[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4acf171 vfs: Add missing include for sys_pread() in cacheprime module. via 266323d smbd: Add missing include for iov_buflen(). via 78e8baf socket_wrapper: Add missing prototype check for eventfd. from 29732b0 s4-tests/env_loadparm: Throw KeyError in case SMB_CONF_PATH https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4acf171ab9480dbf23d95bd9624e2e4ec6723316 Author: Andreas Schneider a...@samba.org Date: Mon Dec 8 10:09:29 2014 +0100 vfs: Add missing include for sys_pread() in cacheprime module. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Dec 8 16:54:51 CET 2014 on sn-devel-104 commit 266323dac64977c236ff19679aaf90f69a1ec245 Author: Andreas Schneider a...@samba.org Date: Mon Dec 8 10:07:42 2014 +0100 smbd: Add missing include for iov_buflen(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 78e8bafb322ec69c5ff4b32a5e1c5679c9dea6bf Author: Andreas Schneider a...@samba.org Date: Wed Nov 26 10:18:34 2014 +0100 socket_wrapper: Add missing prototype check for eventfd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10965 Newer glibc versions use and unsinged integer for the count instead of an integer. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/socket_wrapper/wscript | 5 + source3/modules/vfs_cacheprime.c | 1 + source3/smbd/smb2_server.c | 1 + 3 files changed, 7 insertions(+) Changeset truncated at 500 lines: diff --git a/lib/socket_wrapper/wscript b/lib/socket_wrapper/wscript index 279f577..91d23d1 100644 --- a/lib/socket_wrapper/wscript +++ b/lib/socket_wrapper/wscript @@ -88,6 +88,11 @@ def configure(conf): 'int ioctl(int s, int r, ...)', define='HAVE_IOCTL_INT', headers='unistd.h sys/ioctl.h') +if conf.CONFIG_SET(HAVE_EVENTFD): +conf.CHECK_C_PROTOTYPE('eventfd', + 'int eventfd(unsigned int count, int flags)', + define='HAVE_EVENTFD_UNSIGNED_INT', headers='sys/eventfd.h') + # Create full path to socket_wrapper srcdir = os.path.realpath(conf.srcdir) libsocket_wrapper_so_path = srcdir + '/bin/default/lib/socket_wrapper/libsocket-wrapper.so' diff --git a/source3/modules/vfs_cacheprime.c b/source3/modules/vfs_cacheprime.c index 65e63e2..e90e09a 100644 --- a/source3/modules/vfs_cacheprime.c +++ b/source3/modules/vfs_cacheprime.c @@ -17,6 +17,7 @@ #include includes.h #include smbd/smbd.h +#include lib/sys_rw.h /* Cache priming module. * diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 3f23e2a..4a2c875 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -28,6 +28,7 @@ #include smbprofile.h #include ../lib/util/bitmap.h #include ../librpc/gen_ndr/krb5pac.h +#include lib/iov_buf.h #include auth.h static void smbd_smb2_connection_handler(struct tevent_context *ev, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e32ada tdb: version 1.3.3 via 6244346 tdb/test: TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY is a valid combination from 87d39a8 Minor spelling correction in samba-tool domain https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e32ada8ec1a2699caa1e813782cfc8a1c50f690 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 2 08:42:18 2014 +0100 tdb: version 1.3.3 This fixes the tdb1-run-mutex-openflags2 test when robust mutexes are available. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10781 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Dec 2 11:54:28 CET 2014 on sn-devel-104 commit 6244346c11c40b3ed39ee626e1d27c75a29b7430 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 2 08:39:05 2014 +0100 tdb/test: TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY is a valid combination This used to be invalid in the early developement code, but now we're able to open a tdb with mutex area and TDB_NOLOCK without problems. O_RDONLY implies TDB_NOLOCK... This should have been part of commit c8d05e934ea03fffbc34944d2d51a016b89a7eca. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10781 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.3.sigs} | 0 lib/tdb/test/run-mutex-openflags2.c| 5 +++-- lib/tdb/wscript| 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) copy lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.3.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/tdb/ABI/tdb-1.3.0.sigs b/lib/tdb/ABI/tdb-1.3.3.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.0.sigs copy to lib/tdb/ABI/tdb-1.3.3.sigs diff --git a/lib/tdb/test/run-mutex-openflags2.c b/lib/tdb/test/run-mutex-openflags2.c index 57ac7e3..6522ae4 100644 --- a/lib/tdb/test/run-mutex-openflags2.c +++ b/lib/tdb/test/run-mutex-openflags2.c @@ -75,8 +75,9 @@ static int do_child(int fd) TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY, 0755, nolog_ctx, NULL); - ok((tdb == NULL) (errno == EINVAL), TDB_MUTEX_LOCKING with - O_RDONLY should fail with EINVAL - %d, errno); + ok((tdb != NULL), TDB_MUTEX_LOCKING with + O_RDONLY should work - %d, errno); + tdb_close(tdb); tdb = tdb_open_ex(mutex-openflags2.tdb, 0, TDB_CLEAR_IF_FIRST | diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 99433e8..d129b24 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.3.2' +VERSION = '1.3.3' blddir = 'bin' -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.3 created
The annotated tag, tdb-1.3.3 has been created at 8bfe43c458d908abfdf489e00f0004a4bd235f17 (tag) tagging 1e32ada8ec1a2699caa1e813782cfc8a1c50f690 (commit) replaces ldb-1.1.18 tagged by Stefan Metzmacher on Tue Dec 2 13:08:51 2014 +0100 - Log - tdb: tag release tdb-1.3.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJUfavTAAoJEEeTkWETCEAlEVAH/RH0HJavBhQk5AzkKxOTUrp7 eO22fSsdvfX6U6gCLiLAu5kul5ZOZMBq01EV5c62E7tvBd55Z2TIP8u6dPjNSBlv 1//A9H9dGDKdRtp0wZbejrdPjYdutbvzVtMHC+BkXIiU4/8kt84lssyML4gKFcSX JcWHEG4p8QcWwJuyIBSlSBuBEGfd37jG83i8Qj8s9BfW54n866FS3993YpTndlne Cc2ws5cHfup3nftQ4qXf7b71zK6hoqihoRijZymodNkH9cxcJYKA9l4eRlRh4BTY uh0MnoxA1o95TVhNCq/PWHF2xseUQ58kEuvFse32+RGOLHNoqgXLt3SVm9ymyJM= =Wm0A -END PGP SIGNATURE- Daniel Cotton (1): Minor spelling correction in samba-tool domain Jelmer Vernooij (7): selftest: Drop support for TESTSUITE-IDLIST, and remove its last user. Re-use add_prefix function. selftest/tests.py: Remove testsuite samba.tests.samdb which does not have any tests. selftest: Add separate command line for listing tests, allowing us of subunit-filter (which doesn't support subunit v2). Be consistent about what functions add $LISTOPT and $LOADLIST to the command-line. Don't assume st/subunit being present means it was generated by the current process. Reduce number of places where sys.path is (possibly) updated for external module paths. Stefan Metzmacher (2): tdb/test: TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY is a valid combination tdb: version 1.3.3 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.2 created
The annotated tag, tdb-1.3.2 has been created at 5e9e3817fde47a4308293ed5874fea994d41b253 (tag) tagging e6c766848c5f5f13584f3bc4c1670c76e7ff8472 (commit) replaces samba-4.2.0rc1 tagged by Stefan Metzmacher on Sun Nov 30 18:26:54 2014 +0100 - Log - tdb: tag release tdb-1.3.2 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJUe1NeAAoJEEeTkWETCEAlUYAH/RqsX8D+VOuzFuJPC7thFWsF xFN8GHX2Au1AE1eTCOZxKDUVJIglzqKDR3gvb0pfxnI9RNnvEfanJ8dSg6MnoN2Z IW2p1DM4yMoUTSeA6MmGyhws8fB7o0ImKf5tWsAqsBxoE57XjwZe7HHH/D0uoeWk Kr0ryRJH9XJoUA+dyRgKfxCH1JdbWwPkpc+UTn1VRxMX7Mk8hRS4KQwL4/NgMmTu Lq9MvOPG5eLxfRILRY3bbguVq2yTJ70WJLV4EX3FNmSgst9/QfH6dFho8zeBweD4 8IXVHDB4DgvuxqgUse3oYNZPi0kuETqvEoI7ENucMiBiPkjH+xjwhJs0x5fdXV0= =73wf -END PGP SIGNATURE- Amitay Isaacs (14): ctdb-tools: Fix heap-use-after-free problem s4-dns: Update template variables, change BIND98 -- BIND9_8 s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions s4-dns: Update dlz_minimal.h based on BIND release 9.10 s4-dns: Add support for BIND 9.10 build: Remove configure option --enable-old-ctdb build: Remove checks for ctdb features build: Remove configure option --with-ctdb-dir ctdb: Rename ctdb socket variable from CTDB_PATH to CTDB_SOCKET build: Remove configure checks for ctdb headers build: Simplify check for building with ctdb ctdb: Rename CTDB_VERSION to CTDB_PROTOCOL ctdb-daemon: Improve error handling for running event scripts s4-dns: dlz-bind: Add trailing '.' to all fqdn strings Andreas Schneider (39): swrap: Fix type punning warnings. swrap: Rename socket_wrapper_pcap_file(). swrap: Rename swrap_packet_init(). swrap: Rename swrap_marshall_packet(). swrap: Rename swrap_pcap_get_fd(). swrap: Rename swrap_pcap_dump_packet(). swrap: Use a sockaddr_un for the unix path in socket_info. swrap: Use swrap_address in the socket_info struct. swrap: Remove unused sockaddr_dup() function. swrap: Use swrap_address in swrap_accept(). swrap: Wrap fopen to detect stale file descriptors. swrap: Update copyright notice. swrap: Fix whitespace errors. swrap: Fix access to struct members in log messages. swrap: Fix type punning warnings when loading functions. swrap: Silence alignment warnings. swrap: Include the function name in the debug output. swrap: Implement fcntl() to catch F_DUPFD. swrap: Add a trace message for swrap_socket(). swrap: Add support for eventfd with unsigned count variable. swrap: Bump version to 1.1.2. nwrap: Fall back to RTLD_NEXT if we can't find libc. nwrap: Fix resolving hostnames with a trailing dot. nwrap: Don't overflow the in_addr if convert IPv6. nwrap: Use DNS_NAME_MAX cause it is not available on BSD. nwrap: Make sure addr is initialized. nwrap: Bump version of nss_wrapper to 1.0.3. configure: Unload the wrappers so waf configure succeeds. nss_wrapper: check for nss.h selftest: Fake the hostname. s3-rpcclient: Make sure current_nt_hash is initialized. s3-libsmb: Make sure the stat structure is initialized. torture: Make sure server_type isn't used uninitialized. libcli: Make sure status is initialized. s3-smbclient: Return success if we listed the shares. s3-smbstatus: Fix exit code of profile output. dfs_server: Only build in case we build an AD DC too. dns_server: Only build common library if AD DC is enabled. ntdb: Fix control reaches end of non-void function. Andrew Bartlett (26): torture: Reorder torture_winbind_struct_domain_info tests winbindd: Do not overwrite domain list with conflicting info from a trusted domain s3-winbindd: Pass the whole winbindd_domain to invalidate_cm_connection() s3-winbindd: Allow winbindd to connect over SMB2 to servers s3-rpc_client: Adapt cli_rpc_pipe_open_spnego to use enum credentials_kerberos_state s3-rpc_client: Adapt cli_rpc_pipe_open_generic_auth to use enum credentials_kerberos_state s3-rpc_client: Migrate to cli_rpc_pipe_open_generic_auth and remove cli_rpc_pipe_open_spnego s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we can dsdb: Do not attempt to return beyond the end of the password history array tests: Allow max open files to differ from the documentation selftest: Run samba.tests.messaging in an environment where it has servers to list credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_account credentials: Improve error message on failure to set machine account password credentials: Allow the secret.tdb handle to be passed in to cli_credentials_set_machine_account() auth/credentials: Ensure that we set the realm when
[SCM] Samba Shared Repository - annotated tag ldb-1.1.18 created
The annotated tag, ldb-1.1.18 has been created at dae8aba5019e8dce00a0d0ea19aa9121967c1e81 (tag) tagging 13a1406fa11f4c7eb1996a5ac1e33c966b886082 (commit) replaces tdb-1.3.2 tagged by Stefan Metzmacher on Sun Nov 30 18:30:09 2014 +0100 - Log - ldb: tag release ldb-1.1.18 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJUe1QhAAoJEEeTkWETCEAlftUH/Ang97Gex7W1Oie4e7oJzFr5 LN3pUbdiCHf6q6+OWWVbh3U9wlElcwfqvyV4j1gDUbYHmKcwEtm3bGHn8uA+2qjq 6OqIOnXBb+WOU6+Z9iWKEnSuxQArLpQ91iZYjB8E/Vwn6B99KA9jeye6wb0y4G9E TchWKs773S3TXo0ZfDFYkbyNSJIGBC2zqknrrmxzDcc64RHK7SG5CPVrNJb6IHY2 XiraUTdJf6TVrRKHLdgy1R6O9wnBT07UFsJqgmat6V+nrZpuhx7J/wR9pV5BF3v4 dJGwcSTozO5u1gpwe9cT7twsWuyfA6cAONjWw94Dpm4ertKS6yCVBYNR51D8yf8= =iMOd -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.1.18 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c6a5eab s4: torture: leases - Add test for leases and blocking locks. via 62c6c79 s4: smb2 : torture: Add new dynamic_share leases test. via f76c7c7 s3: leases - torture test for timeout of responding to lease break request. via ea25f0d s4:torture/smb2: smb2.lease.breaking6 test via 6494597 s4:torture/smb2: smb2.lease.breaking5 test via b3a985a s4:torture/smb2: smb2.lease.breaking4 test via 8d16a2e s4:torture/smb2: smb2.lease.breaking3 test via 5a652db s4:torture/smb2: smb2.lease.breaking2 test via a7a59b1 s4:torture/smb2: smb2.lease.breaking1 test via 0c239d3 s4:torture/smb2: make it possible to skip the automatic ack of lease breaks. via c18c84c s4:torture/smb2: add smb2.lease.v2_epoch[2|3] tests via 45c98b8 s4:torture/smb2: add smb2.lease.[v2_]complex1 tests via 90c886e s4:torture/smb2: pass the expected flags to CHECK_LEASE() via a9d4626 s4:torture/smb2: don't check the lease break connection against samba3 via c0f2b46 s4:torture/smb2: always verify the v2 lease epoch. via 8fa2fb7 s4:torture/smb2: verify lease_flags in CHECK_LEASE_BREAK() via 2742257 s4:torture/smb2: lease per test fnames via 34926bd s4:torture/smb2: make lease tests more reliable by calling torture_wait_for_lease_break() via 683b956 s4:torture/smb2: skip lease tests if the server doesn't support them via 38b0fde s4:libcli/smb2: initialize ls-lease_version via 3327615 s4:libcli/smb2: add new_epoch to struct smb2_lease_break via d7669ea s4:param: don't expand PROTOCOL_DEFAULT in lpcfg_smbcli_options() via d0a1995 s4:libcli/smb2: allow the caller to specify a specific value for max_protocol. via bc83e45 s4:libcli/raw: fix up the max_protocol value for the current transport connection via 55750f0 s4:libcli/smb_composite: use the options on the transport via fe0ad5c s3:smb2_create: send interim responses after 0.5 milliseconds via 334089c Revert libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1 from 82c0ecb gse_krb5: Avoid a segfault when we can not read the dedicated keytab file https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c6a5eab3690d2926d66024a35e3c3e818d7e4935 Author: Jeremy Allison j...@samba.org Date: Fri Nov 21 21:28:14 2014 -0800 s4: torture: leases - Add test for leases and blocking locks. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Nov 27 19:08:24 CET 2014 on sn-devel-104 commit 62c6c79011d7e62423fa97d4cabd9de149af8311 Author: Jeremy Allison j...@samba.org Date: Mon Nov 17 14:17:34 2014 -0800 s4: smb2 : torture: Add new dynamic_share leases test. Depends on new share dynamic_share being set up containing an %R in the path= statement. Shows we will break leases and fail to grant new ones if we get a lease_key+client guid pair match on files with different fileid's, as can happen on dynamic shares. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f76c7c7404c1a67389b701bd1ab24d3b2938c212 Author: Jeremy Allison j...@samba.org Date: Fri Nov 14 10:24:40 2014 -0800 s3: leases - torture test for timeout of responding to lease break request. Passes against W2K12. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ea25f0d32a045e30d69aab4d84b15cf13a6e32ea Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 26 14:00:24 2014 +0100 s4:torture/smb2: smb2.lease.breaking6 test The client is allowed to downgrade a lease to a lower value than required. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 6494597c0451944e2599736af116d6838e6aac4e Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 26 10:25:45 2014 +0100 s4:torture/smb2: smb2.lease.breaking5 test This is like breaking4, but with an initial R lease instead of RH. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit b3a985ab6662cacb2ac399c667b48e03c0bd1bfe Author: Stefan Metzmacher me...@samba.org Date: Sat Nov 15 11:58:01 2014 +0100 s4:torture/smb2: smb2.lease.breaking4 test This demonstrates that a confliciting open with NTCREATEX_DISP_OVERWRITE isn't delayed by a RH lease, even if a lease is in 'breaking' mode. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 8d16a2e36762f6da825106798689c96aff95437f Author: Stefan
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1106ede dbwrap_ctdb: Pass on mutex flags to tdb_open from 07d03e2 s3:lib: fix const warnings in popt_common.c https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1106ede280938d05325baa146bd524aa3568deaf Author: Volker Lendecke v...@samba.org Date: Thu Nov 6 11:59:34 2014 +0100 dbwrap_ctdb: Pass on mutex flags to tdb_open Without this, ctdb can create a tdb file with mutex activated, but the local tdb_open will not open the tdb due to strict flags checks whether mutexes are possible. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10922 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Nov 16 12:13:54 CET 2014 on sn-devel-104 --- Summary of changes: source3/lib/dbwrap/dbwrap_ctdb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c index 2aee435..e6dcc0e 100644 --- a/source3/lib/dbwrap/dbwrap_ctdb.c +++ b/source3/lib/dbwrap/dbwrap_ctdb.c @@ -1607,7 +1607,8 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx, result-lock_order = lock_order; /* only pass through specific flags */ - tdb_flags = TDB_SEQNUM|TDB_VOLATILE; + tdb_flags = TDB_SEQNUM|TDB_VOLATILE| + TDB_MUTEX_LOCKING|TDB_CLEAR_IF_FIRST; /* honor permissions if user has specified O_CREAT */ if (open_flags O_CREAT) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ad35141 selftest: ignore flapping addprinter[ex].print_job_enum test from 853b96f eventlog: Free tos talloced path. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ad351414e368b4df6b3491729a258e685fe8be21 Author: David Disseldorp dd...@samba.org Date: Mon Nov 10 15:16:31 2014 +0100 selftest: ignore flapping addprinter[ex].print_job_enum test This test currently fails intermittently, and should be disabled until bug 10930 is resolved. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Nov 11 10:47:08 CET 2014 on sn-devel-104 --- Summary of changes: selftest/flapping | 2 ++ 1 file changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/selftest/flapping b/selftest/flapping index e41c65d..4ad29af 100644 --- a/selftest/flapping +++ b/selftest/flapping @@ -15,6 +15,8 @@ ^samba3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure ^samba3.rap.printing # fails sometimes on sn-devel ^samba3.rpc.spoolss.printer.*addprinter.print_test # fails on some hosts due to timing issues ? +^samba3.rpc.spoolss.printer.addprinter.print_job_enum # fails on some hosts due to bug 10930 +^samba3.rpc.spoolss.printer.addprinterex.print_job_enum # fails on some hosts due to bug 10930 ^samba3.rpc.lsa.privileges.lsa.Privileges\(s3dc\) # fails sometimes on sn-devel ^samba4.blackbox.gentest # is flakey due to timing ^samba3.smb2.acls.INHERITANCE\(plugin_s4_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4b09df8 pidl-wireshark: SWITCH_TYPE is not always defined, SwitchType() will try to find a fallback via 93f262e pidl-wireshark: generate ALIGN_TO_x_BYTES instructions if the element has the align_x flag via 3f6ca43 pidl-wireshark: if the structure has the flag no_align then set also no_align in the dceprc_info structure via f0a6043 pidl-wireshark: handle 8 bits enum and change the signature of enum function to pass the exact type via 49e0dc7 pidl-wireshark: add definition for IPV4/IPV6 types via 725500f pidl-wireshark: adapt to the new comments in the headers of wireshark dissectors from 0fbd854 s3:vfs:aio_pthread: use smbXsrv_connection for schedule_deferred_open_message_smb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b09df897803e78265fd19f6ff19be6e3d8a3944 Author: Matthieu Patou m...@matws.net Date: Tue Oct 1 12:10:18 2013 -0700 pidl-wireshark: SWITCH_TYPE is not always defined, SwitchType() will try to find a fallback Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Oct 24 01:39:16 CEST 2014 on sn-devel-104 commit 93f262ee6d162bf007b79d2daf9de6c49c6163d1 Author: Matthieu Patou m...@matws.net Date: Fri Oct 18 00:04:28 2013 -0700 pidl-wireshark: generate ALIGN_TO_x_BYTES instructions if the element has the align_x flag Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 3f6ca430b067705d556031d52736d5a5d5ae8f55 Author: Matthieu Patou m...@matws.net Date: Fri Oct 11 13:18:37 2013 -0700 pidl-wireshark: if the structure has the flag no_align then set also no_align in the dceprc_info structure Some dissection function will try to do alignment if the no_align flag is not set. Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org commit f0a6043fb201940f438f63c809df7186aa307f01 Author: Matthieu Patou m...@matws.net Date: Sun Oct 5 18:25:27 2014 -0700 pidl-wireshark: handle 8 bits enum and change the signature of enum function to pass the exact type Instead of passing a uint32 in all cases we pass the exact type Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: Ib79f1fa56d5aeb30c6e57eea8f0a48db60f6484d Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org commit 49e0dc7ad0f3c29df20badacc4294f1adc375aaf Author: Matthieu Patou m...@matws.net Date: Fri Oct 25 23:11:37 2013 -0700 pidl-wireshark: add definition for IPV4/IPV6 types Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 725500fc2815a1b00b08c5dd025055266ac97b5a Author: Matthieu Patou m...@matws.net Date: Sun Oct 5 00:06:49 2014 -0700 pidl-wireshark: adapt to the new comments in the headers of wireshark dissectors Change-Id: I4fc398c4d50230d1f0a083827493c1b193c045b9 Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: pidl/lib/Parse/Pidl/Wireshark/NDR.pm | 112 +++--- 1 files changed, 77 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm index 10eaa6c..89cbf84 100644 --- a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm +++ b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm @@ -150,7 +150,7 @@ sub Enum() } $self-pidl_hdr(extern const value_string $valsstring\[];); - $self-pidl_hdr(int $dissectorname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_);); + $self-pidl_hdr(int $dissectorname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, g$e-{BASE_TYPE} *param _U_);); $self-pidl_def(const value_string .$valsstring.[] = {); foreach (@{$e-{ELEMENTS}}) { @@ -163,19 +163,19 @@ sub Enum() $self-pidl_fn_start($dissectorname); $self-pidl_code(int); - $self-pidl_code($dissectorname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_)); + $self-pidl_code($dissectorname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int
