 Thread Simo Sorce
The branch, master has been updated
   via  ca8db7f... s3-smbd: Publish nt printers.
   via  aff002e... s3-smbd: Move rpc services init to smbd parent.
   via  62a2a9e... s3-smbd: Regroup some init functions.
   via  9ab62b7... s3-smbd: Fixed indent.
   via  4a5cef8... s3-loadparm: Added some comments to lp_load_ex calls.
   via  e180390... s3-smbd: Cleanup the order of the init functions.
   via  120bd97... s3-smbd: Make sure the event context is initialized.
  from  2c99eef... s3-build: remove pointless RPC_PARSE_OBJ2.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ca8db7fd63749989dcb3daae0c38b8b788ebdfb8
Author: Andreas Schneider 
Date:   Tue Aug 10 13:45:55 2010 +0200

s3-smbd: Publish nt printers.

Reloading of the printers requires rpc services up and running! The
first call in reload_services will be skipped.

Signed-off-by: Simo Sorce 

commit aff002e829b8169997f7f446959e2f1d5baf3a60
Author: Andreas Schneider 
Date:   Tue Aug 10 12:29:27 2010 +0200

s3-smbd: Move rpc services init to smbd parent.

The move to the parent makes it possible to use an internal rpc pipe
really early and as we migrated serveral parts of samba to rpc function
this is required. This should speed up the fork of a smbd a bit cause
the rpc services are already running.

We still have several problems here which aren't solved. We don't have a
dependency tree here. For example we have to make sure that the registry
is initialized before we can use the winreg pipe. The spoolss server
requires winreg, so we have to start winreg before we can start the
spoolss server. I'm sure there are more dependencies.

Signed-off-by: Simo Sorce 

commit 62a2a9e27f8983717f13dbe3d92b21ed4b9bf22e
Author: Andreas Schneider 
Date:   Tue Aug 10 12:28:46 2010 +0200

s3-smbd: Regroup some init functions.

Signed-off-by: Simo Sorce 

commit 9ab62b774f071be83375a4b2544a7e70e147e699
Author: Andreas Schneider 
Date:   Mon Aug 9 15:57:38 2010 +0200

s3-smbd: Fixed indent.

Signed-off-by: Simo Sorce 

commit 4a5cef82d8c2a0f35e9c06a0dc262fdb367279a1
Author: Andreas Schneider 
Date:   Mon Aug 9 14:50:12 2010 +0200

s3-loadparm: Added some comments to lp_load_ex calls.

Signed-off-by: Simo Sorce 

commit e18039062c77947dd4e6d1c841a7c587a85ab8ce
Author: Andreas Schneider 
Date:   Mon Aug 9 14:49:08 2010 +0200

s3-smbd: Cleanup the order of the init functions.

Signed-off-by: Simo Sorce 

commit 120bd9775a286e173a22f7c90b61e107887122e4
Author: Andreas Schneider 
Date:   Mon Aug 9 14:47:55 2010 +0200

s3-smbd: Make sure the event context is initialized.

Signed-off-by: Simo Sorce 

---

Summary of changes:
 source3/param/loadparm.c |   19 
 source3/smbd/files.c |5 +-
 source3/smbd/process.c   |   43 +--
 source3/smbd/server.c|   95 ++
 source3/smbd/server_reload.c |2 +-
 5 files changed, 92 insertions(+), 72 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 90699c0..e5c6038 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9296,18 +9296,19 @@ bool lp_load(const char *pszFname,
  save_defaults,
  add_ipc,
  initialize_globals,
- true, false);
+ true,   /* allow_include_registry */
+ false); /* allow_registry_shares*/
 }
 
 bool lp_load_initial_only(const char *pszFname)
 {
return lp_load_ex(pszFname,
- true,
- false,
- false,
- true,
- false,
- false);
+ true,   /* global only */
+ false,  /* save_defaults */
+ false,  /* add_ipc */
+ true,   /* initialize_globals */
+ false,  /* allow_include_registry */
+ false); /* allow_registry_shares*/
 }
 
 bool lp_load_with_registry_shares(const char *pszFname,
@@ -9321,8 +9322,8 @@ bool lp_load_with_registry_shares(const char *pszFname,
  save_defaults,
  add_ipc,
  initialize_globals,
- true,
- true);
+ true,  /* allow_include_registry */
+ true); /* allow_registry_shares*/
 }
 
 /***
diff --git a/source3/smbd/files.c b/sourc

[SCM] Samba Shared Repository - branch master updated

2010-08-13 Thread Simo Sorce
The branch, master has been updated
   via  71d80e6... s3-krb5 Only build ADS support if arcfour-hmac-md5 is 
available
   via  fff6fa7... s3:libnet Add other required headers for 
libnet_samsync_keytab.c
  from  5390bae... tdb: add TDB_DEPS variable filled with required libraries

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 71d80e6be0687ac7c2f3caab5e7b8caf400fe37e
Author: Andrew Bartlett 
Date:   Tue Aug 10 08:25:02 2010 +1000

s3-krb5 Only build ADS support if arcfour-hmac-md5 is available

Modern Kerberos implementations have either defines or enums for these
key types, which makes doing #ifdef difficult.  This shows up in files
such as libnet_samsync_keytab.c, the bulk of which is not compiled on
current Fedora 12, for example.

The downside is that this makes Samba unconditionally depend on the
arcfour-hmac-md5 encryption type at build time.  We will no longer
support libraries that only support the DES based encryption types.
However, the single-DES types that are supported in common with AD are
already painfully weak - so much so that they are disabled by default
in modern Kerberos libraries.

If not found, ADS support will not be compiled in.

This means that our 'net ads join' will no longer set the
ACB_USE_DES_KEY_ONLY flag, and we will always try to use
arcfour-hmac-md5.

A future improvement would be to remove the use of the DES encryption
types totally, but this would require that any ACB_USE_DES_KEY_ONLY
flag be removed from existing joins.

Andrew Bartlett

Signed-off-by: Simo Sorce 

commit fff6fa72ffa7890cee516bd7e65b50bdb8daf51d
Author: Andrew Bartlett 
Date:   Tue Aug 10 12:00:29 2010 +1000

s3:libnet Add other required headers for libnet_samsync_keytab.c

Due to missing defines in modern kerberos libraries, this code was
not compiled and so this wasn't noticed.

Andrew Bartlett

Signed-off-by: Simo Sorce 

---

Summary of changes:
 source3/configure.in   |   20 +++-
 source3/include/smb_krb5.h |2 +-
 source3/libads/kerberos_keytab.c   |9 -
 source3/libads/kerberos_verify.c   |2 --
 source3/libnet/libnet_dssync_keytab.c  |4 ++--
 source3/libnet/libnet_join.c   |6 --
 .../libnet/{libnet_join.c => libnet_join.c.orig}   |0 
 source3/libnet/libnet_samsync_keytab.c |7 +--
 ...msync_keytab.c => libnet_samsync_keytab.c.orig} |3 +++
 source3/libsmb/clikrb5.c   |2 --
 10 files changed, 34 insertions(+), 21 deletions(-)
 copy source3/libnet/{libnet_join.c => libnet_join.c.orig} (100%)
 copy source3/libnet/{libnet_samsync_keytab.c => libnet_samsync_keytab.c.orig} 
(99%)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index 6b73671..b4564ee 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -4040,6 +4040,7 @@ if test x"$with_ads_support" != x"no"; then
   [Whether the krb5_keyblock struct has a keyvalue property])
   fi
 
+  found_arcfour_hmac=no
   AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5],
  samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[
 AC_TRY_COMPILE([#include ],
@@ -4057,7 +4058,19 @@ if test x"$with_ads_support" != x"no"; then
   if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\
   x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then
 AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1,
-  [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available])
+  [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is 
available])
+found_arcfour_hmac=yes
+  fi
+  AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC],
+ samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC,[
+AC_TRY_COMPILE([#include ],
+  [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC;],
+  samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=yes,
+  samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=no)])
+  if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC" = x"yes"; then
+AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC,1,
+  [Whether the ENCTYPE_ARCFOUR_HMAC key type definition is 
available])
+found_arcfour_hmac=yes
   fi
 
   AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
@@ -4300,6 +4313,11 @@ if test x"$with_ads_support" != x"no"; then
   # NOTE: all tests should be done before this block!
   #
   #
+  if test x"$found_arcfour_hmac" != x"yes"; then
+AC_MSG_WARN(arcfour-hmac-md5 encryption type not found in -lkrb5)
+use_ads=no

[SCM] Samba Shared Repository - branch master updated

2010-07-30 Thread Simo Sorce
The branch, master has been updated
   via  28c7456... cleanups: Trailing spaces, line length, etc...
  from  57bd974... s3-dcerpc: Use dcerpc_guess_sizes in the server code too.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 28c74564c5bd3c972745deaa904ec8695f21ea1f
Author: Simo Sorce 
Date:   Fri Jul 30 16:34:53 2010 -0400

cleanups: Trailing spaces, line length, etc...