[SCM] Samba Shared Repository - branch v4-2-test updated
The branch, v4-2-test has been updated via 9f8ad38 Merge remote-tracking branch 'origin/v4-2-stable' into v4-2-test via 8428085 WHATSNEW: Remove double entry. from e10ffb3 WHATSNEW: Remove double entry. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-test - Log - commit 9f8ad38e1bd773d2bd318fcb8d64b4c750960496 Merge: e10ffb3bb3f61e25faf913b48d233cace6427abe 8428085139aac09c0f47a03f0a9507eb51ac704c Author: Stefan Metzmacher me...@samba.org Date: Wed Oct 15 10:27:49 2014 +0200 Merge remote-tracking branch 'origin/v4-2-stable' into v4-2-test --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fa331f6 pidl-wireshark: insure that we have an entire match for the variable name via 5d0d45c pidl-wireshark: generate an error for the new Pipe type in typedef via 87fb54b pidl-wireshark: add the type dom_sid28 and call ad-hoc dissector via 755bc4e pidl-wireshark: add a function to change the type of a hf_field via 7e5048d pidl-wireshark: cosmetic reformat via 343db53 pidl-wireshark: Handle the case when the DATA_TYPE is not a simple type via 5740a06 pidl: Improve string delection in function ContainsString via 4986359 pidl: Make the compilation of PIDL producing the same results if the content hasn't change from 9ae65ba ncacn_http: fix GNUism http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fa331f64d1a40350496c7acf68c20cb3fead6eaf Author: Matthieu Patou m...@matws.net Date: Thu Oct 3 09:45:19 2013 -0700 pidl-wireshark: insure that we have an entire match for the variable name Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Oct 10 00:32:40 CEST 2014 on sn-devel-104 commit 5d0d45c9a71f137dc29ca79d49bd558f34bf1ff5 Author: Matthieu Patou m...@matws.net Date: Sun Sep 29 00:42:36 2013 -0700 pidl-wireshark: generate an error for the new Pipe type in typedef Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org commit 87fb54b77f4b9caaf2b25635b7813e29a448aaa6 Author: Matthieu Patou m...@matws.net Date: Tue Oct 1 12:04:02 2013 -0700 pidl-wireshark: add the type dom_sid28 and call ad-hoc dissector Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 755bc4ed29c89fc15d4230ce8b828b3afcfa2912 Author: Matthieu Patou m...@matws.net Date: Thu Oct 3 01:10:48 2013 -0700 pidl-wireshark: add a function to change the type of a hf_field We can use this to change the type FT_BYTE when we realize that the object dissected is an array of bytes Change-Id: I2d09c557fd050d0c279b8fff0a27db53403366ca Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 7e5048d28e86595357be399d0e55cf97a0781703 Author: Matthieu Patou m...@matws.net Date: Thu Oct 3 01:07:55 2013 -0700 pidl-wireshark: cosmetic reformat Change-Id: I86a0d4f13575e5ef7c6968b93ce126e5df981873 Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 343db5326b369cbdef4b723e3056acc2a866a887 Author: Matthieu Patou m...@matws.net Date: Tue Sep 23 01:28:40 2014 -0700 pidl-wireshark: Handle the case when the DATA_TYPE is not a simple type Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: If78f241333c1372c60c7d00211c1e6aeb22c9719 Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org commit 5740a06b320d56840439fb7fe3b8b27f341ddaa7 Author: Matthieu Patou m...@matws.net Date: Sat Oct 4 21:19:12 2014 -0700 pidl: Improve string delection in function ContainsString Change-Id: I037e8b5f54fca8b512fd14edbefa34e59cb7f953 Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org commit 4986359816704f38d4fad3ddd0d07a0f0a25b335 Author: Matthieu Patou m...@matws.net Date: Mon Sep 22 21:52:14 2014 -0700 pidl: Make the compilation of PIDL producing the same results if the content hasn't change Newer perl versions don't generate stable results anymore. Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: I2fb1e12da392ca85bfd0fb8b50b69851076144ee Signed-off-by: Matthieu Patou m...@matws.net Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: pidl/lib/Parse/Pidl/Dump.pm |4 +- pidl/lib/Parse/Pidl/NDR.pm | 10 + pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm |2 +- pidl/lib/Parse/Pidl/Samba4/Header.pm |2 +- pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm |2 +- pidl/lib/Parse/Pidl/Samba4/Python.pm | 48 + pidl/lib/Parse/Pidl/Util.pm |1 + pidl/lib/Parse/Pidl/Wireshark/NDR.pm | 66 -- 8 files changed, 99 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Dump.pm b/pidl/lib/Parse/Pidl/Dump.pm index bf5811c..4e623db 100644 --- a/pidl/lib/Parse/Pidl/Dump.pm +++ b/pidl/lib/Parse/Pidl/Dump.pm @@ -39,7 +39,7 @@ sub DumpProperties($) my $res
[SCM] Samba Shared Repository - annotated tag tevent-0.9.22 created
The annotated tag, tevent-0.9.22 has been created at 3db9d57ced870e82dba56d3b8d963a0714f93f68 (tag) tagging 1dbd0bec040060193f1d2f1b5a97db1bd340c1ca (commit) replaces tdb-1.3.1 tagged by Stefan Metzmacher on Wed Oct 1 11:23:08 2014 +0200 - Log - tevent: tag release tevent-0.9.22 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJUK8f8AAoJEEeTkWETCEAlLSsIAL5HjsGq/rXFGYB5ii6Wns/Y aLBSfnd8TyoZiL1o/t4Fq3+qpR2f6r/Ahq57m56gDhchs4nWbbMIqB7cKUfeq/Km iJHEtWAs1m4SikzyoRByAmkrpLsMG+2PVcOA8/Dom7Q7vZ5/oB0KXKFBpjgkvc13 Ykh+9ER+0HhuBoEadRAL9hBmbpwK6Sk8lX8U9r1wEYXlih8nhgsjJj8NpTV5cScp pxvb9uWJxcwX1MLe2ewCiWDrGPPiScbFQsWqyWqfxhAcA/90L5ff8cN8qu0MNmvL VOYT8VRy7qrURHA3WFhyL0S/LZApp9LTU7a4AcWPIy0rQBr/77kaRACEuOp8158= =NIEN -END PGP SIGNATURE- Abhidnya Joshi (1): s3: vfs module: Adding new vfs module for Symantec VxFS. Amitay Isaacs (11): ctdb-build: Improve platform check ctdb-build: Check for ETIME in errno.h ctdb-build: Check for libpcap ctdb-scripts: Fix a typo ctdb-scripts: Do not export variables if they are not set ctdb-build: Add missing configure checks for backtrace WHATSNEW: Mention combined CTDB ctdb-locking: Reset ttimer before doing an early return ctdb-scripts: Fix the regular expresssion for parsing /proc/locks ctdb-recoverd: If obtaining recovery lock fails, try again ctdb-daemon: Fix the usage for lock helper Andreas Schneider (11): lib: Add daemon_status() to util library. nmbd: Send waiting status to systemd. nsswitch: Skip groups we were not able to map. libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL. s3-libads: Improve service principle guessing. s3-libads: Add a function to retrieve the SPNs of a computer account. s3-libads: Add function to search for an element in an array. s3-libads: Add all machine account principals to the keytab. s3-libnet: Add libnet_join_get_machine_spns(). libcli: Remove unreachable code in dns_hosts_file. libcli: Remove unreachable code in cldap. Andrew Bartlett (16): torture: Fix use-after-free in ldap.nested-search idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idl librpc: Remove user/domain from struct pipe_auth_data librpc: gensec is our security provider abstraction, remove a void * provision: explain why this is required Fix commented out code in kpasswd server to use correct function credentials: Allow the secrets.tdb password to be newer than the secrets.ldb password WHATSNEW: Update WHATSNEW for new default winbind implementation samba_dnsupdate: Look for ForestDnsZones in the right place s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DC lib/util: Do not duplicate the protocol list, use smb_constants.h provision: Change the default functional level of new Samba domains to 2008R2. winbindd: Do not make anonymous connections by default winbindd: Change value of ldap sasl wrapping to sign WHATSNEW: Include info on secured winbindd connections repl: Specify the target realm in dreplsrv_get_target_principal() Anubhav Rakshit (4): libcli/smb: Add routine to reset the Channel Sequence number. libcli/smb: Add routines to enable/disable SMB2_HDR_FLAG_REPLAY_OPERATION flag. s4:torture: Add Replay tests to examine server behaviour when Multiple Channels are utilized. s4:torture/smb2/lock: Add Lock Replay detection test case. Brad Hards (1): WHATSNEW: some fixes Christof Schmitt (2): s3: Move init_lsa_ref_domain_list to lib s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call Guy Harris (1): pidl: Strip trailing whitespace from pidl, for easier exchange of patches with wireshark. Günther Deschner (5): s3-libnet: Make sure we do not overwrite precreated SPNs. s3-net: add net ads enctypes {list,set,delete}. s3-net: add manpage documentation for net ads enctypes. s3-libnet: set list of allowed krb5 encryption types in AD = 2008. s4-auth/kerberos: fix salting principal, make sure hostname is lowercase. Jelmer Vernooij (3): dsdb: Be less verbose when announcing kcc is being invoked. acl: Fix typo: structrual - structural fileserver: raise debug level for share connection closing for non-IPC to 2. Jeremy Allison (11): lib: util: Check *every* asn1 return call and early return. lib: util: asn1 fixes - check all returns. auth: gensec: asn1 fixes - check all returns. lib: util: asn1 tests. Check every asn1 return. libcli: auth: Ensure all asn1_XX returns are checked. s3: libsmb: Ensure all asn1_XX returns are checked. s3: tldap: Ensure all asn1_XX returns are checked. s4: auth: gensec: asn1 fixes
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 22eb416 repl: Specify the target realm in dreplsrv_get_target_principal() via 736098e WHATSNEW: Include info on secured winbindd connections via afe02d1 winbindd: Change value of ldap sasl wrapping to sign via e2cd325 winbindd: Do not make anonymous connections by default via b9701a0 provision: Change the default functional level of new Samba domains to 2008R2. from bf0ee5f ldb: fix a typo in the comment, LDB_FLAGS_MOD_xxx - LDB_FLAG_MOD_xxx http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 22eb416d166e5772619518fc2adc26a6783abdb1 Author: Andrew Bartlett abart...@samba.org Date: Mon Aug 11 17:31:53 2014 +1200 repl: Specify the target realm in dreplsrv_get_target_principal() We know what realm we need to contact, so avoid trying to correctly get a referral from our KDC. Andrew Bartlett Change-Id: I154ff72f3176d581b64e0c67d4a9c5f1f76b7924 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 30 14:58:50 CEST 2014 on sn-devel-104 commit 736098e2cf0fc63fb19525f265aff8e07cc7afba Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 23 13:40:23 2014 -0700 WHATSNEW: Include info on secured winbindd connections Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit afe02d12f444ad9a6abf31a61f578320520263a9 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 5 17:38:38 2014 +1200 winbindd: Change value of ldap sasl wrapping to sign This is to disrupt MITM attacks between us and our DC Pair-programmed-with: Garming Sam garm...@catalyst.net.nz Signed-off-by: Garming Sam garm...@catalyst.net.nz Signed-off-by: Andrew Bartlett abart...@samba.org commit e2cd3257141bd4a88cda1fff5bde9df60b253a97 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 5 17:00:31 2014 +1200 winbindd: Do not make anonymous connections by default The requirement is that we have winbind sealed pipes = false and require strong key = false before we make anonymous connections. These are a security risk as we cannot prevent MITM attacks. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit b9701a0a79dd15dd6f53075638fba9a2a3d92e19 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 24 11:01:18 2014 -0700 provision: Change the default functional level of new Samba domains to 2008R2. Windows 2003 is going out of support shortly, and we want users to have AES by default Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: WHATSNEW.txt | 15 ++ .../smbdotconf/ldap/clientldapsaslwrapping.xml |8 ++--- lib/param/loadparm.c |2 + python/samba/netcmd/domain.py |4 +- python/samba/provision/__init__.py |2 +- source3/param/loadparm.c |2 + source3/winbindd/winbindd_cm.c | 29 source4/dsdb/repl/drepl_partitions.c |4 +- testprogs/blackbox/upgradeprovision-oldrelease.sh |2 +- 9 files changed, 57 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0ab0561..78fc777 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -90,6 +90,21 @@ services parameter specified should ensure they change 'winbind' to The 'samba' binary still manages the starting of this service, there is no need to start the winbindd binary manually. +Winbind now requires secured connections + + +To improve protection against rouge domain controllers we now require +that when we connect to an AD DC in our forest, that the connection be +signed using SMB Signing. Set 'client signing = off' in the smb.conf +to disable. + +Also and DCE/RPC pipes must be sealed, set 'require strong key = +false' and 'winbind sealed pipes = false' to disable. + +Finally, the default for 'client ldap sasl wrapping' has been set to +'sign', to ensure the integrity of LDAP connections. Set 'client ldap +sasl wrapping = plain' to disable. + Larger IO sizes for SMB2/3 by default = diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml index 076b05c..e0ce700 100644 --- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +++ b/docs
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f3ce6b4 s3:net_rpc_printer: make use of cli_credentials_get_username() via ceb2625 lib/util: Do not duplicate the protocol list, use smb_constants.h via 8280bc5 lib/param: set the kccsrv:samba_kcc option to false by default from a59b00d s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DC http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f3ce6b4d35f6e24fdbc6b6231e6d845eac87657c Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 26 03:12:14 2014 +0200 s3:net_rpc_printer: make use of cli_credentials_get_username() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Sep 29 10:51:37 CEST 2014 on sn-devel-104 commit ceb26257dd02dc5d4aad06be01e913feade35dac Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 23 14:05:43 2014 -0700 lib/util: Do not duplicate the protocol list, use smb_constants.h This avoids the two lists getting out of sync, and only applies to a Samba build due to the surrounding #ifdef Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 8280bc5092242d222e3b169bacd901478d196408 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 26 00:49:37 2014 +0200 lib/param: set the kccsrv:samba_kcc option to false by default Bug: https://bugzilla.samba.org/show_bug.cgi?id=10697 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: ctdb/lib/util/util.h| 12 +--- lib/param/loadparm.c|2 +- source3/utils/net_rpc_printer.c | 32 +--- 3 files changed, 15 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/lib/util/util.h b/ctdb/lib/util/util.h index 33f46bd..c7734d1 100644 --- a/ctdb/lib/util/util.h +++ b/ctdb/lib/util/util.h @@ -485,17 +485,7 @@ _PUBLIC_ int sys_fsusage(const char *path, uint64_t *dfree, uint64_t *dsize); */ #if _SAMBA_BUILD_ == 4 -/* protocol types. It assumes that higher protocols include lower protocols - as subsets. FIXME: Move to one of the smb-specific headers */ -enum protocol_types { - PROTOCOL_NONE, - PROTOCOL_CORE, - PROTOCOL_COREPLUS, - PROTOCOL_LANMAN1, - PROTOCOL_LANMAN2, - PROTOCOL_NT1, - PROTOCOL_SMB2 -}; +#include libcli/smb/smb_constants.h int ms_fnmatch(const char *pattern, const char *string, enum protocol_types protocol); diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 4154260..7b86a1e 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2432,7 +2432,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, dcerpc endpoint servers, epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver); lpcfg_do_global_parameter(lp_ctx, server services, s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns); - lpcfg_do_global_parameter(lp_ctx, kccsrv:samba_kcc, true); + lpcfg_do_global_parameter(lp_ctx, kccsrv:samba_kcc, false); /* the winbind method for domain controllers is for both RODC auth forwarding and for trusted domains */ lpcfg_do_global_parameter(lp_ctx, private dir, dyn_PRIVATE_DIR); diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c index 8b5ea61..242235b 100644 --- a/source3/utils/net_rpc_printer.c +++ b/source3/utils/net_rpc_printer.c @@ -706,9 +706,10 @@ static bool net_spoolss_open_printer_ex(struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, const char *printername, uint32_t access_required, - const char *username, struct policy_handle *hnd) { + struct cli_credentials *creds = gensec_get_credentials(pipe_hnd-auth-auth_ctx); + const char *username = cli_credentials_get_username(creds); WERROR result; fstring printername2; @@ -1122,7 +1123,6 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd, { struct dcerpc_binding_handle *b = pipe_hnd-binding_handle; struct policy_handle hnd; - struct cli_credentials *creds = gensec_get_credentials(pipe_hnd-auth-auth_ctx); WERROR werr; /* no arguments given, enumerate all
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f65c1f0 s4:librpc: use authenticated epmapping for ncacn_http via 3b18dea librpc/idl: specify ncacn_http endpoint mapper endpoint via 9e1313d s4:rpc_server: ignore ncacn_http endpoints for now via 594d036 ncacn_http: DCERPC pipe open using http transport via d617230 ncacn_http: Client implementation via cc55bc2 ncacn_http: Authentication modules for http library via 8260ae6 ncacn_http: Add http library from 6148c94 s3:smbtorture: align explanations for parameters http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f65c1f0e2f6a8c23a94003f61b0b98d963b2424b Author: Stefan Metzmacher me...@samba.org Date: Sun Sep 21 09:20:26 2014 +0200 s4:librpc: use authenticated epmapping for ncacn_http We need to authenticate against the RpcProxy. In future we could have a way to specify alternative credentials for the RpcProxy and HttpProxy. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 23 01:34:05 CEST 2014 on sn-devel-104 commit 3b18dea1310cfe9e9b4ec0f2b3b5b14ac4771c83 Author: Stefan Metzmacher me...@samba.org Date: Sun Sep 21 08:38:42 2014 +0200 librpc/idl: specify ncacn_http endpoint mapper endpoint Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 9e1313d2b6eced3f3d13fcf989f031c32e06aef0 Author: Stefan Metzmacher me...@samba.org Date: Sun Sep 21 08:38:10 2014 +0200 s4:rpc_server: ignore ncacn_http endpoints for now Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 594d036afd78ae04b848607579707bcdced91ec3 Author: Samuel Cabrero samuelcabr...@kernevil.me Date: Tue Sep 16 17:01:02 2014 +0200 ncacn_http: DCERPC pipe open using http transport Signed-off-by: Samuel Cabrero samuelcabr...@kernevil.me Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit d61723040f0d89b1d30c851f5484c1f8182d Author: Samuel Cabrero samuelcabr...@kernevil.me Date: Tue Sep 16 16:41:27 2014 +0200 ncacn_http: Client implementation Signed-off-by: Samuel Cabrero samuelcabr...@kernevil.me Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit cc55bc2d45df3406130a5fe127f5eb35e466a7cd Author: Samuel Cabrero samuelcabr...@kernevil.me Date: Tue Sep 16 18:05:53 2014 +0200 ncacn_http: Authentication modules for http library Signed-off-by: Samuel Cabrero samuelcabr...@kernevil.me Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 8260ae6dbe5e65033d406ba26bbe97a6e4712c4c Author: Samuel Cabrero samuelcabr...@kernevil.me Date: Tue Sep 16 16:12:26 2014 +0200 ncacn_http: Add http library Signed-off-by: Samuel Cabrero samuelcabr...@kernevil.me Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: librpc/idl/epmapper.idl |4 +- source4/lib/http/gensec/basic.c | 137 + source4/lib/http/gensec/ntlm.c | 120 source4/lib/http/http.c | 825 +++ source4/lib/http/http.h | 120 source4/lib/http/http_auth.c| 361 source4/lib/http/http_internal.h| 62 ++ source4/lib/http/wscript_build | 21 + source4/libnet/libnet_rpc.c | 10 +- source4/librpc/rpc/dcerpc.h |2 + source4/librpc/rpc/dcerpc_connect.c | 206 +++ source4/librpc/rpc/dcerpc_roh.c | 789 + source4/librpc/rpc/dcerpc_roh.h | 116 source4/librpc/rpc/dcerpc_roh_channel_in.c | 471 +++ source4/librpc/rpc/dcerpc_roh_channel_out.c | 743 source4/librpc/rpc/dcerpc_schannel.c|7 +- source4/librpc/rpc/dcerpc_util.c| 20 +- source4/librpc/wscript_build|3 +- source4/rpc_server/service_rpc.c| 10 + wscript_build |1 + 20 files changed, 4015 insertions(+), 13 deletions(-) create mode 100644 source4/lib/http/gensec/basic.c create mode 100644 source4/lib/http/gensec/ntlm.c create mode 100644 source4/lib/http/http.c create mode 100644 source4/lib/http/http.h create mode 100644 source4/lib/http/http_auth.c create mode 100644 source4/lib/http/http_internal.h create mode 100644 source4/lib/http/wscript_build