---

Summary of changes:
 source3/libads/kerberos_verify.c |  274 ++---
 1 files changed, 163 insertions(+), 111 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 10edd07..2047f0e 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -1,24 +1,24 @@
-/* 
+/*
Unix SMB/CIFS implementation.
kerberos utility library
Copyright (C) Andrew Tridgell 2001
Copyright (C) Remus Koos 2001
-   Copyright (C) Luke Howard 2003   
+   Copyright (C) Luke Howard 2003
Copyright (C) Guenther Deschner 2003, 2005
Copyright (C) Jim McDonough (j...@us.ibm.com) 2003
Copyright (C) Andrew Bartlett  2004-2005
Copyright (C) Jeremy Allison 2007
-   
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-   
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
-   
+
You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -113,11 +113,11 @@ static bool 
ads_dedicated_keytab_verify_ticket(krb5_context context,
return auth_ok;
 }
 
-/**
- Try to verify a ticket using the system keytab... the system keytab has kvno 
-1 entries, so
- it's more like what microsoft does... see comment in utils/net_ads.c in the
- ads_keytab_add_entry function for details.
-***/
+/**
+ Try to verify a ticket using the system keytab... the system keytab has
+ kvno -1 entries, so it's more like what microsoft does... see comment in
+ utils/net_ads.c in the ads_keytab_add_entry function for details.
+**/
 
 static bool ads_keytab_verify_ticket(krb5_context context,
krb5_auth_context auth_context,
@@ -131,12 +131,14 @@ static bool ads_keytab_verify_ticket(krb5_context context,
krb5_keytab keytab = NULL;
krb5_kt_cursor kt_cursor;
krb5_keytab_entry kt_entry;
-   char *valid_princ_formats[7] = { NULL, NULL, NULL, NULL, NULL, NULL, 
NULL };
+   char *valid_princ_formats[7] = { NULL, NULL, NULL,
+NULL, NULL, NULL, NULL };
char *entry_princ_s = NULL;
fstring my_name, my_fqdn;
int i;
int number_matched_principals = 0;
krb5_data packet;
+   int err;
 
*pp_tkt = NULL;
*keyblock = NULL;
@@ -151,25 +153,39 @@ static bool ads_keytab_verify_ticket(krb5_context context,
my_fqdn[0] = '\0';
name_to_fqdn(my_fqdn, global_myname());
 
-   if (asprintf(&valid_princ_formats[0], "%...@%s", my_name, lp_realm()) 
== -1) {
+   err = asprintf(&valid_princ_formats[0],
+   "%...@%s", my_name, lp_realm());
+   if (err == -1) {
goto out;
}
-   if (asprintf(&valid_princ_formats[1], "host/%...@%s", my_name, 
lp_realm()) == -1) {
+   err = asprintf(&valid_princ_formats[1],
+   "host/%...@%s", my_name, lp_realm());
+   if (err == -1) {
goto out;
}
-   if (asprintf(&valid_princ_formats[2], "host/%...@%s", my_fqdn, 
lp_realm()) == -1) {
+   err = asprintf(&valid_princ_formats[2],
+   "host/%...@%s", my_fqdn, lp_realm());
+   if (err == -1) {
goto out;
}
-   if (asprintf(&valid_princ_formats[3], "host/%s...@%s", my_name, 
lp_realm(), lp_realm()) == -1) {
+   err = asprintf(&valid_princ_formats[3],
+   "host/%s...@%s", my_name, lp_realm(), lp_realm());
+   if (

[SCM] Samba Shared Repository - branch master updated

2010-07-30 Thread Simo Sorce
The branch, master has been updated
   via  57bd974... s3-dcerpc: Use dcerpc_guess_sizes in the server code too.
   via  4c64e4d... s3-dceprc: Improve dcerpc_guess_sizes() interface
   via  3469fbc... s3-dcerpc: rationalize packet creation in the server code
   via  a9d3a59... s3-dcerpc: Make function to guess pdu sizes common.
   via  9329a9f... s3-dceprc: consolidate use of dcerpc_push_dcerpc_auth()
   via  da6c246... s3-dcerpc: Remove unused functions
   via  186f936... s3-dcerpc: use common spengo wrapper code for client 
SPNEGO/NTLMSSP
   via  984438c... s3-dcerpc: add sign/seal support when using SPNEGO/KRB5
   via  0b24e8e... s3-dcerpc: Add SPNEGO incapsulation for KRB5 auth
   via  e286b9c... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal 
is set for ntlmssp
  from  fcdda8f... s3: Remove "cli" from "struct finfo"

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 57bd974e5865212641f6941dd875bc1bc4967ed9
Author: Simo Sorce 
Date:   Fri Jul 30 14:01:01 2010 -0400

s3-dcerpc: Use dcerpc_guess_sizes in the server code too.

commit 4c64e4d4af3403559b370381d7f14a83a39adfa7
Author: Simo Sorce 
Date:   Fri Jul 30 13:12:35 2010 -0400

s3-dceprc: Improve dcerpc_guess_sizes() interface

Make it possible to pass in the NDR padding size so that theoretically
client and server code can decide to use a different alignment.

Pass in the header length as a parameter so that this function can be used 
for
different type of packets.

Make sure padding size will not make the fragment exceed the maximum length.

Calculate padding taking in account the header length.

commit 3469fbc5e4098e798a03d14fece24fde2b60d9b9
Author: Simo Sorce 
Date:   Fri Jul 30 12:19:20 2010 -0400

s3-dcerpc: rationalize packet creation in the server code

Move all related functions into create_next_packet, but make it transport
neutral (not pass in pipse_struct)

commit a9d3a596a7c4d7e5775751cbce74e2fb07ce2192
Author: Simo Sorce 
Date:   Fri Jul 30 11:27:40 2010 -0400

s3-dcerpc: Make function to guess pdu sizes common.

commit 9329a9fe848761e2835ff58123d8f64d8bab35b2
Author: Simo Sorce 
Date:   Thu Jul 29 20:20:49 2010 -0400

s3-dceprc: consolidate use of dcerpc_push_dcerpc_auth()

commit da6c246aacc298ec0c7536289afbd9e0d99ea130
Author: Simo Sorce 
Date:   Thu Jul 29 20:21:53 2010 -0400

s3-dcerpc: Remove unused functions

commit 186f93633b4890c444115ac4eed109aa24f20b44
Author: Simo Sorce 
Date:   Thu Jul 29 19:55:44 2010 -0400

s3-dcerpc: use common spengo wrapper code for client SPNEGO/NTLMSSP

commit 984438ca1522bfc2d882b2e3e7e8db187577e05a
Author: Simo Sorce 
Date:   Thu Jul 29 16:34:39 2010 -0400

s3-dcerpc: add sign/seal support when using SPNEGO/KRB5

commit 0b24e8e869207dcb567b61272794daef48ee492a
Author: Simo Sorce 
Date:   Wed Jul 28 17:06:51 2010 -0400

s3-dcerpc: Add SPNEGO incapsulation for KRB5 auth

commit e286b9c0bd7bf553f216d7c8288bb75a6b3dde95
Author: Simo Sorce 
Date:   Thu Jul 29 20:07:19 2010 -0400

rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal is set for ntlmssp

---

Summary of changes:
 source3/Makefile.in |5 +-
 source3/include/ntdomain.h  |5 +-
 source3/include/proto.h |8 +
 source3/librpc/rpc/dcerpc.h |5 +
 source3/librpc/rpc/dcerpc_helpers.c |  476 +-
 source3/librpc/rpc/dcerpc_spnego.c  |  354 +++
 source3/librpc/rpc/dcerpc_spnego.h  |   53 +++
 source3/rpc_client/cli_pipe.c   |  638 +--
 source3/rpc_server/srv_pipe.c   |  179 ---
 source3/rpcclient/rpcclient.c   |   45 ++-
 10 files changed, 1132 insertions(+), 636 deletions(-)
 create mode 100644 source3/librpc/rpc/dcerpc_spnego.c
 create mode 100644 source3/librpc/rpc/dcerpc_spnego.h


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 91856c2..bf2646d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -676,7 +676,9 @@ RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) 
$(NPA_TSTREAM_OBJ)
 
 RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2)
 
-RPC_CLIENT_OBJ = rpc_client/cli_pipe.o librpc/rpc/dcerpc_gssapi.o \
+RPC_CLIENT_OBJ = rpc_client/cli_pipe.o \
+librpc/rpc/dcerpc_gssapi.o \
+librpc/rpc/dcerpc_spnego.o \
 librpc/rpc/rpc_common.o \
 rpc_client/rpc_transport_np.o \
 rpc_client/rpc_transport_sock.o \
@@ -1355,6 +1357,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
   librpc/rpc/rpc_common.o \
   rpc_client/cli_pipe.o \
   librpc/rpc/dcerpc_gssapi.o \
+  librpc/rpc/dcerpc_spnego.o \
   ../

[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  e8ac4a8... s3-dcerpc: Try to fix build when gssapi_ext.h is not 
available
  from  7c9c075... Do not refernece pipe_auth_data directly in 
dcerpc_gssapi.c

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e8ac4a8b82798ef0691d384f59d880dc38b56592
Author: Simo Sorce 
Date:   Wed Jul 28 17:06:14 2010 -0400

s3-dcerpc: Try to fix build when gssapi_ext.h is not available

---

Summary of changes:
 source3/librpc/rpc/dcerpc_gssapi.c |   82 +---
 1 files changed, 39 insertions(+), 43 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/rpc/dcerpc_gssapi.c 
b/source3/librpc/rpc/dcerpc_gssapi.c
index 56f2a53..c9496ab 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -20,12 +20,13 @@
 /* We support only GSSAPI/KRB5 here */
 
 #include "includes.h"
+#include "dcerpc_gssapi.h"
+
+#if defined(HAVE_GSSAPI_GSSAPI_EXT_H) && defined(HAVE_GSS_WRAP_IOV)
+
 #include 
 #include 
 #include 
-#include "dcerpc_gssapi.h"
-
-#ifdef HAVE_GSSAPI_H
 
 static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min);
 
@@ -352,43 +353,6 @@ DATA_BLOB gse_get_session_key(struct gse_context *gse_ctx)
return gse_ctx->session_key;
 }
 
-#else /* HAVE_GSSAPI_H */
-
-NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
- const char *ccache_name,
- const char *server,
- const char *service,
- const char *username,
- const char *password,
- uint32_t add_gss_c_flags,
- struct pipe_auth_data **_auth)
-{
-   return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS gse_gen_client_auth_token(TALLOC_CTX *mem_ctx,
-  struct gse_context *gse_ctx,
-  DATA_BLOB *auth_blob)
-{
-   return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-bool gse_require_more_processing(struct gse_context *gse_ctx)
-{
-   return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-DATA_BLOB gse_get_session_key(struct gse_context *gse_ctx)
-{
-   return data_blob_null;
-}
-
-#endif /* HAVE_GSSAPI_H */
-
-#ifdef HAVE_GSS_WRAP_IOV
-
 size_t gse_get_signature_length(struct gse_context *gse_ctx,
int seal, size_t payload_size)
 {
@@ -574,12 +538,44 @@ done:
return status;
 }
 
-#else /* HAVE_GSS_WRAP_IOV */
+#else
+
+NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ const char *ccache_name,
+ const char *server,
+ const char *service,
+ const char *username,
+ const char *password,
+ uint32_t add_gss_c_flags,
+ struct gse_context **_gse_ctx)
+{
+   return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
+  struct gse_context *gse_ctx,
+  DATA_BLOB *token_in,
+  DATA_BLOB *token_out)
+{
+   return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+bool gse_require_more_processing(struct gse_context *gse_ctx)
+{
+   return false;
+}
+
+DATA_BLOB gse_get_session_key(struct gse_context *gse_ctx)
+{
+   return data_blob_null;
+}
 
 size_t gse_get_signature_length(struct gse_context *gse_ctx,
int seal, size_t payload_size)
 {
-   return NT_STATUS_NOT_IMPLEMENTED;
+   return 0;
 }
 
 NTSTATUS gse_seal(TALLOC_CTX *mem_ctx, struct gse_context *gse_ctx,
@@ -606,4 +602,4 @@ NTSTATUS gse_sigcheck(TALLOC_CTX *mem_ctx, struct 
gse_context *gse_ctx,
return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-#endif /* HAVE_GSS_WRAP_IOV */
+#endif /* HAVE_GSSAPI_EXT_H && HAVE_GSS_WRAP_IOV */


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  7c9c075... Do not refernece pipe_auth_data directly in 
dcerpc_gssapi.c
  from  d17abc6... s3-dcerpc: Avoid ifdef, it is handled within 
dcerpc_gssapi.c already

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7c9c075987e7cdb2d5cb6311876f088f907e46f2
Author: Simo Sorce 
Date:   Wed Jul 28 15:53:56 2010 -0400

Do not refernece pipe_auth_data directly in dcerpc_gssapi.c

---

Summary of changes:
 source3/librpc/rpc/dcerpc_gssapi.c |   48 +++---
 source3/librpc/rpc/dcerpc_gssapi.h |2 +-
 source3/rpc_client/cli_pipe.c  |   50 +++
 3 files changed, 55 insertions(+), 45 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/rpc/dcerpc_gssapi.c 
b/source3/librpc/rpc/dcerpc_gssapi.c
index 8c0ad6a..56f2a53 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -169,9 +169,8 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
  const char *username,
  const char *password,
  uint32_t add_gss_c_flags,
- struct pipe_auth_data **_auth)
+ struct gse_context **_gse_ctx)
 {
-   struct pipe_auth_data *auth;
struct gse_context *gse_ctx;
OM_uint32 gss_maj, gss_min;
gss_buffer_desc name_buffer = {0, NULL};
@@ -182,42 +181,15 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
 
-   auth = talloc(mem_ctx, struct pipe_auth_data);
-   if (auth == NULL) {
-   return NT_STATUS_NO_MEMORY;
-   }
-
-   auth->auth_type = auth_type;
-   if (auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
-   auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
-   }
-   auth->auth_level = auth_level;
-
-   if (!username) {
-   username = "";
-   }
-
-   auth->user_name = talloc_strdup(auth, username);
-   if (!auth->user_name) {
-   status = NT_STATUS_NO_MEMORY;
-   goto err_out;
-   }
-
-   /* Fixme, should we fetch/set the Realm ? */
-   auth->domain = talloc_strdup(auth, "");
-   if (!auth->domain) {
-   status = NT_STATUS_NO_MEMORY;
-   goto err_out;
-   }
-
-   status = gse_context_init(auth, auth_type, auth_level,
+   status = gse_context_init(mem_ctx, auth_type, auth_level,
  ccache_name, add_gss_c_flags,
  &gse_ctx);
if (!NT_STATUS_IS_OK(status)) {
-   goto err_out;
+   return NT_STATUS_NO_MEMORY;
}
 
-   name_buffer.value = talloc_asprintf(auth, "%...@%s", service, server);
+   name_buffer.value = talloc_asprintf(gse_ctx,
+   "%...@%s", service, server);
if (!name_buffer.value) {
status = NT_STATUS_NO_MEMORY;
goto err_out;
@@ -229,7 +201,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
if (gss_maj) {
DEBUG(0, ("gss_import_name failed for %s, with [%s]\n",
  (char *)name_buffer.value,
- gse_errstr(auth, gss_maj, gss_min)));
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
@@ -250,18 +222,18 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
if (gss_maj) {
DEBUG(0, ("gss_acquire_creds failed for %s, with [%s]\n",
  (char *)name_buffer.value,
- gse_errstr(auth, gss_maj, gss_min)));
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
 
-   auth->a_u.gssapi_state = gse_ctx;
-   *_auth = auth;
+   *_gse_ctx = gse_ctx;
TALLOC_FREE(name_buffer.value);
return NT_STATUS_OK;
 
 err_out:
-   TALLOC_FREE(auth);
+   TALLOC_FREE(name_buffer.value);
+   TALLOC_FREE(gse_ctx);
return status;
 }
 
diff --git a/source3/librpc/rpc/dcerpc_gssapi.h 
b/source3/librpc/rpc/dcerpc_gssapi.h
index 6367990..3152033 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.h
+++ b/source3/librpc/rpc/dcerpc_gssapi.h
@@ -35,7 +35,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
  const char *username,
  const char *password,
  uint32_t add_gss_c_flags,
- struct pipe_auth_data **_auth);
+ s

[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  d17abc6... s3-dcerpc: Avoid ifdef, it is handled within 
dcerpc_gssapi.c already
  from  44add99... s3: Fix cli_qpathinfo2

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d17abc69f690ccc845a0a1d6d291b6e21ce86b3d
Author: Simo Sorce 
Date:   Wed Jul 28 15:35:02 2010 -0400

s3-dcerpc: Avoid ifdef, it is handled within dcerpc_gssapi.c already

---

Summary of changes:
 source3/rpc_client/cli_pipe.c |9 ++---
 1 files changed, 2 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8588875..bbd869e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3344,7 +3344,6 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const char *password,
struct rpc_pipe_client **presult)
 {
-#ifdef HAVE_GSSAPI_H
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
NTSTATUS status;
@@ -3367,18 +3366,14 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
 