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3360f9a WHATSNEW: mention overhauled net idmap command via 6efb366 WHATSNEW: Improved DCERPC man in the middle detection via e28b087 WHATSNEW: Larger IO sizes for SMB2/3 per default via fc70caa WHATSNEW: Winbindd/Netlogon improvements from 277f041 passdb: Use talloc_zero_array http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3360f9ac33e7025811c00f3d7cb04cb9e4d81ec4 Author: Michael Adam ob...@samba.org Date: Sat Sep 20 01:53:28 2014 +0200 WHATSNEW: mention overhauled net idmap command Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Sep 20 11:37:51 CEST 2014 on sn-devel-104 commit 6efb366796a4e0e1a327ddf552fa663d858aecdb Author: Stefan Metzmacher me...@samba.org Date: Sat Sep 20 01:29:19 2014 +0200 WHATSNEW: Improved DCERPC man in the middle detection Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit e28b087fb94f282bb930aac557e6e36481c1a26f Author: Stefan Metzmacher me...@samba.org Date: Sat Sep 20 01:18:53 2014 +0200 WHATSNEW: Larger IO sizes for SMB2/3 per default Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit fc70caaf186d51c58d9699e4dc11f6645baad156 Author: Stefan Metzmacher me...@samba.org Date: Sat Sep 20 01:14:11 2014 +0200 WHATSNEW: Winbindd/Netlogon improvements Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: WHATSNEW.txt | 72 +++-- 1 files changed, 69 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 617dca1..e9a5627 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -12,6 +12,7 @@ Samba 4.2 will be the next version of the Samba suite. UPGRADING = +Read the Winbindd/Netlogon improvements section (below) carefully! NEW FEATURES @@ -35,6 +36,65 @@ Snapper for use by Samba. This provides the ability for remote clients to access shadow-copies via Windows Explorer using the previous versions dialog. +Winbindd/Netlogon improvements +== + +The whole concept of maintaining the netlogon secure channel +to (other) domain controllers is rewritten in order to maintain +global state in a netlogon_creds_cli.tdb. This is the proper fix +for a large number of bugs: + + https://bugzilla.samba.org/show_bug.cgi?id=6563 + https://bugzilla.samba.org/show_bug.cgi?id=7944 + https://bugzilla.samba.org/show_bug.cgi?id=7945 + https://bugzilla.samba.org/show_bug.cgi?id=7568 + https://bugzilla.samba.org/show_bug.cgi?id=8599 + +In addition a strong session key is required by default now, +which means that communication to older servers or clients +might be rejected by default. + +For the client side we the following new options: +require strong key (yes by default), reject md5 servers (no by default). +E.g. for Samba 3.0.37 you need require strong key = no and +for NT4 DCs you need require strong key = no and client NTLMv2 auth = no, + +On the server side (as domain controller) we have the following new options: +allow nt4 crypto (no by default), reject md5 client (no by default). +E.g. in order to allow Samba 3.0.27 or NT4 members to work +you need allow nt4 crypto = yes + +winbindd does not list group memberships for display purposes +(e.g. getent group domain\group) anymore by default. +The new default is winbind expand groups = 0 now, +the reason for this is the same as for winbind enum users = no +and winbind enum groups = no. Providing this information is not always +reliably possible, e.g. if there're trusted domains. + +Please consult the smb.conf manpage for more details of this new options. + +Larger IO sizes for SMB2/3 by default += + +The default values for smb2 max read, smb2 max write and smb2 max trans +have been changed to 8388608 (8MiB) in order to match the default of +Windows 2012R2. + +Improved DCERPC man in the middle detection +=== + +The DCERPC header signing has been implemented +in addition to the dcerpc_sec_verification_trailer +protection. + +Overhauled net idmap command +== + +The command line interface of the net idmap command has been +systematized and subcommands for reading and writing the autorid idmap +database have been added. Note that the writing commands should be +used with great care. See the net(8) manual page for details
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1f7da1c tdb: change version to 1.3.1 via 5355f5e tdb:tools: fix a compiler warning from df800ea Add test suite for iconv conversion fail of bad names over SMB1/SMB3. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f7da1ca7f76cc30c5a753da85184e3e19967769 Author: Michael Adam ob...@samba.org Date: Wed Jun 11 13:23:33 2014 +0200 tdb: change version to 1.3.1 * internal code cleanup * improved free record detection with a highly contended freelist on tdb's with dead record support (TDB_VOLATILE). * implicit defragmentation of the free list. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 16 12:13:31 CEST 2014 on sn-devel-104 commit 5355f5e4e0421365ba10b0f20a58c8dda99f1b9f Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 3 13:34:09 2014 +0200 tdb:tools: fix a compiler warning ../../tdb/tools/tdbtool.c: In function ‘do_command’: ../../tdb/tools/tdbtool.c:717: error: declaration of ‘count’ shadows a global declaration ../../tdb/tools/tdbtool.c:597: error: shadowed declaration is here Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.1.sigs} |0 lib/tdb/tools/tdbtool.c|8 lib/tdb/wscript|2 +- 3 files changed, 5 insertions(+), 5 deletions(-) copy lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/tdb/ABI/tdb-1.3.0.sigs b/lib/tdb/ABI/tdb-1.3.1.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.0.sigs copy to lib/tdb/ABI/tdb-1.3.1.sigs diff --git a/lib/tdb/tools/tdbtool.c b/lib/tdb/tools/tdbtool.c index 780782b..beb3af1 100644 --- a/lib/tdb/tools/tdbtool.c +++ b/lib/tdb/tools/tdbtool.c @@ -714,13 +714,13 @@ static int do_command(void) tdb_printfreelist(tdb); return 0; case CMD_FREELIST_SIZE: { - int count; + int size; - count = tdb_freelist_size(tdb); - if (count 0) { + size = tdb_freelist_size(tdb); + if (size 0) { printf(Error getting freelist size.\n); } else { - printf(freelist size: %d\n, count); + printf(freelist size: %d\n, size); } return 0; diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 688eef2..dbbcaf3 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.3.0' +VERSION = '1.3.1' blddir = 'bin' -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.1 created
The annotated tag, tdb-1.3.1 has been created at 128f7842ff8fa34afcc75974be6b5bb10ba00220 (tag) tagging 1f7da1ca7f76cc30c5a753da85184e3e19967769 (commit) replaces tdb-1.3.0 tagged by Stefan Metzmacher on Tue Sep 16 20:05:10 2014 +0200 - Log - tdb: tag release tdb-1.3.1 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJUGHvWAAoJEEeTkWETCEAloIcIAK82OBKuCPucaxiiFIk9M4QS axbeN9G9+xIaFAyBt+PN56DBJkHquw/nhgSG5LwRUVKFJIxq8e3HuJi5KLVkIM0F Sq91eUjQhXLjNTJbmF792qIoWQGd4EmyYKiFtlkVg7ItxzEz6J2iosf0s/YKPNKM kHF+FDxEKTrovk1nPbXxvmt8xV7rIC8yKFCkip5oD/iOBKXF7l8NxpmYBkyPF1h+ PStRYEM27mI/yU/2DowhA4RiQ58p5fB6n029CGRMQYbv339sakBb8pQ5TXUiV2l3 UAPab2vWEORwXukJ2MXNepimYQMIY4IZS4sb7kvf26w7nVBZiR/IvyWtsNyQ07Q= =dX56 -END PGP SIGNATURE- Alexander Bokovoy (1): WAF: use libsystemd-daemon only if linking actually succeeds Amitay Isaacs (127): ctdb-build: Build ctdb_version.h before compiling files that include it ctdb-build: Move internal include files in a separate directory s3-build: Support building with in-tree CTDB ctdb-pmda: Do not hardcode include paths ctdb-ib: Make infiniband transport compile again ctdb-common: No need to save previous scheduler priority ctdb-common: Do not abort if restoring scheduling policy fails ctdb-common: Changing scheduler policy does not require ctdb context ctdb-common: Drop ctdb prefix from utility functions independent of ctdb ctdb-common: Separate system utilties that are ctdb independent ctdb-common: Separate more system utilities that are independent of ctdb ctdb-daemon: No need to block SIGPIPE at startup ctdb-common: Remove unused functions ctdb-daemon: Rename block_signal to ignore_signal ctdb-common: Keep debug level related functions with logging code ctdb-daemon: Instead of passing ctdb context, pass valgrinding boolean ctdb-daemon: Rename ctdb_lockdown_memory to lockdown_memory ctdb-common: Move lockdown_memory to system utilities ctdb-daemon: Rename ctdb_mkdir_p_or_die to mkdir_p_or_die ctdb-common: Move mkdir_p_or_die to system utilities ctdb-logging: Split ringbuffer handling code from ctdb_collect_log ctdb-logging: Move controls handling functions from common to server ctdb-daemon: Remove duplicate code from helper binaries ctdb-build: Remove duplicate library dependency ctdb-daemon: Do not complain if node is inactive and db is not attached ctdb-daemon: Reset scheduler policy for helper processes ctdb-build: Remove duplicate popt library ctdb-build: Remove duplicate replace library ctdb-build: Remove duplicate talloc library ctdb-build: Remove duplicate tevent library ctdb-build: Remove duplicate tdb library ctdb-build: Remove duplicate socket_wrapper library ctdb-header: Protect against multiple includes ctdb-mkversion: Support external VERSION specification wafsamba: allow samba_dist.dist() to be called from a different directory. ctdb-build: Remove autoconf build files ctdb-build: Add waf build for CTDB ctdb-tests: Fix the tests for waf build ctdb-build: Add build files (configure/Makefile) to use waf ctdb-packaging: Fix date/days in changelog ctdb-packaging: Modify spec file to use waf build instead of autoconf ctdb-build: Add target to build RPMs ctdb-packaging: Remove unused files autobuild: Don't need autogen.sh anymore in the ctdb target. autobuild: Remove unsupported --enable-socket-wrapper option from the ctdb target. ctdb-build: Allow waf to build rpms without configure first ctdb-build: Add special target to get build version ctdb-build: Use CTDB_RUNDIR instead of VARDIR/run/ctdb ctdb-build: Use CTDB_ETCDIR instead of ETCDIR/ctdb ctdb-build: Use correct path variables for ctdb_run_tests.sh ctdb-build: Fix sed expression to protect '\' ctdb-build: Instead of default test_wrap, install fixed test_wrap ctdb-packaging: Minimum required tevent library is 0.9.16 ctdb-packaging: Update configure.rpm with minimum library versions ctdb-recoverd: No need to set ctdbd_pid again Revert It was possible for -recovery_mode to get out of sync with the new three db priorities in such a way that ctdb-tools: There is no need for forcing a recovery ctdb-recoverd: Set recovery mode before freezing databases ctdb-daemon: Do not thaw databases if recovery is active ctdb-tests: Check that ctdb wipedb cleans the database ctdb-tests: Add a test for ctdb restoredb ctdb-tests: Shutdown local daemons if the tests exit abnormally ctdb-build: Check the return value of RUN_COMMAND ctdb-build: Replace os.system with samba_utils.RUN_COMMAND ctdb-build: Create ctdb only ctags ctdb-build: fix
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7bc2e2d messaging_dgm: Don't expose the messaging_dgm_context via 9269a8e messaging_dgm: Avoid a talloc via 55a894c messaging_dgm: Avoid a talloc via c95d9a5 messaging_dgm: messaging_dgm_lockfile_remove does not use tmp_ctx anymore via 9c5b1ee messaging_dgm: messaging_dgm_lockfile_create does not use tmp_ctx anymore via c3f98b9 messaging_dgm: Avoid talloc_tos() via 2858c66 messaging_dgm: Reformatting via 188120b messaging_dgm: Remove an unnecessary cast from 0cd4561 namecache: fix uninitialised pointer returns http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7bc2e2d0d4a6706769a436798aa29d18a8f7c221 Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 16:13:18 2014 +0200 messaging_dgm: Don't expose the messaging_dgm_context Right now we can only support one messaging_dgm_context per process anyway, the code has checks for this. I would like to keep it that way, in the future we will have multiple messaging_context's or imessaging_context's filtering based upon the dst server_id. Why this change? messaging_dgm's lockfile contains the serverid-unique_id. When designing messaging_dgm, I had in mind to remove the serverid.tdb and replace it with the dgm lockfiles for server lookup and enumeration. I have a WIP-patchset that gets rid of almost all users of serverid.tdb. The problem is serverid_exists. Here we don't have a messaging_context available, and it would be pretty intrusive to make it so. This problem has plagued us since ctdb was developed, see for example the comment /* * This is a Samba3 hack/optimization. Routines like process_exists need to * talk to ctdbd, and they don't get handed a messaging context. */ in messaging_ctdb.c. This patchset removes this problem in a radical way: Treat the messaging_dgm context as one globally available structure and be done with it. The ctdb socket could go the same way in the future. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Sep 14 16:29:30 CEST 2014 on sn-devel-104 commit 9269a8e5d4f92569cf529e530bf800971c23682d Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 10:12:23 2014 +0200 messaging_dgm: Avoid a talloc Not really required, but it removes a NULL check Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 55a894c71d97a1210c3261d6272e5e5a6078b909 Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 10:12:23 2014 +0200 messaging_dgm: Avoid a talloc Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c95d9a55d136da72d70aea78c7bd50e932c0105e Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 10:00:05 2014 +0200 messaging_dgm: messaging_dgm_lockfile_remove does not use tmp_ctx anymore Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 9c5b1eeaf68c3d3c4d138dcb0008a018030aa39a Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 10:00:05 2014 +0200 messaging_dgm: messaging_dgm_lockfile_create does not use tmp_ctx anymore Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c3f98b978965353bdf2dbad7d80b3f62cdb5672e Author: Volker Lendecke v...@samba.org Date: Wed Sep 10 09:58:00 2014 +0200 messaging_dgm: Avoid talloc_tos() Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 2858c666b51710f526269bd8495996a026bba7f3 Author: Volker Lendecke v...@samba.org Date: Tue Sep 9 21:46:19 2014 +0200 messaging_dgm: Reformatting Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 188120b08cac87ae53bae07bbf90ebde777d84e8 Author: Volker Lendecke v...@samba.org Date: Tue Sep 9 21:45:58 2014 +0200 messaging_dgm: Remove an unnecessary cast Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/lib/messages.c | 33 source3/lib/messages_dgm.c | 195 source3/lib/messages_dgm.h | 16 ++-- 3 files changed, 131 insertions(+), 113 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 80ecec4..52d6538 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -73,8 +73,6 @@ struct messaging_context
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dec0243 s3:smbd: close the connection if the client doesn't start with a SMB1 Negprot or old messaging call. from 1f878b9 Revert buildtools: Rename perl vendorarch configure option. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dec0243c8595359df6448caf5d242b3d2062deb6 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 19 00:15:34 2014 +0200 s3:smbd: close the connection if the client doesn't start with a SMB1 Negprot or old messaging call. The case where the client starts with a SMB2 Negprot is already handled in smbd_smb2_request_dispatch(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10766 Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 9 13:02:21 CEST 2014 on sn-devel-104 --- Summary of changes: source3/smbd/process.c | 18 ++ 1 files changed, 18 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 207a4dd..da36ed1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1456,6 +1456,24 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req) errno = 0; + if (!xconn-smb1.negprot.done) { + switch (type) { + /* +* Without a negprot the request must +* either be a negprot, or one of the +* evil old SMB mailslot messaging types. +*/ + case SMBnegprot: + case SMBsendstrt: + case SMBsendend: + case SMBsendtxt: + break; + default: + exit_server_cleanly(The first request + should be a negprot); + } + } + if (smb_messages[type].fn == NULL) { DEBUG(0,(Unknown message type %d!\n,type)); smb_dump(Unknown, 1, (const char *)req-inbuf); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 6ccee19 Merge tag 'samba-4.1.12' into v4-1-test via 6cc1d30 Merge tag 'samba-4.1.11' into v4-1-test via 154a270 VERSION: Disable git snapshots for the 4.1.11 release. via ebeb3b6 WHATSNEW: Add release notes for Samba 4.1.11. via e6a8486 fix unstrcpy via 01be3c5 VERSION: Bump version number up to 4.1.11... from a75c1bc VERSION: Bump version up to 4.1.13... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 6ccee19439ed2c052564624b4051d2a184b1dbb2 Merge: a75c1bca63dea263aa7bcbf53981c2ed3bdd15aa 6cc1d3030667d2c57cceac870c0d8480cce45905 Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 8 12:17:04 2014 +0200 Merge tag 'samba-4.1.12' into v4-1-test samba: tag release samba-4.1.12 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] build.samba.org - branch master updated
The branch, master has been updated via a06fd7e Revert build_test.fns: use --with-perl-{lib,arch}-install-dir= for samba_4_* from 24fb6cf Revert Reuse DEADAGE rather than defining our own constant. http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit a06fd7e6d25f511fdf912c54f2726aa8364349a6 Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 8 22:41:08 2014 +0200 Revert build_test.fns: use --with-perl-{lib,arch}-install-dir= for samba_4_* This reverts commit 10745f4381032a1a58fbee270b339432e8e2ad8e. This is not needed anymore. Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: build_test.fns |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 3d66fc5..1f00620 100644 --- a/build_test.fns +++ b/build_test.fns @@ -752,8 +752,6 @@ test_tree() { ;; samba_4*) sw_config=$config --enable-selftest - sw_config=$sw_config --with-perl-lib-install-dir=$prefix/perl.lib - sw_config=$sw_config --with-perl-arch-install-dir=$prefix/perl.arch ;; samba_3*) sw_config=$config --enable-socket-wrapper -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1f878b9 Revert buildtools: Rename perl vendorarch configure option. via 0b91f7d Revert buildtools: Add perl vendorlib configure option. via 42990ca Revert wafsamba: If perl can't provide defaults, define them. via c5dd2f1 Revert wafsamba: Fail with error message if perl doesn't provide valid dirs. via ee21487 pidl/wscript: remove --with-perl-* options from cd87d9f torture: basic FSCTL_SET_ZERO_DATA tests http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f878b9986523ce9e35dd74ae3c201f4e55f66f3 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:48 2014 +0200 Revert buildtools: Rename perl vendorarch configure option. This reverts commit 04685ff4eed9535769d6a5feee7353f1796a4389. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 9 03:07:20 CEST 2014 on sn-devel-104 commit 0b91f7d806b9d18881edb8df981a9eeb057580e5 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:40 2014 +0200 Revert buildtools: Add perl vendorlib configure option. This reverts commit 48f0183dbeddd7bdf333a40fe0d3e1c7e7fe00f2. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 42990ca3c8fa5752280840ea202a537915680b7d Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:32 2014 +0200 Revert wafsamba: If perl can't provide defaults, define them. This reverts commit 0ba276ebad57d75a769e22414f94acbe8c177d97. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c5dd2f18dd09b08758fc68a4aac10cf01d775c85 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:21 2014 +0200 Revert wafsamba: Fail with error message if perl doesn't provide valid dirs. This reverts commit 2637890ef42a238093f0f3cbdda0d621d5f9b2e2. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ee2148754e2e2604ac918343fa8769a25523eb49 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 26 21:33:05 2014 +0200 pidl/wscript: remove --with-perl-* options These are not needed anymore as we have useful defaults now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: buildtools/wafadmin/Tools/perl.py | 51 +++- pidl/wscript |2 +- 2 files changed, 6 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py index 0f34e79..a6787a8 100644 --- a/buildtools/wafadmin/Tools/perl.py +++ b/buildtools/wafadmin/Tools/perl.py @@ -98,53 +98,12 @@ def check_perl_ext_devel(conf): conf.env.EXTUTILS_TYPEMAP = read_out('print $Config{privlib}/ExtUtils/typemap') conf.env.perlext_PATTERN = '%s.' + read_out('print $Config{dlext}')[0] - def try_any(keys): - for k in keys: - conf.start_msg(Checking for perl $Config{%s}: % k) - try: - v = read_out('print $Config{%s}' % k)[0] - conf.end_msg('%s' % (v), 'GREEN') - return v - except IndexError: - conf.end_msg(False, 'YELLOW') - pass - return None - - perl_arch_install_dir = None - if getattr(Options.options, 'perl_arch_install_dir', None): - perl_arch_install_dir = Options.options.perl_arch_install_dir - if perl_arch_install_dir is None
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8c3e0f8 script/autobuild.py: remove explicit --with-perl-*-install-dir options via fac24e1 pidl: remove superfluous use lib via b537c5a pidl: fix the perl module search path (use lib ...) when installing pidl. via f73a0c2 wafsamba: add perl_fixup parameter to INSTALL_FILES via e7fc38a s3:build: don't detect perl in source3/wscript again. via 191fc0e pidl/wscript: don't check for perl again. via 7bf9e93 build: do full SAMBA_CHECK_PERL() check in configure via 75c3e24 wafsamba: add samba_perl.py with SAMBA_CHECK_PERL() higher level check. via 6ad6781 dynconfig: implement PERL_ARCH_INSTALL_DIR via e5d54c5 dynconfig: implement PERL_LIB_INSTALL_DIR. via bb9a939 lib/ldb/wscript: pass dep_vars=['LDB_VERSION'] to SAMBA_GENERATOR() via de0443a docs-xml/wscript_build: pass dep_vars=bld.dynconfig_varnames() to SAMBA_GENERATOR() via 32ddd5b dynconfig/wscript: add dynconfig_varnames() via bab349c ctdb/wscript: pass dep_vars=['VERSION'] to SAMBA_GENERATOR() via a41a9ad wafsamba: let SAMBA_BLDOPTIONS() use dep_vars=['defines'] instead of always=True via 7316653 wafsamba: fix dependencies on environment variables for python_fixup via 04bb8ff wafsamba: allow an optional dep_vars list to be passed to SAMBA_GENERATOR() via da8c763 wafsamba: fix dependency for SAMBA_GENERATOR() when passing vars!=None via ee8fbbd wafsamba: fix dependency calculation for SAMBA_GENERATOR() via 210d7de wafsamba: improve wording in a comment via ca06fac wafsamba: remove unused variable from copy_and_fix_python_path from 2c57cc9 ctdb-call: Drop all deferred requests from older generation http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8c3e0f84ccafc6751777a9fa09a21d7be9af32cd Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 26 21:32:17 2014 +0200 script/autobuild.py: remove explicit --with-perl-*-install-dir options BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Sep 5 22:09:47 CEST 2014 on sn-devel-104 commit fac24e11655c554cd3113dfb6fc918a0fd3c880c Author: Michael Adam ob...@samba.org Date: Mon Aug 25 23:58:48 2014 +0200 pidl: remove superfluous use lib BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org commit b537c5a340bae2accbf35a4ec5eab7074b90f0b1 Author: Michael Adam ob...@samba.org Date: Mon Aug 25 23:57:23 2014 +0200 pidl: fix the perl module search path (use lib ...) when installing pidl. This way, pidl can also run with modules installed under the $prefix. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org commit f73a0c2af9748d57721211472cd6c50b990ee693 Author: Michael Adam ob...@samba.org Date: Thu Jul 17 16:54:54 2014 +0200 wafsamba: add perl_fixup parameter to INSTALL_FILES This fixes the search path for modules when installing a perl binary by replacing a line 'use lib $RealBin/lib;' which works for the build directory with the appropriate use lib line. This is a step in allowing to install perl modules under the prefix directory again. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit e7fc38a7df90e26a96ec5573042dccc1746e4f2c Author: Michael Adam ob...@samba.org Date: Wed Aug 27 22:19:38 2014 +0200 s3:build: don't detect perl in source3/wscript again. This is done in the top level now. Signed-off-by: Michael Adam ob...@samba.org commit 191fc0e541e7c9d0a1095dc287402df9947ce779 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 01:38:14 2014 +0200 pidl/wscript: don't check for perl again. This is done at the toplevel now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 7bf9e937ae59e10a9b40be3a60ffaad49669fb83 Author: Michael Adam ob...@samba.org Date: Tue Aug 26 01:31:17 2014 +0200 build: do full SAMBA_CHECK_PERL() check in configure ...instead of only checking for the perl binary This autodetects PERL_LIB_INSTALL_DIR and removes the need of the --with-perl-lib-install-dir when using a --prefix!=/usr. BUG: https://bugzilla.samba.org/show_bug.cgi