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
-   DEBUG(0, ("cli_rpc_pipe_open_krb5: cli_rpc_pipe_bind failed "
- "with error %s\n", nt_errstr(status)));
+   DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
+ nt_errstr(status)));
TALLOC_FREE(result);
return status;
}
 
*presult = result;
return NT_STATUS_OK;
-#else
-   DEBUG(0,("cli_rpc_pipe_open_krb5: kerberos not found at compile 
time.\n"));
-   return NT_STATUS_NOT_IMPLEMENTED;
-#endif
 }
 
 NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  c4b3c9e... smbd: Fix build warning
  from  7eaa15a... s3-dcerpc: Add sign/seal with gssapi

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit c4b3c9ec0f2efa937529160999f7e44bcad3591f
Author: Simo Sorce 
Date:   Wed Jul 28 12:44:37 2010 -0400

smbd: Fix build warning

---

Summary of changes:
 source3/smbd/process.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index d91c07e..b867ba1 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -2857,7 +2857,7 @@ fail:
return false;
 }
 
-static bool spoolss_init_cb(void)
+static bool spoolss_init_cb(void *ptr)
 {
return nt_printing_tdb_migrate();
 }


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  7eaa15a... s3-dcerpc: Add sign/seal with gssapi
   via  1abcbd7... s3-dcerpc: Add next authentication step with gssapi
   via  135a82e... s3-decrpc: Introduce gssapi support for dcerpc krb5 auth
  from  7208809... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal 
is set for krb5 auth

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7eaa15af2c5b544946bfb2b8c522ba9677527972
Author: Simo Sorce 
Date:   Sat Jul 24 13:02:57 2010 -0400

s3-dcerpc: Add sign/seal with gssapi

commit 1abcbd70aed327ae5233423ce74662241fa9d21a
Author: Simo Sorce 
Date:   Sat Jul 24 10:35:25 2010 -0400

s3-dcerpc: Add next authentication step with gssapi

commit 135a82e78f9537fb7b7f4b82fb7cba065737675f
Author: Simo Sorce 
Date:   Fri Jul 23 14:47:36 2010 -0400

s3-decrpc: Introduce gssapi support for dcerpc krb5 auth

---

Summary of changes:
 source3/Makefile.in |4 +-
 source3/configure.in|3 +-
 source3/include/ntdomain.h  |8 +-
 source3/librpc/rpc/dcerpc_gssapi.c  |  637 +++
 source3/librpc/rpc/dcerpc_gssapi.h  |   58 
 source3/librpc/rpc/dcerpc_helpers.c |   86 +
 source3/rpc_client/cli_pipe.c   |  263 +++
 7 files changed, 919 insertions(+), 140 deletions(-)
 create mode 100644 source3/librpc/rpc/dcerpc_gssapi.c
 create mode 100644 source3/librpc/rpc/dcerpc_gssapi.h


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1b641a4..91856c2 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -676,7 +676,8 @@ RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) 
$(NPA_TSTREAM_OBJ)
 
 RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2)
 
-RPC_CLIENT_OBJ = rpc_client/cli_pipe.o librpc/rpc/rpc_common.o \
+RPC_CLIENT_OBJ = rpc_client/cli_pipe.o librpc/rpc/dcerpc_gssapi.o \
+librpc/rpc/rpc_common.o \
 rpc_client/rpc_transport_np.o \
 rpc_client/rpc_transport_sock.o \
 rpc_client/rpc_transport_smbd.o
@@ -1353,6 +1354,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
   $(RPC_CLIENT_OBJ1) \
   librpc/rpc/rpc_common.o \
   rpc_client/cli_pipe.o \
+  librpc/rpc/dcerpc_gssapi.o \
   ../librpc/rpc/binding.o \
   $(LIBMSRPC_GEN_OBJ)
 
diff --git a/source3/configure.in b/source3/configure.in
index 905ad23..4b92cd6 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3749,7 +3749,7 @@ if test x"$with_ads_support" != x"no"; then
 
   # now check for gssapi headers.  This is also done here to allow for
   # different kerberos include paths
-  AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h com_err.h)
+  AC_CHECK_HEADERS(gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h 
gssapi/gssapi_ext.h com_err.h)
 
   ##
   # we might need the k5crypto and com_err libraries on some systems
@@ -3774,6 +3774,7 @@ if test x"$with_ads_support" != x"no"; then
   # now see if we can find the gssapi libs in standard paths
   if test x"$have_gssapi" != x"yes"; then
  AC_CHECK_LIB_EXT(gssapi_krb5, 
KRB5_LIBS,gss_display_status,[],[],have_gssapi=yes)
+ AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS)
   fi
 
   AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS)
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index c843bc9..0651381 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -99,11 +99,7 @@ enum pipe_auth_type_spnego {
PIPE_AUTH_TYPE_SPNEGO_KRB5
 };
 
-/* auth state for krb5. */
-struct kerberos_auth_struct {
-   const char *service_principal;
-   DATA_BLOB session_key;
-};
+struct gse_context;
 
 /* auth state for all bind types. */
 
@@ -115,7 +111,7 @@ struct pipe_auth_data {
union {
struct schannel_state *schannel_auth;
struct auth_ntlmssp_state *auth_ntlmssp_state;
-   struct kerberos_auth_struct *kerberos_auth; /* Client only for 
now */
+   struct gse_context *gssapi_state; /* Client only for now */
} a_u;
 
/* Only the client code uses these 3 for now */
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c 
b/source3/librpc/rpc/dcerpc_gssapi.c
new file mode 100644
index 000..8c0ad6a
--- /dev/null
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -0,0 +1,637 @@
+/*
+ *  GSSAPI Security Extensions
+ *  RPC Pipe client routines
+ *  Copyright (C) Simo Sorce 2010.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either 

[SCM] Samba Shared Repository - branch master updated

2010-07-28 Thread Simo Sorce
The branch, master has been updated
   via  7208809... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal 
is set for krb5 auth
   via  183e0a0... s3-dcerpc: Refactor calculate_data_len_tosend()
   via  c08d684... s3-dcerpc: Add auth trailer only when appropriate.
   via  866f85e... s3-dcerpc: consolidate unmarshalling of dcerpc_auth
   via  146af48... s3-dcerpc: revive cli_rpc_pipe_open_krb5()
   via  250e341... misc: Remove unused structure elements
   via  b00f9a0... s3-rpcclient: Allow choosing spnego mech: (ntlm/krb5)
   via  2463a87... s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data
   via  1e915d2... s3-dcerpc: Cleanup and refactor create_rpc_bind_req()
   via  3c3237d... s3-auth: Remove unimplemented functions
   via  bfe53d4... s3-dcerpc: Set flags directly instead of calling 
unimplemented functions.
   via  7407c97... s3-dcerpc: Use dcerpc_check_auth in client code too
   via  9565e3f... s3-dcerpc: Make dcerpc_check_auth() common code
   via  5f2cca6... s3-dcerpc: Add the same paranoia checks we have in the 
client code
   via  49a8c29... s3-dcerpc: Split auth checking into a generic function.
   via  1fc71c9... s3-dcerpc do not pass pipes_struct to 
dcesrv_auth_request()
   via  2ce169c... s3-dcerpc: Make dcesrv_auth_request() return NTSTATUS 
codes
   via  aa4c5a2... s3-dcerpc: Use the common dcerpc_add_auth_footer() in 
the server code
   via  3139333... s3-dcerpc: Move dcerpc_add_auth_footer() to the common 
helpers file
   via  6f5cdf9... s3-dcerpc: Introduce generic helper function to add auth 
trailer
   via  1b57249... s3-dcerpc: Pass explicit arguments so that this is not 
client specific
   via  e2b0e43... s3-dcerpc: Move marshalling of dcerpc_auth_header in the 
callers
  from  6ffd7dc... s3-rpc: Use struct pipes_struct.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 72088096af8dbf57cbc85c71cd0eef4447e7560d
Author: Simo Sorce 
Date:   Wed Jul 21 12:11:37 2010 -0400

rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal is set for krb5 
auth

commit 183e0a0d9f87bc619cd832decf5745be1d28f598
Author: Simo Sorce 
Date:   Thu Jul 22 16:14:16 2010 -0400

s3-dcerpc: Refactor calculate_data_len_tosend()

commit c08d684f4ef679831e8fed69cd87e4d9b06cb3e0
Author: Simo Sorce 
Date:   Wed Jul 21 13:33:09 2010 -0400

s3-dcerpc: Add auth trailer only when appropriate.