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b55a91e join.py: Set NT ACL on crossRef object for new partition from eee14f7 samba-tool/ldapcmp: update the list of non replicated attributes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b55a91e9d297c74602d6bd5ef6d2676cf1bfbc75 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 22 14:16:30 2014 +1200 join.py: Set NT ACL on crossRef object for new partition Change-Id: Icb1b00697cc5641481370ded26f2f0551a5b2a97 Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 2 14:15:54 CEST 2014 on sn-devel-104 --- Summary of changes: python/samba/descriptor.py |8 +++- python/samba/join.py | 10 +++--- 2 files changed, 14 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py index 164b0bf..86ea869 100644 --- a/python/samba/descriptor.py +++ b/python/samba/descriptor.py @@ -361,6 +361,13 @@ def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}): (A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED) return sddl2binary(sddl, domain_sid, name_map) +def get_paritions_crossref_subdomain_descriptor(domain_sid, name_map={}): +sddl = O:SubdomainAdminsG:SubdomainAdminsD:AI \ +(A;;RPWPCRCCLCLORCWOWDSW;;;SubdomainAdmins) +(A;;RPLCLORC;;;AU) +(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +return sddl2binary(sddl, domain_sid, name_map) + def get_wellknown_sds(samdb): # Then subcontainers @@ -427,7 +434,6 @@ def get_wellknown_sds(samdb): return subcontainers - def chunck_acl(acl): Return separate ACE of an ACL diff --git a/python/samba/join.py b/python/samba/join.py index d9e5e8c..c356145 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -29,6 +29,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN from samba.provision.common import setup_path from samba.schema import Schema +from samba import descriptor from samba.net import Net from samba.provision.sambadns import setup_bind9_dns from samba import read_and_sub_file @@ -672,8 +673,8 @@ class dc_join(object): add the various objects needed for the join, for subdomains post replication print Adding %s % ctx.partition_dn -# NOTE: windows sends a ntSecurityDescriptor here, we -# let it default +name_map = {'SubdomainAdmins': %s-%s % (str(ctx.domsid), security.DOMAIN_RID_ADMINS)} +sd_binary = descriptor.get_paritions_crossref_subdomain_descriptor(ctx.forestsid, name_map=name_map) rec = { dn : ctx.partition_dn, objectclass : crossRef, @@ -682,7 +683,10 @@ class dc_join(object): nETBIOSName : ctx.domain_name, dnsRoot: ctx.dnsdomain, trustParent : ctx.parent_partition_dn, -systemFlags : str(samba.dsdb.SYSTEM_FLAG_CR_NTDS_NC|samba.dsdb.SYSTEM_FLAG_CR_NTDS_DOMAIN)} +systemFlags : str(samba.dsdb.SYSTEM_FLAG_CR_NTDS_NC|samba.dsdb.SYSTEM_FLAG_CR_NTDS_DOMAIN), +ntSecurityDescriptor : sd_binary, +} + if ctx.behavior_version = samba.dsdb.DS_DOMAIN_FUNCTION_2003: rec[msDS-Behavior-Version] = str(ctx.behavior_version) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d68a2eb s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before add/modify via 11bbfd9 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before removing records via fd952bf s4:dlz_bind9: let dlz_bind9 use dns_common_replace() via dedcf30 s4:dlz_bind9: let dlz_bind9 use dns_common_extract() via 96dcebe s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for name lookup via 914a366 torture-dns: Add test for dlz_bind9 updates via e23621e torture-dns: Add test for dlz_bind9 zonedumps via 2189470 torture-dns: Add test for dlz_bind9 lookups via 76943bf s4:torture:dlz_bind9: fix spnego tests from 4383ec5 s4:setup/dns_update_list: make use of the new substitution variables http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d68a2ebecd244181b1238635ee54dadd05835525 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 31 09:30:16 2014 +0200 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before add/modify Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 27 15:21:19 CEST 2014 on sn-devel-104 commit 11bbfd932c113b3222bc93d59702271a3777b6f3 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 30 20:12:08 2014 +0200 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before removing records Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit fd952bf814835c4860ab10794225fbd583ee3ad5 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 30 18:51:39 2014 +0200 s4:dlz_bind9: let dlz_bind9 use dns_common_replace() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Change-Id: I2fd2503230cbf89445594e49f39ac321769ff06e Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit dedcf30fd12821c272002e3b4cbfda4ca38650fd Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 30 17:59:08 2014 +0200 s4:dlz_bind9: let dlz_bind9 use dns_common_extract() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Change-Id: I7c661964a3da1a1981f022a06b9bef25bbd33479 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 96dcebe8c20b9aa954a96a4deabe16957576be2c Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 30 08:40:32 2014 +0200 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for name lookup Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Change-Id: I2632fa0ce120a978f6f400fa5cbf18a7fbbd64a3 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 914a3667471ced3199f51db8bc1d4a6d3fbc4e8f Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 26 12:04:59 2014 +0200 torture-dns: Add test for dlz_bind9 updates Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit e23621e9dab67c8997d24b2ac7e4fd181fc5907c Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 26 10:34:17 2014 +0200 torture-dns: Add test for dlz_bind9 zonedumps Change-Id: I074b3e4cdad1a0b69c085dcaa44d6f48e68e863b Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 2189470c2f55afe29e9e8dad1d2659a7eb2d06f9 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 26 10:24:27 2014 +1200 torture-dns: Add test for dlz_bind9 lookups Change-Id: I3b9d1b56e3aa873fb8540b98e196b713b82332ca Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 76943bf0ac259fb8855bd123fe4bc85a103ba418 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 26 13:48:21 2014 +0200 s4:torture:dlz_bind9: fix spnego tests The dlz_bind9 module uses the special dns-${NETBIOSNAME} account, and this is only available under the dns/hostname.domain SPN, not host/hostname. Also the dlz_ssumatch() function returns isc_boolean_t instead of isc_result_t. As ISC_R_SUCCESS and ISC_FALSE have the same value we didn't notice this problem. Change-Id: I48539c3f48f5dde9eaa2fff6da0f3be2f9f66311 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source4/dns_server/dlz_bind9.c | 369 ++--- source4
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4383ec5 s4:setup/dns_update_list: make use of the new substitution variables via f1544e8 s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC via b139740 s4:samba_dnsupdate: don't try to be smart when verifying NS records via 25ec8e8 s4:samba_dnsupdate: cache the already registered records via 6e85370 s4:samba_dnsupdate: fix dnsobj.__str__() via c5088f3 s4:samba_dnsupdate: don't lower case the registered names via 5533d9c python/join: use lowercase for the dnshostname. via a9545f3 selftest/Samba3: also bind to ipv6 via 5d4b36d selftest/Samba4: also bind to ipv6 via 0e7abb3 selftest: export _IPV6 environment variables via 3fcc4a5 libcli/dns: ignore NS entries in dns_hosts_file.c at a higher log level for now via 7f18a3b libcli/dns: add support to dns_hosts_file.c via 5d397c8 s4:dlz_bind9: do an early talloc_free(el_ctx) in dlz_allnodes() via fbebe7e s4:dlz_bind9: avoid some compiler warnings via 4917153 s4:dns_server: handle tombstones in handle_one_update() via bb3ca93 s4:dns_server: add DNS_TYPE_TOMBSTONE support to dns_common_replace() via a0a81ab s4:dns_server: make sure dns_common_lookup() doesn't return tombstones via 3ff025a s4:dns_server: use .wType = DNS_TYPE_TOMBSTONE instead of ZERO_STRUCT() via 0689e79 s4:dns_server: split out dns_common_replace() via 7e7df78 s4:dns_server: remove const from dns_replace_records() via 342a087 s4:dns_server: split out dns_common_extract() and dns_common_lookup() via 99d5a5e s4:dns_server: split out a private 'dnsserver_common' library via d0f424a s4:dns_server: map LDB_ERR_NO_SUCH_OBJECT to WERR_DNS_ERROR_NAME_DOES_NOT_EXIST via deb21a9 s4:dns_server: handle WERR_DNS_ERROR_NAME_DOES_NOT_EXIST in werr_to_dns_err() from e914c2c smbd: Properly initialize mangle_hash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4383ec5b83d12bd19749582217f082cbaa31a128 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 28 18:54:13 2014 +0200 s4:setup/dns_update_list: make use of the new substitution variables This let us register the same names as Windows Servers. We only exception are the NS records. In future we could add them by using something like this: samba-tool dns add ${HOSTNAME} ${DNSDOMAIN} @ NS ${HOSTNAME} samba-tool dns add ${HOSTNAME} _msdcs.${DNSFOREST} @ NS ${HOSTNAME} samba-tool dns add ${HOSTNAME} ${DNSFOREST} _msdcs NS ${HOSTNAME} Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Aug 26 11:38:54 CEST 2014 on sn-devel-104 commit f1544e8d1de995aa304d63352d313ace8fea6ca5 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 28 17:33:50 2014 +0200 s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC This will make the dns_update_list more flexible. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit b13974048b74c60028d8387eb7fe4fc7734f0a91 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 8 00:05:03 2014 +0200 s4:samba_dnsupdate: don't try to be smart when verifying NS records We can't rely on the DNS delegation to be correct in the parent domain. What we really want is to check if we already have registered ourself as a NS record in our own domain. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 25ec8e8656f66fe51a0d48718cdcfd8b209f6ca0 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 28 08:29:40 2014 +0200 s4:samba_dnsupdate: cache the already registered records This way we can delete records which are not used anymore. E.g. if the ip address changed. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 6e853708def98545eeb6913b8a2dd59d439323e6 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 28 08:27:26 2014 +0200 s4:samba_dnsupdate: fix dnsobj.__str__() We should not implicitly use the global variable 'd'. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit c5088f338a38850674399ec8fec9f8f146b5880f Author: Stefan
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 815bde2 s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(). from 8d96a28 messaging_dgm: Factor out messaging_dgm_lockfile_name http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 815bde28eeb698904d38c351f67ad1b58aa5a2cc Author: Jeremy Allison j...@samba.org Date: Thu Aug 21 16:28:42 2014 -0700 s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(). Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored). We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104 --- Summary of changes: source3/smbd/posix_acls.c |6 +- 1 files changed, 1 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index b71fd89..126b822 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3280,11 +3280,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, num_profile_acls = 3; } - /* -* TODO: is this logic with SECINFO_PROTECTED_DACL, correct? -* See bug #10773. -*/ - if ((security_info SECINFO_DACL) !(security_info SECINFO_PROTECTED_DACL)) { + if (security_info SECINFO_DACL) { /* * In the optimum case Creator Owner and Creator Group would be used for -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c9169a5 s4-rpc: dnsserver: Do not return NS_GLUE records with VIEW_GLUE_DATA filter via 2036cbd s4-rpc: dnsserver: Correctly set rank for glue NS records via 9b720ab ctdb-build: Add missing dependency on popt via c53c3df ctdb-build: Remove unnecessary third_party symlink via 9f0b2f9 ldb: Fix check for third_party via 4f105b2 wafsamba: Correctly locate the 'third_party' directory from e411873 ctdb-build: Avoid unused variable warning in output from rpcgen http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c9169a5e987864473108d041513f1781740401ac Author: Amitay Isaacs ami...@gmail.com Date: Wed Jul 30 19:57:42 2014 +1000 s4-rpc: dnsserver: Do not return NS_GLUE records with VIEW_GLUE_DATA filter Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751 Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Aug 21 11:36:55 CEST 2014 on sn-devel-104 commit 2036cbd9249c84d9b46370f0e8cd6a0264c737ba Author: Amitay Isaacs ami...@gmail.com Date: Wed Jul 30 18:53:44 2014 +1000 s4-rpc: dnsserver: Correctly set rank for glue NS records Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751 Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org commit 9b720ab13923a91136c25bd80cd905a03e9ac95e Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 21 14:47:23 2014 +1000 ctdb-build: Add missing dependency on popt Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org commit c53c3dfeff1879b435f4fd3e63e430a93fa41e40 Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 21 14:46:54 2014 +1000 ctdb-build: Remove unnecessary third_party symlink Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org commit 9f0b2f9503c31daeb6b0b3d97716d0ceee57450f Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 21 14:34:03 2014 +1000 ldb: Fix check for third_party Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org commit 4f105b27b702de996d41976392740be11fd44eaf Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 21 14:33:42 2014 +1000 wafsamba: Correctly locate the 'third_party' directory Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: buildtools/wafsamba/samba_third_party.py |2 +- ctdb/third_party |1 - ctdb/wscript |2 +- lib/ldb/wscript |4 ++-- source4/rpc_server/dnsserver/dnsdata.c |2 +- source4/rpc_server/dnsserver/dnsdb.c |9 ++--- 6 files changed, 11 insertions(+), 9 deletions(-) delete mode 12 ctdb/third_party Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py index 36b98cb..46a1b94 100644 --- a/buildtools/wafsamba/samba_third_party.py +++ b/buildtools/wafsamba/samba_third_party.py @@ -6,7 +6,7 @@ from samba_bundled import * @conf def CHECK_FOR_THIRD_PARTY(conf): -return os.path.exists('third_party') +return os.path.exists(os.path.join(Utils.g_module.srcdir, 'third_party')) Build.BuildContext.CHECK_FOR_THIRD_PARTY = CHECK_FOR_THIRD_PARTY diff --git a/ctdb/third_party b/ctdb/third_party deleted file mode 12 index d838c05..000 --- a/ctdb/third_party +++ /dev/null @@ -1 +0,0 @@ -../third_party \ No newline at end of file diff --git a/ctdb/wscript b/ctdb/wscript index 898df47..d1f112e 100755 --- a/ctdb/wscript +++ b/ctdb/wscript @@ -212,7 +212,7 @@ def build(bld): ctdb_message.c cmdline.c rb_tree.c system_common.c ctdb_fork.c'''), includes='include include/internal common . lib/util', -deps='replace popt talloc tevent tdb') +deps='replace popt talloc tevent tdb popt') bld.SAMBA_SUBSYSTEM('ctdb-common-util', source=bld.SUBDIR('common', diff --git a/lib/ldb/wscript b/lib/ldb/wscript index be04544..6d9e845 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -13,7 +13,7 @@ while not os.path.exists(srcdir+'/buildtools') and len(srcdir.split('/')) 5: srcdir = srcdir + '/..' sys.path.insert(0, srcdir + '/buildtools/wafsamba') -import wafsamba, samba_dist, Options +import wafsamba, samba_dist, Options, Utils samba_dist.DIST_DIRS('''lib/ldb:. lib/replace:lib/replace lib
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5cbda7e libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info() via 1b3ee5e s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS via f56bfff security.idl: add SMB_SUPPORTED_SECINFO_FLAGS from 52063e9 s3:libsmb: Set a max charge for SMB2 connections http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5cbda7e24873ffb5946c7578576ad1af1579ae60 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 20 15:00:59 2014 +0200 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104 commit 1b3ee5e5a336064f324715d46f80661305d93c28 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 20 13:58:38 2014 +0200 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags before sending the security_information to the server. security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL results in a NULL dacl being returned from an GetSecurityDecriptor request. This happens because posix_get_nt_acl_common() has the following logic: if ((security_info SECINFO_DACL) !(security_info SECINFO_PROTECTED_DACL)) { ... create DACL ... } I'm not sure if the logic is correct or wrong in this place (I guess it's wrong...). But what I know is that the SMB server should filter the given security_information flags before passing to the filesystem. [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY ... The server MUST ignore any flag value in the AdditionalInformation field that is not specified in section 2.2.37. Section 2.2.37 lists: OWNER_SECURITY_INFORMATION GROUP_SECURITY_INFORMATION DACL_SECURITY_INFORMATION SACL_SECURITY_INFORMATION LABEL_SECURITY_INFORMATION ATTRIBUTE_SECURITY_INFORMATION SCOPE_SECURITY_INFORMATION BACKUP_SECURITY_INFORMATION Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit f56bfffa51d86f96f0e71cf0c3fe23f1008ddd88 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 20 13:43:13 2014 +0200 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS A SMB server should only care about specific SECINFO flags and ignore others e.g. SECINFO_PROTECTED_DACL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: libcli/security/secdesc.c | 36 librpc/idl/security.idl | 18 ++ source3/smbd/nttrans.c |7 --- source3/smbd/posix_acls.c |4 source3/smbd/smb2_getinfo.c |3 ++- source3/smbd/smb2_setinfo.c |3 ++- 6 files changed, 50 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index 052bafb..46b820e 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -24,13 +24,6 @@ #include librpc/gen_ndr/ndr_security.h #include libcli/security/security.h -#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ - SECINFO_DACL|SECINFO_SACL|\ - SECINFO_UNPROTECTED_SACL|\ - SECINFO_UNPROTECTED_DACL|\ - SECINFO_PROTECTED_SACL|\ - SECINFO_PROTECTED_DACL) - /* Map generic permissions to file object specific permissions */ const struct generic_mapping file_generic_mapping = { @@ -46,21 +39,32 @@ const struct generic_mapping file_generic_mapping = { uint32_t get_sec_info(const struct security_descriptor *sd) { - uint32_t sec_info = ALL_SECURITY_INFORMATION; + uint32_t sec_info = 0; SMB_ASSERT(sd); - if (sd-owner_sid == NULL) { - sec_info = ~SECINFO_OWNER; + if (sd-owner_sid != NULL) { + sec_info |= SECINFO_OWNER; + } + if (sd-group_sid != NULL) { + sec_info |= SECINFO_GROUP; } - if (sd-group_sid == NULL) { - sec_info = ~SECINFO_GROUP; + if (sd-sacl != NULL