commit 866f85e31973de356c3843836d5cacdbdf245e32
Author: Simo Sorce 
Date:   Wed Jul 21 12:12:58 2010 -0400

s3-dcerpc: consolidate unmarshalling of dcerpc_auth

commit 146af48d4887e8fa0c66bf53aa5f204366648478
Author: Simo Sorce 
Date:   Tue Jul 20 18:43:37 2010 -0400

s3-dcerpc: revive cli_rpc_pipe_open_krb5()

commit 250e341e0aad67c2f70fea597f34deadea1d2ccc
Author: Simo Sorce 
Date:   Tue Jul 20 18:39:46 2010 -0400

misc: Remove unused structure elements

commit b00f9a0a2d3b692dd12e182a2a4a7979c626dec7
Author: Simo Sorce 
Date:   Tue Jul 20 17:26:32 2010 -0400

s3-rpcclient: Allow choosing spnego mech: (ntlm/krb5)

commit 2463a871776bb4de8653d6a44469d2adb3ec9418
Author: Simo Sorce 
Date:   Tue Jul 20 13:26:36 2010 -0400

s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data

commit 1e915d231d4191bf3a0bb54ba99a31ad6b2afd3b
Author: Simo Sorce 
Date:   Tue Jul 20 11:49:23 2010 -0400

s3-dcerpc: Cleanup and refactor create_rpc_bind_req()

commit 3c3237dd0afa37ba0e545424f5008973b645cf96
Author: Simo Sorce 
Date:   Tue Jul 20 11:23:11 2010 -0400

s3-auth: Remove unimplemented functions

commit bfe53d414548cd8a0226136b73cf2b766b6a61ef
Author: Simo Sorce 
Date:   Tue Jul 20 11:22:50 2010 -0400

s3-dcerpc: Set flags directly instead of calling unimplemented functions.

commit 7407c979a1469997c9277c501787b5f16aac
Author: Simo Sorce 
Date:   Mon Jul 19 20:03:08 2010 -0400

s3-dcerpc: Use dcerpc_check_auth in client code too

commit 9565e3f6a7ef2fb590558eb7b29c6c2fc657fca9
Author: Simo Sorce 
Date:   Mon Jul 19 19:49:35 2010 -0400

s3-dcerpc: Make dcerpc_check_auth() common code

commit 5f2cca6b2a7b8b7bad4a47a2bd31174c45fa2611
Author: Simo Sorce 
Date:   Mon Jul 19 19:42:12 2010 -0400

s3-dcerpc: Add the same paranoia checks we have in the client code

commit 49a8c2965d2982e6510609fa9772a56597494641
Author: Simo Sorce 
Date:   Mon Jul 19 19:34:34 2010 -0400

s3-dcerpc: Split auth checking into a generic function.

commit 1fc71c9c6ff26f2d49f314b8425c6cd4c91683f3
Author: Simo Sorce 
Date:   Mon Jul 19 17:51:18 2010 -0400

s3-dcerpc do not pass pipes_struct to dcesrv_auth_request()

commit 2ce169ce187cc7229aecdc3e5cd889c5194956aa
Author: Simo Sorce 
Date:   Mon Jul 19 17:14:56 2010 -0400

s3-dcerpc: Make dcesrv_auth_request() return NTSTATUS codes

commit aa4c5a2bfb27fc274de2a83c4724e0f10ad6b119
Author: Simo Sorce 
Date:   Mon Jul 19 16:16:40 2010 -0400

s3-dcerpc: Use the common

[SCM] Samba Shared Repository - branch master updated

2010-07-27 Thread Simo Sorce
oolss: Migrated spoolss_SetForm to the winreg 
function.
   via  76f72fe... s3-spoolss: Migrated spoolss_DeleteForm to the winreg 
function.
   via  fad361a... s3-spoolss: Migrated spoolss_AddForm to the winreg 
function.
   via  2ae1796... s3-spoolss: Migrated spoolss_EnumForms to the winreg 
function.
   via  142431d... s3-spoolss: Migrated spoolss_DeletePrinterKey to the 
winreg functions.
   via  fb5529f... s3-spoolss: Migrated spoolss_DeletePrinterDataEx to the 
winreg functions.
   via  e210230... s3-spoolss: Migrated spoolss_EnumPrinterKey to the 
winreg functions.
   via  df35b34... s3-spoolss: Migrated spoolss_EnumPrinterDataEx to the 
winreg functions.
   via  795618a... s3-spoolss: Migrated spoolss_GetPrinterDataEx to the 
winreg functions.
   via  3d7e99e... s3-spoolss: Migrated spoolss_SetPrinterDataEx to the 
winreg functions.
   via  71be0ec... s3-registry: Redirect KEY_CONTROL_PRINTERS to 
KEY_WINNT_PRINTERS.
   via  65eb38b... s3-registry: Init all needed registry keys for printing.
   via  5604a78... s3-spoolss: Migrated NT_DEVICEMODE to spoolss_DeviceMode.
   via  104c419... s4-torture: Disable setting REG_BINARY printer data with 
size 0.
  from  6446c75... Fix several places where talloc_asprintf returns were 
unchecked.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9168713774c02ba2f71d89379cc239a900ebeafe
Author: Andreas Schneider 
Date:   Tue Jul 27 12:27:54 2010 +0200

s3-spoolss: Fixed FILL_DRIVER_STRING leading to wrong results.

commit 90c17828824401c7be065a7bbf706dcafef0fc31
Author: Simo Sorce 
Date:   Mon Jul 26 18:28:15 2010 -0400

s3-spoolss: Avoid segfault, check drivername is actually not NULL.

commit 6cd2f2ff31768a40ca60112964b35bf040b2e6d8
Author: Simo Sorce 
Date:   Mon Jul 26 19:14:03 2010 +0200

s3-spoolss: Fixed a possible segfault in winreg_get_printer.

commit bb0226f10ef86296af273ea0e9692b72d0ead4c2
Author: Andreas Schneider 
Date:   Mon Jul 26 18:12:13 2010 +0200

s3-spoolss: Correctly set the default values.

commit b95d5563ddff7aec15f4138be731578785dca7ec
Author: Andreas Schneider 
Date:   Tue Jun 15 13:37:44 2010 +0200

s3-printing: Added automatic migration of printing tdbs.

Signed-off-by: Jim McDonough 

commit 924cc43d1b8f8358f7c7aaef16b06437e39cd05b
Author: Andreas Schneider 
Date:   Wed Jun 30 10:40:24 2010 +0200

s3-spoolss: Move the standard mappings to spoolss.

Signed-off-by: Jim McDonough 

commit c3186f22c5d501cc6afed7556579906d27763251
Author: Andreas Schneider 
Date:   Wed Jun 30 10:39:43 2010 +0200

s3-lib: Make the standard_mapping parameter const.

Signed-off-by: Jim McDonough 

commit 1be454538b2e4d242be90e43fab9eb09f0b07a57
Author: Andreas Schneider 
Date:   Wed Jun 30 10:25:08 2010 +0200

s3-spoolss: Remove the program global current_user_info.

Signed-off-by: Jim McDonough 

commit d8c81423aa52f1810cafeefa186f7dd0590cb0de
Author: Andreas Schneider 
Date:   Tue Jun 29 15:05:00 2010 +0200

s3-spoolss: Remove unused MAGIC_DISPLAY_FREQUENCY

Signed-off-by: Jim McDonough 

commit 8fe6813ca0e6ccbe4fed91425f82443f5cb166a4
Author: Andreas Schneider 
Date:   Mon Jun 28 09:57:41 2010 +0200

s4-torture: Enable tests with keynames including a slash.

Signed-off-by: Jim McDonough 

commit db2a777b0ee1e75fb6d11ad1240d7214a4e1dac4
Author: Andreas Schneider 
Date:   Tue Jun 15 13:37:44 2010 +0200

s3-printing: Added automatic migration of printing tdbs.

Signed-off-by: Jim McDonough 

commit 35e03ef5c22020e047bd05e61be6c46701a07702
Author: Andreas Schneider 
Date:   Tue Jun 15 11:48:12 2010 +0200

s3-printing: Move all tdb upgrade functions to a separate file.

Signed-off-by: Jim McDonough 

commit c18913a2c216d9dd092f4efb3dfbad376fc29bb6
Author: Simo Sorce 
Date:   Fri May 7 05:03:32 2010 -0400

s3-smbd: Convert reply_printqueue to use spoolss.

Signed-off-by: Jim McDonough 

commit 3f68a39458dddf7cfc67ce78248f3f1bdad18ba6
Author: Andreas Schneider 
Date:   Tue Jun 1 17:09:21 2010 +0200

Revert "s4-smbtorture: skip driverName and printerName DsSpooler tests for 
now."