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 24fb6cf Revert Reuse DEADAGE rather than defining our own constant. from 6f0134c Revert style changes on instructions page. http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 24fb6cfe7e6a98c48fdb73c9926d85006d70fcc0 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 19 07:42:13 2014 +0200 Revert Reuse DEADAGE rather than defining our own constant. This reverts commit b60f215d1fa2f04bee4c650efbba629a215fda6f. This generates the following error: Traceback (most recent call last): File /usr/lib/python2.6/wsgiref/handlers.py, line 94, in run self.finish_response() File /usr/lib/python2.6/wsgiref/handlers.py, line 134, in finish_response for data in self.result: File /home/build/master/web/../buildfarm/web/__init__.py, line 1178, in __call__ yield .join(self.html_page(form, page.render_html(myself))) File /home/build/master/web/../buildfarm/web/__init__.py, line 1017, in html_page yield .join(lines) File /home/build/master/web/../buildfarm/web/__init__.py, line 757, in render_html (host_count, broken_count, panic_count) = self._get_counts() File /home/build/master/web/../buildfarm/web/__init__.py, line 730, in _get_counts builds = self.buildfarm.get_summary_builds(min_age=time.time() - BuildFarm.DEADAGE) NameError: global name 'BuildFarm' is not defined Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: TODO |1 - buildfarm/web/__init__.py |7 ++- 2 files changed, 6 insertions(+), 2 deletions(-) delete mode 100644 TODO Changeset truncated at 500 lines: diff --git a/TODO b/TODO deleted file mode 100644 index 1480b02..000 --- a/TODO +++ /dev/null @@ -1 +0,0 @@ -- age is misnamed diff --git a/buildfarm/web/__init__.py b/buildfarm/web/__init__.py index 8794978..7ba04c5 100755 --- a/buildfarm/web/__init__.py +++ b/buildfarm/web/__init__.py @@ -58,6 +58,11 @@ webdir = os.path.abspath(os.path.join(os.path.dirname(__file__), .., .., we GITWEB_BASE = //gitweb.samba.org HISTORY_HORIZON = 1000 +# Maximum age of builds to consider when displaying summary page statistics. +# Note that trees only get rebuilt when they change, so this value is +# intentionally set to a high value to cope with trees that don't change often. +SUMMARY_MAX_BUILD_AGE = (180 * 24 * 60 * 60) + # this is automatically filled in deadhosts = [] @@ -727,7 +732,7 @@ class ViewSummaryPage(BuildFarmPage): # output when we want broken_table = -builds = self.buildfarm.get_summary_builds(min_age=time.time() - BuildFarm.DEADAGE) +builds = self.buildfarm.get_summary_builds(min_age=time.time() - SUMMARY_MAX_BUILD_AGE) for tree, status in builds: host_count[tree]+=1 -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 98426ad lib/param: change the default for winbind expand groups to 0 from 85a03c8 debug: Remove thread-related code from debug.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 98426ad467fa64975bd9e6aa32530a2dde719035 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 24 09:12:14 2014 +0200 lib/param: change the default for winbind expand groups to 0 Expanding groups requires the usage of SAMR, which is often not possible with the trust account credentials. This has caused a lot of trouble in the past, as this is the only operation which requires a member to contact a dc of a trusted domain directly, which is not always possible. With this changed default, it should only be required to contact a dc of our own domain. This is the correct behavior for a domain member. As expanding groups is mostly cosmetic, we should avoid it. This is similar to winbind enum users and winbind enum groups, which are also off by default. Only some broken applications calculate the group memberships of users by traversing groups, such applications will require winbind expand groups = 1. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Björn Jacke b...@sernet.de Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jul 31 18:48:36 CEST 2014 on sn-devel-104 --- Summary of changes: .../smbdotconf/winbind/winbindexpandgroups.xml |9 +++-- lib/param/loadparm.c |2 +- source3/param/loadparm.c |2 +- 3 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/winbind/winbindexpandgroups.xml b/docs-xml/smbdotconf/winbind/winbindexpandgroups.xml index 19b81b3..57077b3 100644 --- a/docs-xml/smbdotconf/winbind/winbindexpandgroups.xml +++ b/docs-xml/smbdotconf/winbind/winbindexpandgroups.xml @@ -17,8 +17,13 @@ result in system slowdown as the main parent winbindd daemon must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time./para - + + paraThe default value was changed from 1 to 0 with Samba 4.2. + Some broken applications calculate the group memberships of + users by traversing groups, such applications will require + winbind expand groups = 1. But the new default makes winbindd more reliable + as it doesn't require SAMR access to domain controllers of trusted domains./para /description -value type=default1/value +value type=default0/value /samba:parameter diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 480f970..21798d9 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2672,7 +2672,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, ldap connection timeout, 2); - lpcfg_do_global_parameter(lp_ctx, winbind expand groups, 1); + lpcfg_do_global_parameter(lp_ctx, winbind expand groups, 0); lpcfg_do_global_parameter(lp_ctx, stat cache, yes); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dee6224..f3356bf 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -802,7 +802,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.winbind_use_default_domain = false; Globals.winbind_trusted_domains_only = false; Globals.winbind_nested_groups = true; - Globals.winbind_expand_groups = 1; + Globals.winbind_expand_groups = 0; Globals.winbind_nss_info = (const char **)str_list_make_v3(NULL, template, NULL); Globals.winbind_refresh_tickets = false; Globals.winbind_offline_logon = false; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6d10418 tests: dnsserver: Add a update test with name set to '.' via 4b4e30b s4-rpc: dnsserver: Allow . to be specified for @ record from a49ba00 selftest: Fix a typo (SIGTERm -- SIGTERM) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6d104182d9667e4f996439d24cfa052f34098ce4 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 28 18:09:37 2014 +1000 tests: dnsserver: Add a update test with name set to '.' Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jul 29 19:33:19 CEST 2014 on sn-devel-104 commit 4b4e30b780345c74f9983ba77f04c616b3d034b7 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 28 13:07:58 2014 +1000 s4-rpc: dnsserver: Allow . to be specified for @ record Windows allow both . and @ to be specified with modifying @ record. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742 Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: python/samba/tests/dcerpc/dnsserver.py | 41 ++- source4/rpc_server/dnsserver/dcerpc_dnsserver.c |4 ++- 2 files changed, 43 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py index 59d6eee..e2c6667 100644 --- a/python/samba/tests/dcerpc/dnsserver.py +++ b/python/samba/tests/dcerpc/dnsserver.py @@ -19,7 +19,7 @@ from samba.dcerpc import dnsp, dnsserver from samba.tests import RpcInterfaceTestCase, env_get_var_value -from samba.netcmd.dns import ARecord +from samba.netcmd.dns import ARecord, NSRecord class DnsserverTests(RpcInterfaceTestCase): @@ -239,3 +239,42 @@ class DnsserverTests(RpcInterfaceTestCase): select_flags, None, None) + +def test_updaterecords2_soa(self): +client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN +record_type = dnsp.DNS_TYPE_NS +select_flags = (dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA | +dnsserver.DNS_RPC_VIEW_NO_CHILDREN) + +nameserver = 'ns.example.local' +rec = NSRecord(nameserver) + +# Add record +add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF() +add_rec_buf.rec = rec +self.conn.DnssrvUpdateRecord2(client_version, +0, +self.server, +self.zone, +'.', +add_rec_buf, +None) + +buflen, result = self.conn.DnssrvEnumRecords2(client_version, +0, +self.server, +self.zone, +'@', +None, +record_type, +select_flags, +None, +None) +self.assertEquals(1, result.count) +self.assertEquals(2, result.rec[0].wRecordCount) +match = False +for i in range(2): +self.assertEquals(dnsp.DNS_TYPE_NS, result.rec[0].records[i].wType) +if result.rec[0].records[i].data.str.rstrip('.') == nameserver: +match = True +self.assertEquals(match, True) diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c index f3dd195..856016c 100644 --- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c @@ -1859,7 +1859,9 @@ static WERROR dnsserver_update_record(struct dnsserver_state *dsstate, W_ERROR_HAVE_NO_MEMORY(tmp_ctx); /* If node_name is @ or zone name, dns record is @ */ - if (strcmp(node_name, @) == 0 || strcasecmp(node_name, z-name) == 0) { + if (strcmp(node_name, @) == 0 || + strcmp(node_name, .) == 0 || + strcasecmp(node_name, z-name) == 0) { name = talloc_strdup(tmp_ctx, @); } else { name = dns_split_node_name(tmp_ctx, node_name, z-name); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ff13e28 tests: dnsserver: Remove duplicate empty test function from f958867 s3: winbindd: On new client connect, prune idle or hung connections older than winbind request timeout http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ff13e28d8cca29716c382928e1261324e1e6d6f5 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 28 18:08:55 2014 +1000 tests: dnsserver: Remove duplicate empty test function This test function is defined further in the file. Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 30 07:00:57 CEST 2014 on sn-devel-104 --- Summary of changes: python/samba/tests/dcerpc/dnsserver.py |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py index e2c6667..2b421d0 100644 --- a/python/samba/tests/dcerpc/dnsserver.py +++ b/python/samba/tests/dcerpc/dnsserver.py @@ -31,10 +31,6 @@ class DnsserverTests(RpcInterfaceTestCase): self.get_loadparm(), self.get_credentials()) -def test_operation2(self): -pass - - def test_query2(self): typeid, result = self.conn.DnssrvQuery2(dnsserver.DNS_CLIENT_VERSION_W2K, 0, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 7e7790f Merge tag 'samba-4.1.10' into v4-1-test via fcc634b Merge commit 'origin/v4-1-test^' into v4-1-stable via 97d7291 Merge tag 'samba-4.1.9' into v4-1-stable via 3872776 VERSION: Disable git snapshot for the 4.1.9 release. from b474dc7 VERSION: Bump version number up to 4.1.11... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 7e7790f00ea6926d13c19d0b24066051b0e31669 Merge: b474dc70f11ebd5fcfd5c0dfa40e94cea5ce206c fcc634b483255bedf53f3aea40334c018e13dcce Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 28 10:07:54 2014 +0200 Merge tag 'samba-4.1.10' into v4-1-test samba: tag release samba-4.1.10 Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f86c7d smbd: Fix a typo via 67fb294 smbd: ?True:False is pretty pointless :-) via c6ec923 smbd: Add missing {} via 7dee885 smbd: Remove superfluous () via d27f3ef smbd: Fix a typo via 188017e smbd: Simplify brl_locktest via 50b74cc smbd: Restructure brl_conflict_other via a48c0a4 smbd: Fix indentation, {} and line length in brl_conflict_other via 2d8576e smbd: Rename lck2-rw_probe in brl_conflict_other via e75e4b2e smbd: Rename lck1-lock in brl_conflict_other via 432130c smbd: Use a struct initializer brl_lock via 164e0cb smbd: Simplify strict_lock_default with early returns via ff9a0a8 smbd: Use %ju/uintmax_t in source3/locking via 823215b smbd: err is no longer set in get_lock_offset via bd787be smbd: Add comments via b3d1d56 smbd/nmbd: Remove HAVE_LONGLONG via f77caa3 smbd: Simplify unpack_nt_owners via ff53cde lib: Fix a valgrind error from a017280 messaging4: Fix a just-introduced error memleak http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f86c7d3f8231410709be78a04f1f589c2c08ac0 Author: Volker Lendecke v...@samba.org Date: Tue Jul 15 14:49:25 2014 + smbd: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jul 22 17:57:56 CEST 2014 on sn-devel-104 commit 67fb294e64da9a3f1ab23838fd5bccde9cd9ccc7 Author: Volker Lendecke v...@samba.org Date: Mon Jul 14 15:22:01 2014 + smbd: ?True:False is pretty pointless :-) Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c6ec923dce22770e54cd7f58937fbf2b75c28190 Author: Volker Lendecke v...@samba.org Date: Mon Jul 14 15:20:57 2014 + smbd: Add missing {} Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 7dee885cc6c4ab04e9f719c6cbb449594af45f87 Author: Volker Lendecke v...@samba.org Date: Mon Jul 14 15:19:53 2014 + smbd: Remove superfluous () Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d27f3ef318820d18214b91a6d33cfa537a6f41d7 Author: Volker Lendecke v...@samba.org Date: Mon Jul 14 15:10:53 2014 + smbd: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 188017ea324e7c6b7aba7f51a9baa490c0690a01 Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 15:35:45 2014 +0200 smbd: Simplify brl_locktest Pass struct lock_struct as a parameter. This had to be destructured before the call and re-constructed inside brl_locktest. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 50b74ccb6ae37f193f1f109a04a9a15ed48dfae5 Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 13:27:39 2014 +0200 smbd: Restructure brl_conflict_other It took me really long to grasp what's going on in this routine. I hope its logic is easier to understand now Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a48c0a42ce44bffc6132ce19555aa8f168c8957a Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 13:21:20 2014 +0200 smbd: Fix indentation, {} and line length in brl_conflict_other Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 2d8576ea7cdf50c53ea7be68134918aacfbaf5b5 Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 13:20:10 2014 +0200 smbd: Rename lck2-rw_probe in brl_conflict_other Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit e75e4b2ed8eddf43d4752dae2dc571fc02e0137d Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 13:19:36 2014 +0200 smbd: Rename lck1-lock in brl_conflict_other lck1 and lck2 are treated differently. They should carry more descriptive names. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 432130c57248b7f8085f7978053d1f6cdfb02b4a Author: Volker Lendecke v...@samba.org Date: Fri Jul 11 12:41:54 2014 +0200 smbd: Use a struct initializer brl_lock Avoids a #ifdef DEVELOPER and saves a few bytes .text Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 164e0cb23cd2e30d4cd2cb4ca2bad32e885bb754 Author: Volker Lendecke v...@samba.org Date: Thu Jul 10 22:23:37 2014 +0200 smbd: Simplify strict_lock_default with early returns
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d90f332 s4:torture/rpc: add rpc.netlogon.ServerReqChallengeGlobal via 321ebc9 s4:rpc_server/netlogon: keep a global challenge table from 4580702 lib/util: move memcache.[ch] to the toplevel 'samba-util' library http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d90f3323ee001080645dcd25da8b8ce1367b1377 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 16:05:12 2014 +0200 s4:torture/rpc: add rpc.netlogon.ServerReqChallengeGlobal This demonstrates that the challenge table should be global. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Jul 19 12:51:39 CEST 2014 on sn-devel-104 commit 321ebc99b5a00f82265aee741a48aa84b214d6e8 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 14:20:58 2014 +0200 s4:rpc_server/netlogon: keep a global challenge table Some clients call netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections. This works against Windows DCs as they have a global challenge table. A VMware provisioning task for Windows VMs seemy to rely on this behavior. As a fallback we're storing the challenge in a global memcache with a fixed size. This should allow these strange clients to work against a Samba AD DC. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: source4/rpc_server/netlogon/dcerpc_netlogon.c | 91 +++- source4/torture/rpc/netlogon.c| 73 2 files changed, 160 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index c7fed22..49eb5c3 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -27,6 +27,7 @@ #include auth/auth_sam_reply.h #include dsdb/samdb/samdb.h #include ../lib/util/util_ldb.h +#include ../lib/util/memcache.h #include ../libcli/auth/schannel.h #include libcli/security/security.h #include param/param.h @@ -39,6 +40,8 @@ #include librpc/gen_ndr/ndr_irpc.h #include lib/socket/netif.h +static struct memcache *global_challenge_table; + struct netlogon_server_pipe_state { struct netr_Credential client_challenge; struct netr_Credential server_challenge; @@ -49,9 +52,27 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal { struct netlogon_server_pipe_state *pipe_state = talloc_get_type(dce_call-context-private_data, struct netlogon_server_pipe_state); + DATA_BLOB key, val; ZERO_STRUCTP(r-out.return_credentials); + if (global_challenge_table == NULL) { + /* +* We maintain a global challenge table +* with a fixed size (8k) +* +* This is required for the strange clients +* which use different connections for +* netr_ServerReqChallenge() and netr_ServerAuthenticate3() +* +*/ + global_challenge_table = memcache_init(talloc_autofree_context(), + 8192); + if (global_challenge_table == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + /* destroyed on pipe shutdown */ if (pipe_state) { @@ -71,6 +92,11 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal dce_call-context-private_data = pipe_state; + key = data_blob_string_const(r-in.computer_name); + val = data_blob_const(pipe_state, sizeof(*pipe_state)); + + memcache_add(global_challenge_table, SINGLETON_CACHE, key, val); + return NT_STATUS_OK; } @@ -79,6 +105,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca { struct netlogon_server_pipe_state *pipe_state = talloc_get_type(dce_call-context-private_data, struct netlogon_server_pipe_state); + DATA_BLOB challenge_key; + bool challenge_valid = false; + struct netlogon_server_pipe_state challenge; struct netlogon_creds_CredentialState *creds; struct ldb_context *sam_ctx; struct samr_Password *mach_pwd; @@ -100,6 +129,57 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4580702 lib/util: move memcache.[ch] to the toplevel 'samba-util' library via b560fac s3:lib/memcache: only include the required header files via 91105d1 s3:lib/memcache: make use of talloc for memcache_elements via d7cbc63 s3:lib/memcache: use uint8_t instead of uint8 from 8d33cdd ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 45807028d478c082fef6f3a3d5a142d96d63fb50 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 12:58:34 2014 +0200 lib/util: move memcache.[ch] to the toplevel 'samba-util' library This is generic enough that it could be used in all code. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104 commit b560fac7f78b761ee279d8e87a749125665eb5d1 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 12:49:48 2014 +0200 s3:lib/memcache: only include the required header files We don't need the full includes.h. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 91105d1057c29c5878f50678baeb1bd1a6f1abe3 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 12:48:51 2014 +0200 s3:lib/memcache: make use of talloc for memcache_elements Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit d7cbc63dc7537fc9562da985b77f6d62dc41fd84 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 17 12:41:20 2014 +0200 s3:lib/memcache: use uint8_t instead of uint8 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: {source3/lib = lib/util}/memcache.c | 22 +- {source3/include = lib/util}/memcache.h |2 -- lib/util/wscript_build |2 +- source3/auth/token_util.c|2 +- source3/lib/access.c |2 +- source3/lib/gencache.c |2 +- source3/lib/id_cache.c |2 +- source3/lib/username.c |2 +- source3/lib/util_sock.c |2 +- source3/passdb/lookup_sid.c |2 +- source3/passdb/pdb_interface.c |2 +- source3/smbd/dir.c |2 +- source3/smbd/globals.c |2 +- source3/smbd/mangle_hash2.c |2 +- source3/smbd/server.c|2 +- source3/smbd/statcache.c |2 +- source3/smbd/vfs.c |2 +- source3/torture/torture.c|2 +- source3/wscript_build|2 +- 19 files changed, 30 insertions(+), 28 deletions(-) rename {source3/lib = lib/util}/memcache.c (95%) rename {source3/include = lib/util}/memcache.h (99%) Changeset truncated at 500 lines: diff --git a/source3/lib/memcache.c b/lib/util/memcache.c similarity index 95% rename from source3/lib/memcache.c rename to lib/util/memcache.c index 88453f3..50e59fc 100644 --- a/source3/lib/memcache.c +++ b/lib/util/memcache.c @@ -17,8 +17,13 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#include memcache.h +#include replace.h +#include talloc.h +#include ../lib/util/samba_util.h +#include ../lib/util/debug.h +#include ../lib/util/dlinklist.h #include ../lib/util/rbtree.h +#include memcache.h static struct memcache *global_cache; @@ -26,7 +31,7 @@ struct memcache_element { struct rb_node rb_node; struct memcache_element *prev, *next; size_t keylength, valuelength; - uint8 n;/* This is really an enum, but save memory */ + uint8_t n; /* This is really an enum, but save memory */ char data[1]; /* placeholder for offsetof */ }; @@ -63,7 +68,7 @@ static int memcache_destructor(struct memcache *cache) { for (e = cache-mru; e != NULL; e = next) { next = e-next; - SAFE_FREE(e); + TALLOC_FREE(e); } return 0; } @@ -96,7 +101,7 @@ static struct memcache_element *memcache_node2elem(struct rb_node *node) static void memcache_element_parse(struct memcache_element *e, DATA_BLOB *key, DATA_BLOB *value) { - key-data = ((uint8 *)e) + offsetof(struct memcache_element, data); + key-data = ((uint8_t *)e) + offsetof(struct memcache_element, data); key-length = e-keylength; value-data = key-data + e-keylength; value-length