This reverts commit 23eb2888d94b34822e4c49b1d62f4bd3fac43fcf.

Signed-off-by: Jim McDonough 

commit 96c25cdad5e82a1aed77692796617532f663aca1
Author: Andreas Schneider 
Date:   Tue Jun 8 13:03:22 2010 +0200

s3-spoolss: Create winprint print processor key.

Signed-off-by: Jim McDonough 

commit f5a2f8fa2b66d23eb2e99443f6d6bb85b6199b63
Author: Simo Sorce 
Date:   Fri May 7 10:37:48 2010 -0400

s3-printing: Removed unused function print_job_fd().

Signed-off-by: Jim McDonough 

commit 21cd59e7a5b319a8800c904d21f0d1e885acc7fb
Author: Simo Sorce 
Date:   Fri May 7 07:35:23 2010 -0400

s3-smbd: Use the right check to test if we can print.

Signed-off-b

[SCM] Samba Shared Repository - branch master updated

2010-07-21 Thread Simo Sorce
The branch, master has been updated
   via  61cfbf3... s3-rpc_server: Cleanup the way we free pipe auth data
   via  636de43... cleaup: Reformat cli_get_session_key()
  from  3b502d8... s3-dcerpc: Fix potential memleak

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 61cfbf342fb508477bd45ed8378af7ba6f147727
Author: Simo Sorce 
Date:   Sat Jul 17 16:34:33 2010 -0400

s3-rpc_server: Cleanup the way we free pipe auth data

commit 636de433ac9cb658c35b8fc45933d8dcb98a991e
Author: Simo Sorce 
Date:   Mon Jul 19 15:43:22 2010 -0400

cleaup: Reformat cli_get_session_key()

merge cli_get_session_key

---

Summary of changes:
 source3/rpc_client/cli_pipe.c |   43 -
 source3/rpc_server/srv_pipe.c |   23 -
 2 files changed, 34 insertions(+), 32 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index c3712f7..6de2e80 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3836,6 +3836,7 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
 struct rpc_pipe_client *cli,
 DATA_BLOB *session_key)
 {
+   struct pipe_auth_data *a = cli->auth;
DATA_BLOB sk;
 
if (!session_key || !cli) {
@@ -3847,29 +3848,27 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
}
 
switch (cli->auth->auth_type) {
-   case PIPE_AUTH_TYPE_SCHANNEL:
-   *session_key = data_blob_talloc(mem_ctx,
-   
cli->auth->a_u.schannel_auth->creds->session_key, 16);
-   break;
-   case PIPE_AUTH_TYPE_NTLMSSP:
-   case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
-   sk = 
auth_ntlmssp_get_session_key(cli->auth->a_u.auth_ntlmssp_state);
-   *session_key = data_blob_dup_talloc(mem_ctx, &sk);
-   break;
-   case PIPE_AUTH_TYPE_KRB5:
-   case PIPE_AUTH_TYPE_SPNEGO_KRB5:
-   *session_key = data_blob_talloc(mem_ctx,
-   cli->auth->a_u.kerberos_auth->session_key.data,
-   
cli->auth->a_u.kerberos_auth->session_key.length);
-   break;
-   case PIPE_AUTH_TYPE_NONE:
-   *session_key = data_blob_talloc(mem_ctx,
-   cli->auth->user_session_key.data,
-   cli->auth->user_session_key.length);
-   break;
-   default:
-   return NT_STATUS_NO_USER_SESSION_KEY;
+   case PIPE_AUTH_TYPE_SCHANNEL:
+   sk = data_blob_const(a->a_u.schannel_auth->creds->session_key,
+16);
+   break;
+   case PIPE_AUTH_TYPE_NTLMSSP:
+   case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+   sk = auth_ntlmssp_get_session_key(a->a_u.auth_ntlmssp_state);
+   break;
+   case PIPE_AUTH_TYPE_KRB5:
+   case PIPE_AUTH_TYPE_SPNEGO_KRB5:
+   sk = data_blob_const(a->a_u.kerberos_auth->session_key.data,
+a->a_u.kerberos_auth->session_key.length);
+   break;
+   case PIPE_AUTH_TYPE_NONE:
+   sk = data_blob_const(a->user_session_key.data,
+a->user_session_key.length);
+   break;
+   default:
+   return NT_STATUS_NO_USER_SESSION_KEY;
}
 
+   *session_key = data_blob_dup_talloc(mem_ctx, &sk);
return NT_STATUS_OK;
 }
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 508cb3f..056bf58 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -94,6 +94,14 @@ static void free_pipe_schannel_auth_data(struct 
pipe_auth_data *auth)
TALLOC_FREE(auth->a_u.schannel_auth);
 }
 
+static void free_pipe_auth_data(struct pipe_auth_data *auth)
+{
+   if (auth->auth_data_free_func) {
+   (*auth->auth_data_free_func)(auth);
+   auth->auth_data_free_func = NULL;
+   }
+}
+
 static DATA_BLOB generic_session_key(void)
 {
return data_blob("SystemLibraryDTC", 16);
@@ -602,8 +610,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, struct 
ncacn_packet *pkt)
 
  err:
 
-   free_pipe_ntlmssp_auth_data(&p->auth);
-   p->auth.a_u.auth_ntlmssp_state = NULL;
+   free_pipe_auth_data(&p->auth);
 
return False;
 }
@@ -651,9 +658,7 @@ static bool setup_bind_nak(pipes_struct *p, struct 
ncacn_packet *pkt)
p->

[SCM] Samba Shared Repository - branch master updated

2010-07-21 Thread Simo Sorce
The branch, master has been updated
   via  3b502d8... s3-dcerpc: Fix potential memleak
  from  a3713d7... s3-dcerpc: Properly initialize output buffers on 
nak/fault

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 3b502d899d8924d285e72f8a9fe666865d6f6926
Author: Simo Sorce 
Date:   Sat Jul 17 16:01:07 2010 -0400

s3-dcerpc: Fix potential memleak

Use a free function for schannel data too for now.

---

Summary of changes:
 source3/rpc_server/srv_pipe.c |7 ++-
 1 files changed, 6 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index b25f122..508cb3f 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -89,6 +89,11 @@ static void free_pipe_ntlmssp_auth_data(struct 
pipe_auth_data *auth)
TALLOC_FREE(auth->a_u.auth_ntlmssp_state);
 }
 
+static void free_pipe_schannel_auth_data(struct pipe_auth_data *auth)
+{
+   TALLOC_FREE(auth->a_u.schannel_auth);
+}
+
 static DATA_BLOB generic_session_key(void)
 {
return data_blob("SystemLibraryDTC", 16);
@@ -1100,7 +1105,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p,
neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
 
/* We're finished with this bind - no more packets. */
-   p->auth.auth_data_free_func = NULL;
+   p->auth.auth_data_free_func = &free_pipe_schannel_auth_data;
p->auth.auth_type = PIPE_AUTH_TYPE_SCHANNEL;
 
p->pipe_bound = True;


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-21 Thread Simo Sorce
The branch, master has been updated
   via  a3713d7... s3-dcerpc: Properly initialize output buffers on 
nak/fault
  from  26f1218... s3-libsmb: Use data_blob_talloc to get krb5 ticket and 
session keys

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a3713d746949788c393ecf2b0d10d105c2220b22
Author: Simo Sorce 
Date:   Tue Jul 20 13:56:25 2010 -0400

s3-dcerpc: Properly initialize output buffers on nak/fault

---

Summary of changes:
 source3/rpc_server/srv_pipe.c |6 --
 1 files changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0132400..b25f122 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -603,6 +603,8 @@ bool api_pipe_bind_auth3(pipes_struct *p, struct 
ncacn_packet *pkt)
return False;
 }
 
+static bool pipe_init_outgoing_data(pipes_struct *p);
+
 /***
  Marshall a bind_nak pdu.
 ***/
@@ -613,7 +615,7 @@ static bool setup_bind_nak(pipes_struct *p, struct 
ncacn_packet *pkt)
union dcerpc_payload u;
 
/* Free any memory in the current return data buffer. */
-   data_blob_free(&p->out_data.rdata);
+   pipe_init_outgoing_data(p);
 
/*
 * Initialize a bind_nak header.
@@ -664,7 +666,7 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS fault_status)
union dcerpc_payload u;
 
/* Free any memory in the current return data buffer. */
-   data_blob_free(&p->out_data.rdata);
+   pipe_init_outgoing_data(p);
 
/*
 * Initialize a fault header.