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8d33cdd ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() from dff649f lib/zlib: Remove undeeded files that trigger GPL issues. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d33cddcb001a5a78aca036161d6223268274211 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 16 16:17:56 2014 +0200 ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() Searches for '(objectCategory=Person)' will leak a ldb_dn structure on the ldb_context. These searches are typically used by Zarafa. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10469 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jul 17 00:51:57 CEST 2014 on sn-devel-104 --- Summary of changes: lib/ldb-samba/ldif_handlers.c |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index 4425f86..d9d799c 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -483,8 +483,13 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in-data, in-length); sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); if (sclass) { - struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, + struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb, sclass-defaultObjectCategory); + if (dn == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn)); talloc_free(tmp_ctx); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fa06617 s3:winbindd: remove unused get[pw|gr]ent_initialized from winbindd_cli_state via b280395 selftest: teardown the environments also on getting SIGPIPE from a6523d7 s3:smb2_negprot: change smb max {read,write,trans} to 8MiB (as default) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fa066178868c7437b1b7e84abe3b545e53983c8f Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 7 15:12:37 2014 +0200 s3:winbindd: remove unused get[pw|gr]ent_initialized from winbindd_cli_state Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jul 11 18:46:09 CEST 2014 on sn-devel-104 commit b2803950fc439017680069813fc49255a3f0cbbf Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 10 14:28:56 2014 +0200 selftest: teardown the environments also on getting SIGPIPE make test uses selftest.pl | subuntu-filter.py ... FAIL_IMMEDIATELY=1 lets subuntu-filter.py exit, which generates SIGPIPE in selftest.pl. We should handle this just like any other signal and teardown all environments. This should make the teardown process more reliable/verbose. Pair-Programmed-With: Michael Adam ob...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: selftest/selftest.pl| 25 +++-- source3/winbindd/winbindd.h |4 2 files changed, 15 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 831ebd9..fde8451 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -64,14 +64,6 @@ my $prefix = ./st; my @includes = (); my @excludes = (); -sub pipe_handler { - my $sig = shift @_; - print STDERR Exiting early because of SIGPIPE.\n; - exit(1); -} - -$SIG{PIPE} = \pipe_handler; - sub find_in_list($$) { my ($list, $fullname) = @_; @@ -770,12 +762,24 @@ my @exported_envvars = ( GID_RFC2307TEST ); -$SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { +sub sighandler($) +{ my $signame = shift; + + $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = 'DEFAULT'; + $SIG{PIPE} = 'IGNORE'; + + open(STDOUT, STDERR) or die can't dup STDOUT to STDERR: $!; + + print $0: PID[$$]: Got SIG${signame} teardown environments.\n; teardown_env($_) foreach(keys %running_envs); - die(Received signal $signame); + system(pstree -p $$); + print $0: PID[$$]: Exiting...\n; + exit(1); }; +$SIG{INT} = $SIG{QUIT} = $SIG{TERM} = $SIG{PIPE} = \sighandler; + sub setup_env($$) { my ($name, $prefix) = @_; @@ -871,6 +875,7 @@ sub teardown_env($) { my ($envname) = @_; return if ($envname eq none); + print STDERR teardown_env($envname)\n; my $env = get_running_env($envname); $env-{target}-teardown_env($env); delete $running_envs{$envname}; diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 5b98928..db5dac8 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -67,10 +67,6 @@ struct winbindd_cli_state { struct winbindd_request *request; /* Request from client */ struct tevent_queue *out_queue; struct winbindd_response *response;/* Respose to client */ - bool getpwent_initialized;/* Has getpwent_state been - * initialized? */ - bool getgrent_initialized;/* Has getgrent_state been - * initialized? */ struct getpwent_state *pwent_state; /* State for getpwent() */ struct getgrent_state *grent_state; /* State for getgrent() */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a6523d7 s3:smb2_negprot: change smb max {read,write,trans} to 8MiB (as default) via 1000e42 s3:smb2_negprot: allow smb max {read,write,trans} up to 8MiB from 740d12d libwbclient: reject unknown named blobs in wbcCredentialCache() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a6523d78c347acf56b921edbc2276131b12a51aa Author: Stefan Metzmacher me...@samba.org Date: Fri Jun 13 01:55:21 2014 +0200 s3:smb2_negprot: change smb max {read,write,trans} to 8MiB (as default) This matches Windows 2012R2. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jul 11 04:59:29 CEST 2014 on sn-devel-104 commit 1000e424fcc530c6befe442b36f7e0e6912c0c30 Author: Stefan Metzmacher me...@samba.org Date: Fri Jun 13 01:55:21 2014 +0200 s3:smb2_negprot: allow smb max {read,write,trans} up to 8MiB This matches Windows 2012R2. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: docs-xml/smbdotconf/protocol/smb2maxread.xml |8 docs-xml/smbdotconf/protocol/smb2maxtrans.xml |8 docs-xml/smbdotconf/protocol/smb2maxwrite.xml |8 lib/param/loadparm.h |6 +++--- source3/smbd/smb2_negprot.c |8 5 files changed, 19 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml index 045e7d9..3b18531 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxread.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml @@ -8,13 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call. /para -paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para -paraPlease note that the default is 1MiB, but it's limit is based on the -smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +paraThe maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2./para +paraPlease note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB = 2.1 with LargeMTU). Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max write/related relatedsmb2 max trans/related -value type=default1048576/value +value type=default8388608/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml index d4d83b9..64225a5 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml @@ -8,13 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls. /para -paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para -paraPlease note that the default is 1MiB, but it's limit is based on the -smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +paraThe maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2./para +paraPlease note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 1MiB for SMB = 2.1 with LargeMTU). Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max read/related relatedsmb2 max write/related -value type=default1048576/value +value type=default8388608/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml index 1789bc6..4e7103c 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml @@ -8,13 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size that may be sent to the server by a single SMB2 write call. /para -paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para -paraPlease note that the default is 1MiB, but it's limit is based on the -smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +paraThe maximum is 8388608 bytes (8MiB), which is the same as a Windows Server 2012 r2./para +paraPlease note that the default is 8MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB == 2.0, 8MiB for SMB = 2.1 with LargeMTU). Large MTU is not supported over NBT (tcp port 139)./para
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 04e9d02 s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now via 9bfbff6 dbcheck: Add check and test for various invalid userParameters values via d7b4d10 dsdb: Always store and return the userParameters as a array of LE 16-bit values via 1592eaa dsdb: Set syntax of userParameters to binary string, not unicode string via d64bc6c s4:dsdb/repl_meta_data: make sure objectGUID can't be deleted via 9e6349f s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED via fa17727 s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in when deleting tombstone/deleted objects via 26fa0b9 s4:dsdb/schema_load: make error message more verbose from 55fbe36 ctdb-daemon: Support per-node robust mutex feature http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 04e9d020c97c2dcd360b1845907f4c396d5671dc Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 8 16:19:09 2014 +0200 s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now For now it's safer to reject setting 'userParameters' via LDAP, as we'll not provide the same behavior as a Windows Server. If someone requires that feature please report this in the following bug reports! Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104 commit 9bfbff65436a088fab5d564b6c0bb122a76492bc Author: Andrew Bartlett abart...@samba.org Date: Tue Jun 17 16:00:57 2014 +1200 dbcheck: Add check and test for various invalid userParameters values Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Change-Id: I6f2f4169856ce78c62e3a7e74b48520cca9cb9ae Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d7b4d10aba90f4a1acf01d1d5ab62161862f62f7 Author: Andrew Bartlett abart...@samba.org Date: Tue Jun 17 16:03:22 2014 +1200 dsdb: Always store and return the userParameters as a array of LE 16-bit values This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly. Allocating one byte less memory than required causes malloc() heap corruption and then a crash or lockup of the SAMR server. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6 Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 1592eaa5c781af83aa64bc4e7211339e1d1eafce Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 24 10:12:24 2013 -0700 dsdb: Set syntax of userParameters to binary string, not unicode string This means we continue to store the values as given on SAMR, assuming that the SAMR buffer is little endian. The syntax for this specific object is forced to be a binary blob, so that it is not converted on DRSUAPI. This commit does not fix existing databases, nor pdb_samba_dsdb (used by classicupgrade). Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Change-Id: I10bb6aaecc381194e3c0ce6b9163f961acbdcee1 Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit d64bc6c9af24109e89632db9133070f2ab827c46 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 7 23:51:31 2014 +0200 s4:dsdb/repl_meta_data: make sure objectGUID can't be deleted Bug: https://bugzilla.samba.org/show_bug.cgi?id=9763 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 9e6349f81edb3914d18bc50473d65c0c1f5bc113 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 7 12:00:14 2014 +0200 s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED We should take the controls the caller provided when we search for existing objects. A search with a basedn of 'GUID=' should result in LDB_ERR_NO_SUCH_OBJECT is the object has isDeleted=TRUE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit fa177273b87d980f81f19acb2f1a9154f8c6bfd9 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 7 22:53:19 2014 +0200 s4:dsdb/kcc: use SHOW_RECYCLED
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 439de09 s3: Fix fsctl_validate_neg_info to pass MS compliance suite. via 6221937 s3: Refactor smbd_smb2_request_process_negprot from cad1d0b torture3: Reproducer for bug 10593 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 439de096ae0e1c1b8812fa202f5eba7a891d7a0a Author: Ira Cooper i...@samba.org Date: Fri Jun 20 21:41:19 2014 -0700 s3: Fix fsctl_validate_neg_info to pass MS compliance suite. It turns out that all the client and server need to agree on is what protocol should have been negotiated. If they disagree, they should disconnect. The contents of the list of protocols used during negotiate and during FSCTL_VALIDATE_NEGOTIATE_INFO do not need to match. Signed-off-by: Ira Cooper i...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Jun 23 14:28:25 CEST 2014 on sn-devel-104 commit 6221937acac7017dee397d1c9846236d9fd5f613 Author: Ira Cooper i...@samba.org Date: Fri Jun 20 21:29:26 2014 -0700 s3: Refactor smbd_smb2_request_process_negprot Breakout smb2_protocol_dialect_match to support future work in fsctl_validate_neg_info. Signed-off-by: Ira Cooper i...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/smbd/globals.h |3 + source3/smbd/smb2_ioctl_network_fs.c | 28 --- source3/smbd/smb2_negprot.c | 140 +++--- 3 files changed, 97 insertions(+), 74 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 28e4f94..d9ca5e3 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -260,6 +260,9 @@ NTSTATUS smbd_smb2_request_verify_creditcharge(struct smbd_smb2_request *req, NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req, size_t expected_body_size); +enum protocol_types smbd_smb2_protocol_dialect_match(const uint8_t *indyn, +const int dialect_count, +uint16_t *dialect); NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req); NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req); NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req); diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 5e0dc10..b2dfb21 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -355,9 +355,10 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx, struct GUID in_guid; uint16_t in_security_mode; uint16_t in_num_dialects; - uint16_t i; + uint16_t dialect; DATA_BLOB out_guid_blob; NTSTATUS status; + enum protocol_types protocol = PROTOCOL_NONE; if (in_input-length 0x18) { return NT_STATUS_INVALID_PARAMETER; @@ -381,20 +382,25 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx, return status; } - if (in_num_dialects != conn-smb2.client.num_dialects) { + /* +* From: [MS-SMB2] +* 3.3.5.15.12 Handling a Validate Negotiate Info Request +* +* The server MUST determine the greatest common dialect +* between the dialects it implements and the Dialects array +* of the VALIDATE_NEGOTIATE_INFO request. If no dialect is +* matched, or if the value is not equal to Connection.Dialect, +* the server MUST terminate the transport connection +* and free the Connection object. +*/ + protocol = smbd_smb2_protocol_dialect_match(in_input-data + 0x18, + in_num_dialects, + dialect); + if (conn-protocol != protocol) { *disconnect = true; return NT_STATUS_ACCESS_DENIED; } - for (i=0; i in_num_dialects; i++) { - uint16_t v = SVAL(in_input-data, 0x18 + i*2); - - if (conn-smb2.client.dialects[i] != v) { - *disconnect = true; - return NT_STATUS_ACCESS_DENIED; - } - } - if (!GUID_equal(in_guid, conn-smb2.client.guid)) { *disconnect = true; return NT_STATUS_ACCESS_DENIED; diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 6643464..5fa1fbb 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -82,61 +82,12 @@ void
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8935242 Add protocol version to smbstatus output from b328bb0 s4-torture: add print_test_purge http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8935242489fdcc17b20b3cd54f96ba6de5870230 Author: Mathias Dietz mdi...@de.ibm.com Date: Wed Mar 5 16:26:20 2014 +0100 Add protocol version to smbstatus output Signed-off-by: Mathias Dietz mdi...@de.ibm.com Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu May 22 18:37:27 CEST 2014 on sn-devel-104 --- Summary of changes: source3/include/session.h |1 + source3/lib/sessionid_tdb.c | 28 source3/utils/status.c |8 3 files changed, 33 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/session.h b/source3/include/session.h index 2aca1df..ba96ae3 100644 --- a/source3/include/session.h +++ b/source3/include/session.h @@ -38,5 +38,6 @@ struct sessionid { struct server_id pid; fstring ip_addr_str; time_t connect_start; + fstring protocol_ver; }; diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c index 7a19611..fd6cf75 100644 --- a/source3/lib/sessionid_tdb.c +++ b/source3/lib/sessionid_tdb.c @@ -45,6 +45,34 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global, .pid = global-channels[0].server_id, }; + switch(global-connection_dialect){ + case SMB2_DIALECT_REVISION_000: + fstrcpy(session.protocol_ver, NT1); + break; + case SMB2_DIALECT_REVISION_202: + fstrcpy(session.protocol_ver, SMB2_02); + break; + case SMB2_DIALECT_REVISION_210: + fstrcpy(session.protocol_ver, SMB2_10); + break; + case SMB2_DIALECT_REVISION_222: + fstrcpy(session.protocol_ver, SMB2_22); + break; + case SMB2_DIALECT_REVISION_224: + fstrcpy(session.protocol_ver, SMB2_24); + break; + case SMB3_DIALECT_REVISION_300: + fstrcpy(session.protocol_ver, SMB3_00); + break; + case SMB3_DIALECT_REVISION_302: + fstrcpy(session.protocol_ver, SMB3_02); + break; + default: + fstr_sprintf(session.protocol_ver, Unknown (0x%04x), +global-connection_dialect); + break; + } + if (session_info != NULL) { session.uid = session_info-unix_token-uid; session.gid = session_info-unix_token-gid; diff --git a/source3/utils/status.c b/source3/utils/status.c index 40d38c9..61a450e 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -303,10 +303,10 @@ static int traverse_sessionid(const char *key, struct sessionid *session, } } - d_printf(%-7s %-12s %-12s %-12s (%s)\n, + d_printf(%-7s %-12s %-12s %-12s (%s) %-12s\n, procid_str_static(session-pid), uid_str, gid_str, -session-remote_machine, session-hostname); +session-remote_machine, session-hostname, session-protocol_ver); return 0; } @@ -472,8 +472,8 @@ int main(int argc, const char *argv[]) if ( show_processes ) { d_printf(\nSamba version %s\n,samba_version_string()); - d_printf(PID Username Group Machine \n); - d_printf(---\n); + d_printf(PID Username Group Machine Protocol Version \n); + d_printf(--\n); sessionid_traverse_read(traverse_sessionid, NULL); -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.0 created
The annotated tag, tdb-1.3.0 has been created at 1c1507420c2f8b2d614c3f48876276713cf40d7b (tag) tagging 85fe2e8e3be15370f961561882518aedf137de5f (commit) replaces talloc-2.1.1 tagged by Stefan Metzmacher on Fri May 23 00:31:28 2014 +0200 - Log - tdb: tag release tdb-1.3.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJTfnrAAAoJEEeTkWETCEAlo5oH/2CluOJKFkdDyVdY4gBKjkzB dlFS8mjdcLqli5pVdt4xoVWO40Rsnm+qAeLCO5Ip0RQDDKNTBe9IH0KQXvwjjEks rc6Fv4xygOnEFBDp9eMO0xjbHoagOtTVhR0QBTgJw7xUHgw/ByMrVEI14/oYW0lS RsZfnMnZ/WKThPKBCy02En7TFRr/SfMKtk4TPReqYlvApx0uCg6VqvYVeZfOMynY SOttcZUh9tKMA31uhs3qz7G9n+7Vqrliy2u3qO4+/gywLg3BICxz2a2yzIkvvqZN Sgt1KWD9V6gUdqj5en2KXjuzb4f0gKEDLTWgeUzSltNjo41bxsEY+m9bg3ehWIA= =a9X1 -END PGP SIGNATURE- David Disseldorp (2): printing: fix purge of all print jobs s4-torture: add print_test_purge Günther Deschner (2): s4-torture: fix test_openprinter_wrap fake test result. s4-torture: fix some build warnings in rpc samr test. Kai Blin (2): bug #10609: CVE-2014-0239 Don't reply to replies provision: Correctly provision the SOA record minimum TTL Mathias Dietz (1): Add protocol version to smbstatus output Michael Adam (1): smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false Stefan Metzmacher (6): tdb/test: correctly use stderr, not stdout, in fail() tdb/test: add a skip() macro. wscript: set conf.env.replace_add_global_pthread = True libreplace: only add PTHREAD CFLAGS and LDFLAGS globally if asked for tdb: use asprintf() to simplify tdb_summary() tdb: introduce TDB_SUPPORTED_FEATURE_FLAGS Volker Lendecke (17): tdb/tools: add -l option to tdbbackup tdb/tools: add -l option to tdbtool tdb/tools: explicitly use TDB_NOLOCK in tdbdump tdb/test: add shutdown_agent() helper function tdb/test: add PING command to external-agent.c tdb/test: add UNMAP command to external-agent.c libreplace: Move thread checks from source3/wscript libreplace: Add support for pthread_mutexattr_setrobust libreplace: Add support for pthread_mutex_consistent libreplace-waf: Only check for _np functions if standard functions are not available libreplace: Define PTHREAD_MUTEX_ROBUST along with pthread_mutexattr_setrobust tdb: introduce tdb-hdr_ofs tdb: add TDB_MUTEX_LOCKING support tdb/test: add mutex related tests tdb/test: add marklock deadlock test tdb/tools: add -m option to tdbtorture tdb/tools: Allow tdbtool to r/o open mutexed tdbs --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.1 created
The annotated tag, talloc-2.1.1 has been created at afcd9d9e86b486985c4490f3a256de64cbff2b60 (tag) tagging b8e5b68de3cff8d16e4be07fdc2e780d2c3c5750 (commit) replaces ldb-1.1.17 tagged by Stefan Metzmacher on Tue May 20 14:35:02 2014 +0200 - Log - talloc: tag release talloc-2.1.1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJTe0v2AAoJEEeTkWETCEAl5LMH/Rh2oRTUqw3O8mq+W8M/2l+F 1ID884IL2gs5kBGIiB781sOHsOiQ6sCA3NZmdan7tAs1CfvAjYI3MySV1BQ/pVF+ AKqwLEUaqnIKd36/pyJziJHauZXKPv6a6jgpIDDVUKiTA4xjFQ1lzLcfGthhkV7Z 4yS2gpGcZH6hJUlh/RNhiC1kqS+rAfnmlC2q0w4nUXxiiJUwMWyYOQMFQZ6aU/wz Azr6EzNay03YAwTPEfHE7WMCPVCclHPyb2U2JFpvudupUJUIm31ChRG2Hf9l0RDv h1xTdGeZurZkX4VwNz0IfnxIZmQdIDH2/J6EsLH9dE3osJBRgfUHsSUeV5CxeDw= =L6ak -END PGP SIGNATURE- Alexander Bokovoy (1): wbclient: ensure response struct is initialized Alexander Werth (1): s3: Always cache idmapping results of pdb backend. Andreas Schneider (6): wafsamba: If perl can't provide defaults, define them. swrap: Do not leak memory in swrap_recvmsg_after(). swrap: Use the loaded libc open() directly. swrap: Fall back to RTLD_NEXT if we can't find libc. swrap: Update version to 1.0.2. nsswitch: Fix the check for the privileged pipe. Andrew Bartlett (24): dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion selftest: Add tests for dbcheck detection and removal of partial objects ldb: make the successful ldb_transaction_start() message clearer dsdb: Rename private_data to rootdse_private_data in rootdse dsdb: Do not permit nested event loops when in a transaction, use a nested event context lib/param: Make and use lpcfg_dump_a_service() in common lib/param: Make lpcfg_equal_parameter static (again) lib/param: Remove unused static variable defaults_saved param: Provide a talloc_stackframe() to external users of lp_set_cmdline() param: Use an explicit talloc_stackframe() in lp_do_parameter for clarity and certainty. param: Use an explicit talloc_stackframe() in lp_load_ex for clarity and certainty s4:nbt_server/wins: make use explicit use of the top level event context s4:irpc/tests: make use explicit use of the top level event context s4:auth_winbind: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc s4:service_task: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc s4:pyrpc: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc s4:irpc/tests: explicitly use dcerpc_binding_handle_set_sync_ev() s4:imessaging: Remove dcerpc_binding_handle_set_sync_ev() call from irpc_binding_handle() s4:imessaging: Remove event context from irpc and imessaging structures selftest: Run pdbtest under valgrind if specified auth: Allow auth_samba4 to be forced to run a specific auth module selftest: Test auth_wbc, the auth4 winbind and winbind_wbclient modules using pdbtest Björn Baumbach (2): samba-tool ldapcmp: fix a typo waf: fetch and use some exit codes of called processes Björn Jacke (2): add FSCTL_SET_ZERO_DATA fsctl define add FSCTL_SET_ZERO_ON_DEALLOCATION define Christof Schmitt (3): smbd: Fix compile warning in dmapi.c s3-krb5: Limit search for old kvno to 8bits smbd: Remove unused code for dos attributes in stat struct David Disseldorp (1): byteorder: do not assume PowerPC is big-endian Garming Sam (86): param: remove unnecessary temporary service in handle copy s3:loadparm: change memory allocations to use talloc param: remove string_init and inline it into string_set param: change the talloc context attached to globals structure in s3 loadparm to a pool s3:loadparm: fix intermediate string allocations to use talloc param: Add an lp_string_set function param: allow special functions to be common across the two loadparms param: attempt to consolidate handle_debug_level between the two loadparms param: change assignment of lp_string in s3_helpers to be consistent with the other functions param: attempt to consolidate handle_logfile between the two loadparms param: consolidate handle_realm between the two loadparms param: remove lp_string_is_valid_boolean param: use correct memory contexts for parametric options param: move set_param_opt to lib/param param: make lib/param copy_service use set_param_opt lib/param: remove duplicated copy service in lpcfg_add_a_service lib/param: remove some const warnings from using lists s3:param: attempt to fix up some const warnings