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-20 Thread Simo Sorce
The branch, master has been updated
   via  26f1218... s3-libsmb: Use data_blob_talloc to get krb5 ticket and 
session keys
   via  8137f2d... misc: cleanup get_krb5_smb_session_key()
   via  e8460b4... misc: cleanup cli_krb5_get_ticket()
  from  5002b3a... Add approriate TALLOC_CTX's thoughout the spnego code. 
No more implicit NULL contexts.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 26f1218a3678e648c73db3b34732703396ad48b2
Author: Simo Sorce 
Date:   Tue Jul 20 20:00:12 2010 -0400

s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys

commit 8137f2d7e7e69db66a5191c1a80e0bda52506528
Author: Simo Sorce 
Date:   Tue Jul 20 19:45:00 2010 -0400

misc: cleanup get_krb5_smb_session_key()

commit e8460b4ebc82659d2cf1ea1588c708fa7069be5c
Author: Simo Sorce 
Date:   Tue Jul 20 19:41:19 2010 -0400

misc: cleanup cli_krb5_get_ticket()

---

Summary of changes:
 source3/include/krb5_protos.h|   10 +++-
 source3/libads/authdata.c|3 +-
 source3/libads/kerberos_verify.c |3 +-
 source3/libsmb/clikrb5.c |   79 ++
 source3/libsmb/clispnego.c   |   11 +++--
 source3/rpc_client/cli_pipe.c|6 ++-
 source3/utils/ntlm_auth.c|   10 +++--
 7 files changed, 73 insertions(+), 49 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index b65fb17..97e6871 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -46,7 +46,10 @@ krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const 
krb5_data *realm, st
 krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, 
struct sockaddr **addr_pp, int *naddrs, int get_masters);
 #endif
 krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype 
**enctypes);
-bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context 
auth_context, DATA_BLOB *session_key, bool remote);
+bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_auth_context auth_context,
+ DATA_BLOB *session_key, bool remote);
 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry 
*kt_entry);
 krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, 
krb5_principal host_princ, int enctype);
 void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
@@ -141,9 +144,10 @@ char *smb_krb5_principal_get_realm(krb5_context context,
   krb5_principal principal);
 #endif /* HAVE_KRB5 */
 
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+   const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
-   uint32 extra_ap_opts, const char *ccname,
+   uint32_t extra_ap_opts, const char *ccname,
time_t *tgs_expire,
const char *impersonate_princ_s);
 
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 305b607..00062f4 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -406,7 +406,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_LOGON_TYPE;
}
 
-   ret = cli_krb5_get_ticket(local_service,
+   ret = cli_krb5_get_ticket(mem_ctx,
+ local_service,
  time_offset,
  &tkt,
  &sesskey1,
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index c072593..10edd07 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -615,7 +615,8 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(packet);
}
 
-   get_krb5_smb_session_key(context, auth_context, session_key, True);
+   get_krb5_smb_session_key(mem_ctx, context,
+auth_context, session_key, true);
dump_data_pw("SMB session key (from ticket)\n", session_key->data, 
session_key->length);
 
 #if 0
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 2e3fdf3..68b45d8 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -826,11 +826,12 @@ cleanup_princ:
 }
 
 /*
-  get a kerberos5 ticket for the given service 
+  get a kerberos5 ticket for the given service
 */
-int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
-   DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, 
- 

[SCM] Samba Shared Repository - branch master updated

2010-07-20 Thread Simo Sorce
The branch, master has been updated
   via  b20e5eb... dcerpc: Clarify what the arguments of 
dcerpc_pull_auth_trailer() actually represent.
  from  2a8399f... s3: check for explicit external lib bug in ld's 
as-needed code

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b20e5eb3aab2d0c3b028e769dd126387699a8f7d
Author: Simo Sorce 
Date:   Mon Jul 19 18:57:12 2010 -0400

dcerpc: Clarify what the arguments of dcerpc_pull_auth_trailer() actually 
represent.

---

Summary of changes:
 librpc/rpc/dcerpc_util.c |   49 +++--
 source3/include/proto.h  |4 +-
 2 files changed, 36 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index c79cfd5..492d8ac 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -57,22 +57,39 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob)
return blob->data[DCERPC_DREP_OFFSET];
 }
 
-/*
-  pull an dcerpc_auth structure, taking account of any auth padding in
-  the blob at the end of the structure
- */
+
+/**
+* @brief   Pull a dcerpc_auth structure, taking account of any auth
+*  padding in the blob. For request/response packets we pass
+*  the whole data blob, so auth_data_only must be set to false
+*  as the blob contains data+pad+auth and no just pad+auth.
+*
+* @param pkt   - The ncacn_packet strcuture
+* @param mem_ctx   - The mem_ctx used to allocate dcerpc_auth elements
+* @param pkt_trailer   - The packet trailer data, usually the trailing
+*auth_info blob, but in the request/response case
+*this is the stub_and_verifier blob.
+* @param auth  - A preallocated dcerpc_auth *empty* structure
+* @param auth_length   - The length of the auth trail, sum of auth header
+*lenght and pkt->auth_length
+* @param auth_data_only- Whether the pkt_trailer includes only the 
auth_blob
+*(+ padding) or also other data.
+*
+* @return  - A NTSTATUS error code.
+*/
 NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
  TALLOC_CTX *mem_ctx,
- DATA_BLOB *pkt_auth_blob,
+ DATA_BLOB *pkt_trailer,
  struct dcerpc_auth *auth,
  uint32_t *auth_length,
- bool check_pad)
+ bool auth_data_only)
 {
struct ndr_pull *ndr;
enum ndr_err_code ndr_err;
-   uint32_t pad;
+   uint32_t data_and_pad;
 
-   pad = pkt_auth_blob->length - (DCERPC_AUTH_TRAILER_LENGTH + 
pkt->auth_length);
+   data_and_pad = pkt_trailer->length
+   - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length);
 
/* paranoia check for pad size. This would be caught anyway by
   the ndr_pull_advance() a few lines down, but it scared
@@ -80,13 +97,13 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
   it now, just to prevent someone posting a bogus YouTube
   video in the future.
*/
-   if (pad > pkt_auth_blob->length) {
+   if (data_and_pad > pkt_trailer->length) {
return NT_STATUS_INFO_LENGTH_MISMATCH;
}
 
-   *auth_length = pkt_auth_blob->length - pad;
+   *auth_length = pkt_trailer->length - data_and_pad;
 
-   ndr = ndr_pull_init_blob(pkt_auth_blob, mem_ctx);
+   ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx);
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
@@ -95,7 +112,7 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
 
-   ndr_err = ndr_pull_advance(ndr, pad);
+   ndr_err = ndr_pull_advance(ndr, data_and_pad);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(ndr);
return ndr_map_error2ntstatus(ndr_err);
@@ -107,9 +124,11 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt,
return ndr_map_error2ntstatus(ndr_err);
}
 
-   if (check_pad && pad != auth->auth_pad_length) {
-   DEBUG(1,(__location__ ": WARNING: pad length mismatch. 
Calculated %u  got %u\n",
-(unsigned)pad, (unsigned)auth->auth_pad_length));
+   if (auth_data_only && data_and_pad != auth->auth_pad_length) {
+   DEBUG(1, (__location__ ": WARNING: pad length mismatch. "
+ "Calculated %u  got %u\n",
+ (unsigned)data_and_pad,
+  

[SCM] Samba Shared Repository - branch master updated

2010-07-19 Thread Simo Sorce
The branch, master has been updated
   via  944494d... s3-auth: Remove unused variable.
   via  f9f3358... Merge branch 'master' of 
ssh://git.samba.org/data/git/samba
   via  7e4de49... Merge branch 'master' of 
ssh://git.samba.org/data/git/samba
   via  378e4d5... Merge branch 'master' of 
ssh://git.samba.org/data/git/samba
   via  2f24953... Merge branch 'master' of 
ssh://git.samba.org/data/git/samba
   via  0ab8e8b... s3-dcerpc: Break memory hierarchy for shared structure
  from  630a2eb... waf: make the error msg when gen_ndr directory is 
missing clearer

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 944494d350fa0e42aa8a87849fa7168731f3b0a6
Author: Simo Sorce 
Date:   Mon Jul 19 13:53:34 2010 -0400

s3-auth: Remove unused variable.

It was a spurious remnant after a rebase.

commit f9f3358348229b14d368316e327cfd2a4cb48c7c
Merge: 7e4de49bfceed18c81abf93703a61d0a22617a24 
630a2eb68af0d523a1bb4451bbaa75d2ba47d252
Author: Simo Sorce 
Date:   Mon Jul 19 13:48:31 2010 -0400

Merge branch 'master' of ssh://git.samba.org/data/git/samba

commit 7e4de49bfceed18c81abf93703a61d0a22617a24
Merge: 378e4d5b8d30733f0f28cc2bceb28d9b9b594707 
27aece72004a84a6e0b2e00987d8a362e307d1d8
Author: Simo Sorce 
Date:   Sun Jul 18 20:04:42 2010 -0400

Merge branch 'master' of ssh://git.samba.org/data/git/samba

commit 378e4d5b8d30733f0f28cc2bceb28d9b9b594707
Merge: 2f249538ac8f2a54d9c8f8dbf0107db2f33bfe16 
6b266b85cf34145ac1f03d8f787b81121e4ec92b
Author: Simo Sorce 
Date:   Fri Jul 16 09:57:03 2010 -0400

Merge branch 'master' of ssh://git.samba.org/data/git/samba

commit 2f249538ac8f2a54d9c8f8dbf0107db2f33bfe16
Merge: 0ab8e8be62bcbb1f6441f745736fcee7cbd559eb 
5f8678f34be57ccbbf9d9c93ee34b1d8f09c75c4
Author: Simo Sorce 
Date:   Thu Jul 15 20:50:06 2010 -0400

Merge branch 'master' of ssh://git.samba.org/data/git/samba

commit 0ab8e8be62bcbb1f6441f745736fcee7cbd559eb
Author: Simo Sorce 
Date:   Wed Jul 14 08:57:47 2010 -0400

s3-dcerpc: Break memory hierarchy for shared structure

Handles are shared among multiple pipes_struct. We cannot allocate
them on any specific pipes_struct or it will vanish for all others
as soon as that pipes_struct is freed, leaving back dangling
pointers.

---

Summary of changes:
 source3/auth/auth_ntlmssp.c |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index bebb86e..a71c02b 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -265,7 +265,6 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state 
**auth_ntlmssp_state)
const char *dns_name;
char *dns_domain;
struct auth_ntlmssp_state *ans;
-   struct ntlmssp_state *ntlmssp_state;
struct auth_context *auth_context;
 
if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
@@ -286,7 +285,6 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state 
**auth_ntlmssp_state)
ans = talloc_zero(NULL, struct auth_ntlmssp_state);
if (!ans) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
-   TALLOC_FREE(ntlmssp_state);
return NT_STATUS_NO_MEMORY;
}
 


-- 
Samba Shared Repository


Re: [SCM] Samba Shared Repository - branch master updated

2010-07-19 Thread simo
On Mon, 2010-07-19 at 07:17 -0500, Andrew Tridgell wrote:
> commit a709e423d2940a7c71099ff11383a5f0ef3b1d7e
> Author: Andrew Tridgell 
> Date:   Mon Jul 19 14:20:33 2010 +1000
> 
> waf-idl: put the gen_ndr/README file for source3 back
> 
> This was removed by 100d37fc4624690423f6a932709b3f9046d05c64,
> probably
> accidentially.
> 

Oh I am sorry, it was *definitely* completely accidental.
I wonder, if it is possible to commit it and the .gitignore so that it
is not automatically committed as a delete if missing ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer 
Principal Software Engineer at Red Hat, Inc. 



[SCM] Samba Shared Repository - branch master updated

2010-07-17 Thread Simo Sorce
The branch, master has been updated
   via  3c0e10d... s3-dcerpc: Fix build and remove unneeded headers
  from  52f6bfe... s3-dcerpc: Move mere processing functions from 
srv_pipe_hnd.c to srv_pipe.c

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 3c0e10d70c7f3b5f50269166d3c7f44e13157d5a
Author: Simo Sorce 
Date:   Sat Jul 17 15:43:28 2010 -0400

s3-dcerpc: Fix build and remove unneeded headers

Sorry, botched a rebase.

---

Summary of changes:
 source3/rpc_server/srv_pipe_hnd.c |3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_pipe_hnd.c 
b/source3/rpc_server/srv_pipe_hnd.c
index 5032020..7c4895f 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -23,9 +23,6 @@
 #include "../librpc/gen_ndr/srv_spoolss.h"
 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
 #include "../libcli/named_pipe_auth/npa_tstream.h"
-#include "../libcli/auth/schannel.h"
-#include "../libcli/auth/spnego.h"
-#include "../libcli/auth/ntlmssp.h"
 #include "rpc_server.h"
 
 #undef DBGC_CLASS


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated

2010-07-17 Thread Simo Sorce
The branch, master has been updated
   via  52f6bfe... s3-dcerpc: Move mere processing functions from 
srv_pipe_hnd.c to srv_pipe.c
  from  3c3cfb9... Fix a typo

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 52f6bfea4b88f36f5744283d8fa64b13f2146696
Author: Simo Sorce 
Date:   Sat Jul 17 15:22:26 2010 -0400

s3-dcerpc: Move mere processing functions from srv_pipe_hnd.c to srv_pipe.c

---

Summary of changes:
 .../version_test.c => rpc_server/rpc_server.h} |   18 +-
 source3/rpc_server/srv_pipe.c  |  465 
 source3/rpc_server/srv_pipe_hnd.c  |  464 +---
 3 files changed, 475 insertions(+), 472 deletions(-)
 copy source3/{lib/version_test.c => rpc_server/rpc_server.h} (67%)


Changeset truncated at 500 lines:

diff --git a/source3/lib/version_test.c b/source3/rpc_server/rpc_server.h
similarity index 67%
copy from source3/lib/version_test.c
copy to source3/rpc_server/rpc_server.h
index 880cfeb..f212773 100644
--- a/source3/lib/version_test.c
+++ b/source3/rpc_server/rpc_server.h
@@ -1,7 +1,7 @@
 /*
- *  Unix SMB/CIFS implementation.
- *  version_test - test program for samba_version_strion()
- *  Copyright (C) Michael Adam 2009
+ *  RPC Pipe server helper headers
+ *  Almost completely rewritten by (C) Jeremy Allison 2005 - 2010
+ *  Copyright (C) Simo Sorce  - 2010
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -17,10 +17,10 @@
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "includes.h"
+#ifndef _RPC_SERVER_H_
+#define _RPC_SERVER_H_
 
-int main(void)
-{
-   printf("%s\n", samba_version_string());
-   return 0;
-}
+void set_incoming_fault(pipes_struct *p);
+void process_complete_pdu(pipes_struct *p);
+
+#endif /* _PRC_SERVER_H_ */
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 4b12042..a7a5f4d 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -33,6 +33,7 @@
 #include "../libcli/auth/schannel.h"
 #include "../libcli/auth/spnego.h"
 #include "../libcli/auth/ntlmssp.h"
+#include "rpc_server.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -1838,3 +1839,467 @@ static bool api_rpcTNP(pipes_struct *p, struct 
ncacn_packet *pkt,
 
return True;
 }
+
+/
+ Initialise an outgoing packet.
+/
+
+static bool pipe_init_outgoing_data(pipes_struct *p)
+{
+   output_data *o_data = &p->out_data;
+
+   /* Reset the offset counters. */
+   o_data->data_sent_length = 0;
+   o_data->current_pdu_sent = 0;
+
+   data_blob_free(&o_data->frag);
+
+   /* Free any memory in the current return data buffer. */
+   data_blob_free(&o_data->rdata);
+
+   return True;
+}
+
+/
+ Sets the fault state on incoming packets.
+/
+
+void set_incoming_fault(pipes_struct *p)
+{
+   data_blob_free(&p->in_data.data);
+   p->in_data.pdu_needed_len = 0;
+   p->in_data.pdu.length = 0;
+   p->fault_state = True;
+   DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
+  get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
+}
+
+static bool dcesrv_auth_request(pipes_struct *p, struct ncacn_packet *pkt)
+{
+   NTSTATUS status;
+   size_t hdr_size = DCERPC_REQUEST_LENGTH;
+   struct dcerpc_auth auth;
+   uint32_t auth_length;
+   DATA_BLOB data;
+   DATA_BLOB full_pkt;
+
+   DEBUG(10, ("Checking request auth.\n"));
+
+   if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+   hdr_size += 16;
+   }
+
+   switch (p->auth.auth_level) {
+   case DCERPC_AUTH_LEVEL_PRIVACY:
+   DEBUG(10, ("Requested Privacy.\n"));
+   break;
+
+   case DCERPC_AUTH_LEVEL_INTEGRITY:
+   DEBUG(10, ("Requested Integrity.\n"));
+   break;
+
+   case DCERPC_AUTH_LEVEL_CONNECT:
+   if (pkt->auth_length != 0) {
+   break;
+   }
+   return true;
+   case DCERPC_AUTH_LEVEL_NONE:
+   if (pkt->auth_length != 0) {
+   return false;
+   }
+   return true;
+
+   default:
+   return false;
+   }
+
+   status = dc

  1   2   3   4   5   >