[SCM] build.samba.org - branch master updated
The branch, master has been updated via 10745f4 build_test.fns: use --with-perl-{lib,arch}-install-dir= for samba_4_* from 90b2a36 mark tdb2 as an old tree to delete http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master - Log - commit 10745f4381032a1a58fbee270b339432e8e2ad8e Author: Stefan Metzmacher me...@samba.org Date: Mon May 12 17:08:47 2014 +0200 build_test.fns: use --with-perl-{lib,arch}-install-dir= for samba_4_* Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: build_test.fns |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/build_test.fns b/build_test.fns index 1f00620..3d66fc5 100644 --- a/build_test.fns +++ b/build_test.fns @@ -752,6 +752,8 @@ test_tree() { ;; samba_4*) sw_config=$config --enable-selftest + sw_config=$sw_config --with-perl-lib-install-dir=$prefix/perl.lib + sw_config=$sw_config --with-perl-arch-install-dir=$prefix/perl.arch ;; samba_3*) sw_config=$config --enable-socket-wrapper -- build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e77cbe2 tdb: return ENOSYS if the tdb was created with spinlocks. via ff2b896 pytdb: avoid const warnings by using discard_const_p() via 74e2d6e s3:lib: always use db_open(serverid.tdb) from 360ca8e auth: avoid overwriting the auth_sam_reply.h header all the time. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e77cbe252f68880b940722ef1291802c4677a435 Author: Stefan Metzmacher me...@samba.org Date: Tue May 6 11:52:49 2014 +0200 tdb: return ENOSYS if the tdb was created with spinlocks. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon May 12 21:07:04 CEST 2014 on sn-devel-104 commit ff2b896edd9df9ce04e572e6bd569f51cc4b500e Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 3 11:29:38 2014 +0100 pytdb: avoid const warnings by using discard_const_p() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 74e2d6e786974e161949bf49a60404c358d1ecd7 Author: Stefan Metzmacher me...@samba.org Date: Mon May 12 10:21:12 2014 +0200 s3:lib: always use db_open(serverid.tdb) We should not create an empty local serverid.tdb in a cluster setup... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: lib/tdb/common/open.c |1 + lib/tdb/pytdb.c| 27 + source3/lib/serverid.c | 49 +-- 3 files changed, 33 insertions(+), 44 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c index 789bc73..d5c0432 100644 --- a/lib/tdb/common/open.c +++ b/lib/tdb/common/open.c @@ -392,6 +392,7 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td if (header.rwlocks != 0 header.rwlocks != TDB_HASH_RWLOCK_MAGIC) { TDB_LOG((tdb, TDB_DEBUG_ERROR, tdb_open_ex: spinlocks no longer supported\n)); + errno = ENOSYS; goto fail; } tdb-hash_size = header.hash_size; diff --git a/lib/tdb/pytdb.c b/lib/tdb/pytdb.c index bf0fed6..9320799 100644 --- a/lib/tdb/pytdb.c +++ b/lib/tdb/pytdb.c @@ -91,9 +91,10 @@ static PyObject *py_tdb_open(PyTypeObject *type, PyObject *args, PyObject *kwarg int hash_size = 0, tdb_flags = TDB_DEFAULT, flags = O_RDWR, mode = 0600; TDB_CONTEXT *ctx; PyTdbObject *ret; - const char *kwnames[] = { name, hash_size, tdb_flags, flags, mode, NULL }; + const char *_kwnames[] = { name, hash_size, tdb_flags, flags, mode, NULL }; + char **kwnames = discard_const_p(char *, _kwnames); - if (!PyArg_ParseTupleAndKeywords(args, kwargs, |s, (char **)kwnames, name, hash_size, tdb_flags, flags, mode)) + if (!PyArg_ParseTupleAndKeywords(args, kwargs, |s, kwnames, name, hash_size, tdb_flags, flags, mode)) return NULL; if (name == NULL) { @@ -548,13 +549,21 @@ static PyObject *obj_get_seqnum(PyTdbObject *self, void *closure) static PyGetSetDef tdb_object_getsetters[] = { - { (char *)hash_size, (getter)obj_get_hash_size, NULL, NULL }, - { (char *)map_size, (getter)obj_get_map_size, NULL, NULL }, - { (char *)freelist_size, (getter)obj_get_freelist_size, NULL, NULL }, - { (char *)flags, (getter)obj_get_flags, NULL, NULL }, - { (char *)max_dead, NULL, (setter)obj_set_max_dead, NULL }, - { (char *)filename, (getter)obj_get_filename, NULL, (char *)The filename of this TDB file.}, - { (char *)seqnum, (getter)obj_get_seqnum, NULL, NULL }, + { discard_const_p(char, hash_size), + (getter)obj_get_hash_size, NULL, NULL }, + { discard_const_p(char, map_size), + (getter)obj_get_map_size, NULL, NULL }, + { discard_const_p(char, freelist_size), + (getter)obj_get_freelist_size, NULL, NULL }, + { discard_const_p(char, flags), + (getter)obj_get_flags, NULL, NULL }, + { discard_const_p(char, max_dead), + NULL, (setter)obj_set_max_dead, NULL }, + { discard_const_p(char, filename), + (getter)obj_get_filename, NULL, + discard_const_p(char, The filename of this TDB file.) }, + { discard_const_p(char, seqnum), + (getter)obj_get_seqnum, NULL, NULL }, { NULL } }; diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c index 48b09f7..1a7e1ed 100644 --- a/source3/lib/serverid.c +++ b/source3/lib/serverid.c @@ -39,41 +39,6 @@ struct serverid_data { uint32_t msg_flags; }; -bool serverid_parent_init(TALLOC_CTX *mem_ctx
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c1507bc s4:imessaging: Remove event context from irpc and imessaging structures via 8413980 s4:imessaging: Remove dcerpc_binding_handle_set_sync_ev() call from irpc_binding_handle() via a20c7e6 s4:irpc/tests: explicitly use dcerpc_binding_handle_set_sync_ev() via 6cbf3ec s4:pyrpc: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc via ed48c70 s4:service_task: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc via 608d91e s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc via a2f3c35 s4:auth_winbind: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc via 7a34732 s4:irpc/tests: make use explicit use of the top level event context via 0927b0b s4:nbt_server/wins: make use explicit use of the top level event context from e77cbe2 tdb: return ENOSYS if the tdb was created with spinlocks. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c1507bc1014c199d3a11227d088762364de432cd Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:imessaging: Remove event context from irpc and imessaging structures The only part of this code with a stored event context is now the binding_handle created by irpc_binding_handle() when in the client dcerpc_binding_handle_set_sync_ev() is called, otherwise a new nested event context is created for sync calls. Note that the FD event associated with the socket still implies the long term event context passed to imessaging_[client]_init(). Andrew Bartlett Change-Id: I9aeae94b26e3736370f449daa96808e6cdc2d55d Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue May 13 02:33:24 CEST 2014 on sn-devel-104 commit 84139801cfc5a2a2fe4bb5fd950e5d7e7a0e7327 Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:imessaging: Remove dcerpc_binding_handle_set_sync_ev() call from irpc_binding_handle() The callers do this explicitly now if required. Change-Id: I0e6f562aac4e3c0a75149c5850eb9f96269a3caf Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a20c7e6adb43b494654e237709e9dc63446ac7b9 Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:irpc/tests: explicitly use dcerpc_binding_handle_set_sync_ev() This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: I17d530a1f338cfdbd2e4e755b6f01a44a3e7ba7a Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 6cbf3ecd6669f73d9a1b64118956b49439de74bc Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:pyrpc: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc This indicates that we may use nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: Id014dcc68699c86cb99015a91a6979e30795f727 Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit ed48c70b907a5411caf7f797e50c0a4c243ac328 Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:service_task: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: I7e147850566301a5ef2354b8615a044d121968b5 Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 608d91e300b86e01069461e2c2043e7e2e3791ed Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Change-Id: I4dcc7bf3c624612980e53b6119a60989fc2ea3b6 Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit a2f3c351fac93dfdf784f28a59c068db1bd64df5 Author: Andrew Bartlett abart...@samba.org Date: Mon May 5 16:27:59 2014 +1200 s4:auth_winbind: explicitly use dcerpc_binding_handle_set_sync_ev() for irpc This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4bc9bbe selftest: skip GETADDRINFO tests from 98750aa swrap: Update version to 1.0.2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4bc9bbef4a556a363e985d13e75fb62ed9e5cd03 Author: Stefan Metzmacher me...@samba.org Date: Fri May 9 16:49:52 2014 +0200 selftest: skip GETADDRINFO tests 'smbtorture3 //host/share -U% GETADDRINFO' can get into a 100% cpu loop, because it uses pthreads via fncall_context_init() and socket_wrapper doesn't support threads yet. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri May 9 19:28:13 CEST 2014 on sn-devel-104 --- Summary of changes: selftest/skip |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/skip b/selftest/skip index ed20649..a64a77b 100644 --- a/selftest/skip +++ b/selftest/skip @@ -108,3 +108,4 @@ bench # don't run benchmarks in our selftest ^samba4.blackbox.ktpass # this test isn't portable ... ^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use ^samba.tests.dcerpc.unix # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use +GETADDRINFO # socket wrapper doesn't support threads -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 401f555 dsdb: Do not permit nested event loops when in a transaction, use a nested event context via 543c5bf dsdb: Rename private_data to rootdse_private_data in rootdse from 8dc24d4 Minor typo fix in source3/wscript. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 401f555c28aee861385b75c371b5f44cded1d391 Author: Andrew Bartlett abart...@samba.org Date: Thu Apr 17 15:39:56 2014 +1200 dsdb: Do not permit nested event loops when in a transaction, use a nested event context It is never safe to execute arbitary code inside a transaction - we need to get in and get out, not run other events for the rest of the server. This patch avoids that by creating a private event loop during transactions, so no unexpected operations fire, and returning the original one when we finish it. If an event fires during an LDB transaction, an unrelated operation can occur during the transaction, and if the transaction were to be cancelled, there would be a silent rollback (despite the client having been indicated success). Additionally, other processes could be called via IRPC that need to operate on the database but are locked out due to the ongoing transaction. Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582 Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104 commit 543c5bf94187473271767ad782439abbfccda00d Author: Andrew Bartlett abart...@samba.org Date: Thu Apr 17 15:38:14 2014 +1200 dsdb: Rename private_data to rootdse_private_data in rootdse Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582 Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source4/dsdb/samdb/ldb_modules/rootdse.c | 109 -- 1 files changed, 88 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 7e1d277..b13dc9e 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -36,13 +36,16 @@ #include librpc/gen_ndr/ndr_irpc_c.h #include lib/tsocket/tsocket.h #include cldap_server/cldap_server.h +#include lib/events/events.h -struct private_data { +struct rootdse_private_data { unsigned int num_controls; char **controls; unsigned int num_partitions; struct ldb_dn **partitions; bool block_anonymous; + struct tevent_context *saved_ev; + struct tevent_context *private_ev; }; struct rootdse_context { @@ -227,7 +230,7 @@ static int dsdb_module_we_are_master(struct ldb_module *module, struct ldb_dn *d static int rootdse_add_dynamic(struct rootdse_context *ac, struct ldb_message *msg) { struct ldb_context *ldb; - struct private_data *priv = talloc_get_type(ldb_module_get_private(ac-module), struct private_data); + struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(ac-module), struct rootdse_private_data); const char * const *attrs = ac-req-op.search.attrs; char **server_sasl; const struct dsdb_schema *schema; @@ -654,7 +657,7 @@ static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) static int rootdse_filter_controls(struct ldb_module *module, struct ldb_request *req) { unsigned int i, j; - struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data); + struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(module), struct rootdse_private_data); bool is_untrusted; if (!req-controls) { @@ -717,7 +720,7 @@ static int rootdse_filter_controls(struct ldb_module *module, struct ldb_request static int rootdse_filter_operations(struct ldb_module *module, struct ldb_request *req) { struct auth_session_info *session_info; - struct private_data *priv = talloc_get_type(ldb_module_get_private(module), struct private_data); + struct rootdse_private_data *priv = talloc_get_type(ldb_module_get_private(module), struct rootdse_private_data); bool is_untrusted = ldb_req_is_untrusted(req); bool is_anonymous = true; if (is_untrusted == false) { @@ -855,7 +858,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) static int
[SCM] Samba Shared Repository - annotated tag ldb-1.1.17 created
The annotated tag, ldb-1.1.17 has been created at af55e7a64ee0a26b3073a66ba799572984e55351 (tag) tagging 7f03a94ffa3752ccdb28cc50033b4e2a26e2b3f2 (commit) replaces tdb-1.2.13 tagged by Stefan Metzmacher on Mon May 5 10:00:54 2014 +0200 - Log - ldb: tag release ldb-1.1.17 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJTZ0U2AAoJEEeTkWETCEAlY9wIAK3MBWTF5c1zr1ANEAsD9ztF Z319fO6f0v963UPLgw19yrhKnF5vkTJxaG4dTloKH1/cJ66FQCtEdlrITETuCKWl DhTgyD2gGsYXx7J3t2O0UIILwAZ7QD27wbA9Wm2TMY/TJf9Amv+0uow2W7o9HQzk jNuAHhernZ1kjKKow3+rzOfR1Sbqkaq1nFgvTNigTXphuYV16GHtjyCOfxq4pIen YpYH7KdNYw1ASvBDXFCOqRaDhSvLjiZBFMmkf5b4hAIiDPdpG8bOPolvrhGPqQN6 bQSaxjWEFAh0hidU4UMOuvB8qkUX6zOLnum7pnnWNZs6bknAhy0bWH/4yUZAvHE= =iZTR -END PGP SIGNATURE- Alexander Bokovoy (6): lsa.idl: define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs add systemd integration smbd: use exit_daemon() to support reporting to systemd from smbd nmbd: use exit_daemon() to report status to systemd winbindd: use exit_daemon() to pass startup status to systemd ad-dc: use exit_daemon() to communicate status of startup to systemd Alexander Werth (2): vfs: Support NFS control flags in nfs4_acls.c. vfs: Store ACL control flags in gpfs vfs module. Amitay Isaacs (21): ctdb-locking: Avoid memory leak ctdb-locking: Check for talloc_memdup error ctdb-locking: Instead of comparing key, compare key hash ctdb-client: ctdb_fetch_lock should check for readonly delegations ctdb-tests: Use ctdb_fetch_lock instead of ctdb_fetch_lock_readonly ctdb-tests: Do not mix bool and int data types ctdb-readonly: Do not use hard-coded value for readonly revoke timeout ctdb-daemon: Always update database priority cluster wide ctdb-daemon: Add control CTDB_CONTROL_DB_DETACH ctdb-client: Add client code to detach a database ctdb-tools/ctdb: Add ctdb detach command to detach databases ctdb-doc: Add ctdb detach and update ctdb attach ctdb-doc: Remove commands that have been deleted ctdb-tests: Add a simple test for ctdb detach ctdb-daemon: Do not allow database detach if AllowClientDBAttach=1 ctdb-tools/ctdb: Detach databases only if all nodes disallow client access ctdb-daemon: Talloc tdb_wrap off ctdb_db_context ctdb-client: Talloc tdb_wrap off ctdb_db_context ctdb-tools/ctdb: Unlock records before closing tdb database ctdb-tests: Add test for re-attaching detached database ctdb-recoverd: Detach database from recovery daemon Andreas Schneider (48): s3-rpc_server: Fix handling of fragmented rpc requests. s3-nmbd: Align debug level for the same information. s3-smbd: Align debug level for the same information. selftest: Add a bash env file you can source. wafsamba: Add set_target to CHECK_BUNDLED_SYSTEM. replace: Add uid_wrapper_enabled(). lib: Change uid_wrapper to preloadable version. Remove uid_wrapper related code. selftest: Pass uid_wrapper library to selftest and preload it. selftest: Enable uid_wrapper globally. selftest: Call smbpasswd as root. testprogs: Fix tests calling smbpasswd. s3-utils: Do not disable the root check in smbpasswd. s4-ntfs: Improve uid check in wrapper mode. libwbclient: Handle uid_wrapper for pipe access. s3-lib: Add root_mode() which can deal with uid_wrapper. s3: Use root_mode() to get uid_wrapper working correctly. lib: Add missing include for unistd.h in setid. lib: Add missing include for unistd.h in unix_privs. replace: Add nss_wrapper_enabled(). replace: Add nss_wrapper_hosts_enabled(). s4-torture: Remove nss_wrapper testsuite. Remove special nss_wrapper code lib: Change nss_wrapper to preloadable version. selftest: Preload nss_wrapper selftest: Add the user running the test to passwd. selftest: Set NSS_WRAPPER_MODULE variables for NSS module. selftest: Write the nss_wrapper hosts file. wbclient: Check with nss_wrapper_enabled(). selftest: Rename WINBINDD_SOCKET_DIR environment variable. s3-libads: Use ldap_initialize() if available. ldb: Add a env variable to disable RTLD_DEEPBIND. selftest: Disable loading ldb modules with RTLD_DEEPBIND. s4-torture: Remove socket_wrapper testsuite. replace: Add socket_wrapper_enabled(). Remove special socket_wrapper code. lib: Change socket_wrapper to preloadable version. selftest: Preload socket_wrapper. dns.py: Use the python socket module. lib: Remove socket wrapper python module. s3-rpc_server: Return the status code from gensec. s3-rpc_server: Call pipe_auth_verify_final() if needed. gensec: add DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a3df827 Announce SambaXP 2014 from 95ca551 Announce Samba 4.1.7. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a3df8277bddcaf74efc3ddd70ff2c4a86a2a56e5 Author: Stefan Metzmacher me...@samba.org Date: Mon May 5 12:28:48 2014 +0200 Announce SambaXP 2014 metze --- Summary of changes: generated_news/latest_10_bodies.html| 23 ++- generated_news/latest_10_headlines.html |4 ++-- generated_news/latest_2_bodies.html | 22 ++ 3 files changed, 22 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index b7692de..92273cc 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,13 @@ + h5a name=sambaxp201405 May 2014/a/h5 + p class=headlineSambaXP 2014: conference schedule is online!/p + +pFrom May 13th to 16th 2014 developers and users will meet again in +Goettingen, Germany at the 13th international SAMBA conference, the +samba eXPerience 2014./p +pThe conference schedule is online now. +Please find all necessary information at the +a href=http://sambaXP.org;conference website/a./p + h5a name=4.1.717 April 2014/a/h5 p class=headlineSamba 4.1.7 Available for Download/p pThis is the latest stable release of the Samba 4.1 series./p @@ -133,16 +143,3 @@ patch against Samba 4.0.13/a is also available. See lia href=http://samba.org/samba/ftp/stable/samba-3.6.22.tar.gz;download Samba 3.6.22/a./li /p - - - h5a name=3.6.2129 November 2013/a/h5 - p class=headlineSamba 3.6.21 Available for Download/p - pThis is the latest stable release of the Samba 3.6 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.6.21.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.20-3.6.21.diffs.gz; -patch against Samba 3.6.20/a is also available. See -a href=http://samba.org/samba/history/samba-3.6.21.html; the release notes - for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index c89f8ad..9764405 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 05 May 2014a href=#sambaxp2014SambaXP 2014: conference schedule is online!/a/li + li 17 April 2014 a href=#4.1.7Samba 4.1.7 Available for Download/a/li li 15 April 2014 a href=#4.0.17Samba 4.0.17 Available for Download/a/li @@ -20,6 +22,4 @@ li 09 December 2013 a href=#4.1.3Samba 4.1.3, 4.0.13 and 3.6.22 Security Releases Available for Download (CVE-2013-4408 and CVE-2012-6150)/a/li - - li 29 November 2013 a href=#3.6.21Samba 3.6.21 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index c665684..6e855e8 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,13 @@ + h5a name=sambaxp201405 May 2014/a/h5 + p class=headlineSambaXP 2014: conference schedule is online!/p + +pFrom May 13th to 16th 2014 developers and users will meet again in +Goettingen, Germany at the 13th international SAMBA conference, the +samba eXPerience 2014./p +pThe conference schedule is online now. +Please find all necessary information at the +a href=http://sambaXP.org;conference website/a./p + h5a name=4.1.717 April 2014/a/h5 p class=headlineSamba 4.1.7 Available for Download/p pThis is the latest stable release of the Samba 4.1 series./p @@ -10,15 +20,3 @@ patch against Samba 4.1.6/a is also available. See a href=http://samba.org/samba/history/samba-4.1.7.html; the release notes for more info/a./p - - h5a name=4.0.1715 April 2014/a/h5 - p class=headlineSamba 4.0.17 Available for Download/p - pThis is the latest stable release of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-4.0.17.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.16-4.0.17.diffs.gz; -patch against Samba 4.0.16/a is also available. See -a href=http://samba.org/samba/history/samba-4.0.17.html; the release notes - for more info/a./p -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d50c007 s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct(). via 76a89a3 s3-rpc_server: Remove ncalrpc_as_system from pipes_struct. via 6ede575 s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM. via 000168b s3-rpc_server: Add special tsocket address for ncalrpc_as_system. via 6a5cd18 s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM. via 8729d99 s3-auth: Register ncalrpc_as_system gensec module. via 788f72f gensec: add DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM backend via 1f4c20f s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensec via 06922f9 s3-rpc_server: Call pipe_auth_verify_final() if needed. via bfdd22b s3-rpc_server: Return the status code from gensec. via 2c5ed10 s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULL via 5d3bb56 s3:rpc_server: make sure we have a unix token via 054ef13 s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_final via 2ed1789 s3:rpc_client: pass everything to gensec by default via fc59cc3 auth/gensec: use auth_ctx-generate_session_info() for schannel via 169c6d4 s3:auth: allow special SYSTEM and ANONYMOUS handling in auth3_generate_session_info() from ea27382 s3: torture - Fix racy assumption in original messaging test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d50c0077deefbb32af1a15205b32d928807d86a3 Author: Andreas Schneider a...@samba.org Date: Thu Apr 17 14:25:48 2014 +0200 s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104 commit 76a89a38fe5b2062e49779518ab0c9d0e1240403 Author: Andreas Schneider a...@samba.org Date: Thu Apr 17 14:22:17 2014 +0200 s3-rpc_server: Remove ncalrpc_as_system from pipes_struct. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6ede575fc40b3157385076e09379d4e0a8830acd Author: Andreas Schneider a...@samba.org Date: Thu Apr 17 13:46:07 2014 +0200 s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 000168b002c4687c4c742847b263be1d31cb4d11 Author: Andreas Schneider a...@samba.org Date: Thu Apr 17 11:00:54 2014 +0200 s3-rpc_server: Add special tsocket address for ncalrpc_as_system. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6a5cd1857f6f237f27cec116a041989fb0ddea2c Author: Stefan Metzmacher me...@samba.org Date: Wed Apr 23 14:45:45 2014 +0200 s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 8729d990a32aa2bd59ef176e33ce3966c0f98f9f Author: Andreas Schneider a...@samba.org Date: Thu Apr 17 12:02:45 2014 +0200 s3-auth: Register ncalrpc_as_system gensec module. Signed-off-by: Andreas Schneider a...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 788f72f8ebf8e300237cae3c4863586e38301a62 Author: Andreas Schneider a...@samba.org Date: Wed Apr 16 15:21:40 2014 +0200 gensec: add DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM backend Signed-off-by: Andreas Schneider a...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 1f4c20f2c3506390834552d0102083d2b5b61f48 Author: Stefan Metzmacher me...@samba.org Date: Wed Apr 23 13:07:15 2014 +0200 s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensec Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 06922f92e4ce885947000651491c17a0fea14294 Author: Andreas Schneider a...@samba.org Date: Wed Apr 23 10:42:12 2014 +0200 s3-rpc_server: Call pipe_auth_verify_final() if needed. Signed-off-by: Andreas Schneider a...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit bfdd22b3166377200f5395ef7384908d49d81ef1 Author: Andreas Schneider a...@samba.org Date: Wed Apr 23 10:40:27 2014 +0200 s3-rpc_server: Return the status code from gensec. We need to know the difference between NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED. Signed-off-by: Andreas Schneider a...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 2c5ed102b7dfa9a53ece24d048f71fd5e3d59ae7 Author: Stefan Metzmacher me...@samba.org Date: Wed Apr 23 13:02:35 2014 +0200 s3:rpc_server: let
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a0d314d lib: Remove socket wrapper python module. via d1ee35d dns.py: Use the python socket module. via 0ed826d selftest: Preload socket_wrapper. via 0028819 lib: Change socket_wrapper to preloadable version. via d407446 Remove special socket_wrapper code. via a9c1d5b replace: Add socket_wrapper_enabled(). via 5de011b s4-torture: Remove socket_wrapper testsuite. via 5d7609c selftest: Disable loading ldb modules with RTLD_DEEPBIND. via 11e87cd ldb: Add a env variable to disable RTLD_DEEPBIND. via 4dca841 s3-libads: Use ldap_initialize() if available. via 2522bb8 selftest: Rename WINBINDD_SOCKET_DIR environment variable. via c29fb2e wbclient: Check with nss_wrapper_enabled(). via 354744f selftest: Write the nss_wrapper hosts file. via 3381784 selftest: Set NSS_WRAPPER_MODULE variables for NSS module. via a573441 selftest: Add the user running the test to passwd. via d24a154 selftest: Preload nss_wrapper via 5bb410f lib: Change nss_wrapper to preloadable version. via b2163f2 Remove special nss_wrapper code via f95e868 s4-torture: Remove nss_wrapper testsuite. via 115a80d replace: Add nss_wrapper_hosts_enabled(). via 30860e0 replace: Add nss_wrapper_enabled(). via 1a46269 lib: Add missing include for unistd.h in unix_privs. via 68c450a lib: Add missing include for unistd.h in setid. via 6118c2e s3: Use root_mode() to get uid_wrapper working correctly. via 15feb84 s3-lib: Add root_mode() which can deal with uid_wrapper. via 486fa4a libwbclient: Handle uid_wrapper for pipe access. via 28b87dd s4-ntfs: Improve uid check in wrapper mode. via d2a7ce9 s3-utils: Do not disable the root check in smbpasswd. via 363f76c testprogs: Fix tests calling smbpasswd. via 77b7dfd selftest: Call smbpasswd as root. via d1c53eb selftest: Enable uid_wrapper globally. via 9feeeb3 selftest: Pass uid_wrapper library to selftest and preload it. via 751b2b2 Remove uid_wrapper related code. via 6d23354 lib: Change uid_wrapper to preloadable version. via f318a44 replace: Add uid_wrapper_enabled(). via ad3a431 wafsamba: Add set_target to CHECK_BUNDLED_SYSTEM. via c6a8edb selftest: Add a bash env file you can source. from 5adacb4 s3: use smb_xmemdup instead of smb_memdup and smb_panic http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a0d314dfcee650ac62adf9aae22b04c52663d81e Author: Andreas Schneider a...@samba.org Date: Thu Feb 13 15:55:30 2014 +0100 lib: Remove socket wrapper python module. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Apr 17 17:12:50 CEST 2014 on sn-devel-104 commit d1ee35dc3623ef6e2a7a7c38e1653b85f50e6ba3 Author: Andreas Schneider a...@samba.org Date: Fri Jul 5 12:07:49 2013 +0200 dns.py: Use the python socket module. We preload socket_wrapper, no need to use the special module. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 0ed826d5087f05993f74cfa280bf1abed14ab161 Author: Andreas Schneider a...@samba.org Date: Thu Feb 13 15:49:27 2014 +0100 selftest: Preload socket_wrapper. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 00288191bf343a9382ac49ccf4c86b3bde86e2f8 Author: Andreas Schneider a...@samba.org Date: Mon Apr 7 16:12:21 2014 +0200 lib: Change socket_wrapper to preloadable version. This imports socket_wrapper 1.0.1. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d407446ddc3dfa02c56e517d87238444f1c9b51b Author: Andreas Schneider a...@samba.org Date: Mon Apr 7 16:09:00 2014 +0200 Remove special socket_wrapper code. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a9c1d5bd636c5d87a0e165361038671cead58550 Author: Andreas Schneider a...@samba.org Date: Wed Feb 12 16:24:26 2014 +0100 replace: Add socket_wrapper_enabled(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5de011be3f0ebb527678d681573f4def8335f6d4 Author: Andreas Schneider a...@samba.org Date: Wed Jul 3 14:17:00 2013 +0200 s4-torture: Remove socket_wrapper testsuite. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5d7609cd789ceac98f1543d22c40201dde71f7a1 Author: Andreas Schneider a...@samba.org Date: Tue
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a56c35a s3:smbd: always allow SMB1 signing, but only announce it if configured. via 6d6bd96 libcli/smb: add smb_signing_is_desired() from d7ce127 auth: Remove support for HAVE_TRUNCATED_SALT from pass_check.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a56c35a4deec9745ff27a66ddc85db48c5dfaf97 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 15 10:08:12 2014 +0200 s3:smbd: always allow SMB1 signing, but only announce it if configured. Always allow the client to turn on SMB1 signing using FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Apr 16 10:07:56 CEST 2014 on sn-devel-104 commit 6d6bd9612c758906f575aa8269adc672c5976f4a Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 15 10:03:10 2014 +0200 libcli/smb: add smb_signing_is_desired() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: libcli/smb/smb_signing.c |5 + libcli/smb/smb_signing.h |1 + source3/smbd/negprot.c |6 +++--- source3/smbd/signing.c |7 +-- 4 files changed, 14 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c index fa61aa8..e128e8f 100644 --- a/libcli/smb/smb_signing.c +++ b/libcli/smb/smb_signing.c @@ -407,6 +407,11 @@ bool smb_signing_is_allowed(struct smb_signing_state *si) return si-allowed; } +bool smb_signing_is_desired(struct smb_signing_state *si) +{ + return si-desired; +} + bool smb_signing_is_mandatory(struct smb_signing_state *si) { return si-mandatory; diff --git a/libcli/smb/smb_signing.h b/libcli/smb/smb_signing.h index 7427ada..7d9e8ad 100644 --- a/libcli/smb/smb_signing.h +++ b/libcli/smb/smb_signing.h @@ -47,6 +47,7 @@ bool smb_signing_activate(struct smb_signing_state *si, const DATA_BLOB response); bool smb_signing_is_active(struct smb_signing_state *si); bool smb_signing_is_allowed(struct smb_signing_state *si); +bool smb_signing_is_desired(struct smb_signing_state *si); bool smb_signing_is_mandatory(struct smb_signing_state *si); bool smb_signing_set_negotiated(struct smb_signing_state *si, bool allowed, bool mandatory); diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index f470d0b..4cd12d8 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -250,7 +250,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) struct timespec ts; ssize_t ret; struct smbd_server_connection *sconn = req-sconn; - bool signing_enabled = false; + bool signing_desired = false; bool signing_required = false; sconn-smb1.negprot.encrypted_passwords = lp_encrypt_passwords(); @@ -313,10 +313,10 @@ static void reply_nt1(struct smb_request *req, uint16 choice) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } - signing_enabled = smb_signing_is_allowed(req-sconn-smb1.signing_state); + signing_desired = smb_signing_is_desired(req-sconn-smb1.signing_state); signing_required = smb_signing_is_mandatory(req-sconn-smb1.signing_state); - if (signing_enabled) { + if (signing_desired) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; /* No raw mode with smb signing. */ capabilities = ~CAP_RAW_MODE; diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c index 295c9f1..b7683cd 100644 --- a/source3/smbd/signing.c +++ b/source3/smbd/signing.c @@ -169,7 +169,7 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr) bool srv_init_signing(struct smbd_server_connection *conn) { - bool allowed; + bool allowed = true; bool desired; bool mandatory = false; @@ -186,9 +186,12 @@ bool srv_init_signing(struct smbd_server_connection *conn) * This matches Windows behavior and is needed * because not every client that requires signing * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. +* +* Note that we'll always allow signing if the client +* does send FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. */ - allowed = desired = lpcfg_server_signing_allowed(lp_ctx, mandatory); + desired = lpcfg_server_signing_allowed(lp_ctx, mandatory); talloc_unlink(conn, lp_ctx); if (lp_async_smb_echo_handler()) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
rpc.samr.passwords.lockout from 1dba07d dlinklist: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 85f57ebda360092efd5d71744d018c4cadd6d86b Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 31 16:57:10 2013 +1300 torture-samr: Add testing of account lockout and password change behaviour This is the regression test to avoid a repeat of CVE-2013-4496 This includes confirming that badPwdCount is updated on login, not just on first failure However the badPwdCount is not updated if the account is disabled Note: that samr_QueryUserInfo return the effective bad_password_count in level 5, 16 and 21, while it returns the raw value in level 3. (Sadly the s3 code does not do this correctly, so a knownfail is added) Change-Id: I4fd8ac5c3b1357e7a98386756dac2a43eb778ecf Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Apr 2 19:30:59 CEST 2014 on sn-devel-104 commit 311de5fb4ae46536eb43178f4102728855625e20 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 11:43:41 2013 +1300 selftest: Run rpc.samr.passwords.badpwdcount against s3dc Change-Id: I9529def954521bf8ab05212759a2ef6bbe9913f8 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6a4bedd36ad9877f35489ffa28eb38a458d4f01b Author: Andrew Bartlett abart...@samba.org Date: Sun Mar 16 21:14:51 2014 +1300 torture-samr: Add test for lockout with and without a password history Change-Id: I6f4b3e92feabe4ff09839329b0db3d33cc6c73b4 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 3c731783e0e9ee4a7b4b9289544d4d8a465940b9 Author: Andrew Bartlett abart...@samba.org Date: Mon Dec 9 14:25:06 2013 +1300 torture-samr: Improve rpc.samr.passwords.badpwdcount test Change-Id: I89ac30d715e89f14aca049e0e5c5043a39ab93c7 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit e266f610dbd421107c8a06e3ee07354456b9f521 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 25 10:03:05 2013 +1300 selftest: Add test for password lockout Change-Id: Ia690b83f82b5ad7b02b203ffdecd2e05066b6711 Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 05c2f83f266db208982858067680f888e637378b Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 26 11:32:05 2014 +1300 dsdb: Allow SAMR server to return the computed, not actual badPwdCount This matters after the lockout observation period has expired. Note: that QueryUserInfo level 3 returns the raw badPwdCount value. Andrew Bartlett Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6ac62b30007d5b5870443f392d41f7ebfe52a5c3 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 25 07:12:04 2014 +0100 s4:rpc_server/samr: passdown unmodified acct_flags to the ldb layer. The samldb module will handle the verification and magic. Change-Id: If38e0ed229b98eac4db9b39988de4a25f9a352f2 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 50b9748fc5c0d49ab0720b0ddfb59fdb88c186bd Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 25 07:10:02 2014 +0100 s4:dsdb/samldb: rework samldb_user_account_control_change() - Removing ACB_AUTOLOCK/UF_LOCKOUT from the effective userAccountControl flags (combined with msDS-User-Account-Control-Computed) results in lockoutTime=0 (implying badPadCount=0). - We also do more validation of the account type flags now. Change-Id: If7f224cf60920037a0ae19a10d116ac265771a4c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 1 13:21:35 2014 +0200 libds: add UF_PARTIAL_SECRETS_ACCOUNT to UF_ACCOUNT_TYPE_MASK Change-Id: Ie26520c37c393ab4d2e3c5782e3dca46d4d1f83c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 245d0f1b3dd844c680bfa9b1d9e56d26305e6bae Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 1 10:54:27 2014 +0200 s4:dsdb/samldb: remove fantasy code from samldb_user_account_control_change() Setting UF_PASSWORD_EXPIRED doesn't reset pwdLastSet to 0! Change-Id: I9e004195ad864b8b3fe036986b1087398d1f6fc5 Signed-off-by: Stefan Metzmacher me...@samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 32b35b8 script to generate content for libcli/util/nterr.c libcli/util/ntstatus.h via e9522b5 Add error codes and message descriptions for NTSTATUS via 983fc4e Use correct error code value for NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE via 4f9dd94 script to generate libcli/util/hresult.c libcli/util/hresult.h via 57a4319 Allow FSRVP access generic HRESULT error message descriptions via 027afd1 Add autogenerated HRESULT error codes and descriptions from MS_ERREF from 85f57eb torture-samr: Add testing of account lockout and password change behaviour http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 32b35b8d92075dc25f2e29be5a10648e2e5cbda6 Author: Noel Power noel.po...@suse.com Date: Mon Mar 24 20:35:50 2014 + script to generate content for libcli/util/nterr.c libcli/util/ntstatus.h A ropey script to generate some missing NT_STATUS error codes and and descriptions. The script generates ntstatus.c ntstatus.h whose contents are used to extend the existing contents of libcli/util/nterr.c libcli/util/ntstatus.h Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Apr 2 22:40:06 CEST 2014 on sn-devel-104 commit e9522b5ee342f07b1435f7a0a82eaff297970237 Author: Noel Power noel.po...@suse.com Date: Mon Mar 24 17:19:54 2014 + Add error codes and message descriptions for NTSTATUS Error codes and descriptions were autogenerated from [MS-ERREF] see http://msdn.microsoft.com/en-us/library/cc704588.aspx Additionally some missing error descriptions for existing errors were identified and generated. Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 983fc4e4a41bfce79acc997c63b7fa832f7b5d0b Author: Noel Power noel.po...@suse.com Date: Mon Mar 24 19:19:42 2014 + Use correct error code value for NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 4f9dd94819b5cebe53bbc34d69df408f2eb1e800 Author: Noel Power noel.po...@suse.com Date: Mon Mar 24 15:02:45 2014 + script to generate libcli/util/hresult.c libcli/util/hresult.h This hacky script was used to generate the contents of libcli/util/hresult.c libcli/util/hresult.h. It expects the table contents of http://msdn.microsoft.com/en-us/library/cc704587.aspx cut'n'pasted into the text file specified as it's single required input param Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 57a4319baaee011f2604eadeac655ff1c84d4312 Author: Noel Power noel.po...@suse.com Date: Mon Mar 24 11:52:48 2014 + Allow FSRVP access generic HRESULT error message descriptions FSRVP can possibly return any HRESULT error in addition to it's own specific errors. This change searches the HRESULT errors for a description if the error doesn't match any of the known FSRVP ones. Also removed some errors defined in fsrvp.idl (now that they are defined in hresult.h) Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 027afd11ca404f24726013d0f9805f42b14e59d7 Author: Noel Power noel.po...@suse.com Date: Mon Mar 10 11:00:38 2014 + Add autogenerated HRESULT error codes and descriptions from MS_ERREF error codes string descriptions are generated from http://msdn.microsoft.com/en-us/library/cc704587.aspx, additionally there is a function to return the error description from the error code, this function will also try to determine the error description associated with a W_ERROR code translated as a HRESULT. Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: libcli/util/hresult.c |11759 + libcli/util/hresult.h | 2980 + libcli/util/nterr.c | 2975 + libcli/util/ntstatus.h| 1265 - libcli/util/wscript_build |4 +- librpc/idl/fsrvp.idl |6 - source3/rpcclient/cmd_fss.c |8 + source4/scripting/bin/gen_hresult.py
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a2c3479 Revert s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600 from 0dd648a s4:librpc/rpc: remember ncalrpc_dir on the dcerpc_pipe-binding http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a2c34798782a1e4783c258d4e1950a2150d70e18 Author: Stefan Metzmacher me...@samba.org Date: Fri Mar 28 10:24:56 2014 +0100 Revert s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600 This reverts commit 05c1fe50556e2330e23b7efb38e653428b9bdadf. This was discussed here: https://bugzilla.samba.org/show_bug.cgi?id=10392#c11 This generated warnings like: invalid permissions on file '/memdisk/metze/W/b138235/samba/bin/ab/promoted_dc/private/tls/key.pem': has 0600 should be 0400'. I think we need a better way. Maybe file_check_permissions() should get allow_perms and deny_perms. And we would call it with allow_perms = 0400 and deny_perms = 0177. And bits in none of them are ignored. For now we revert this and wait for a better fix. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Mar 28 12:37:17 CET 2014 on sn-devel-104 --- Summary of changes: source4/lib/tls/tls_tstream.c |5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c index d67f2d9..2cb75ed 100644 --- a/source4/lib/tls/tls_tstream.c +++ b/source4/lib/tls/tls_tstream.c @@ -1113,17 +1113,16 @@ NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx, } if (file_exist(key_file) - !file_check_permissions(key_file, geteuid(), 0400, st) !file_check_permissions(key_file, geteuid(), 0600, st)) { DEBUG(0, (Invalid permissions on TLS private key file '%s':\n - owner uid %u should be %u, mode %04o should be %04o or %04o\n + owner uid %u should be %u, mode 0%o should be 0%o\n This is known as CVE-2013-4476.\n Removing all tls .pem files will cause an auto-regeneration with the correct permissions.\n, key_file, (unsigned int)st.st_uid, geteuid(), - (unsigned int)(st.st_mode 0777), 0400, 0600)); + (unsigned int)(st.st_mode 0777), 0600)); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via efad13a build: Exclude source4/selftest/provisions/release-4-1-0rc3 from the tarball via f596dc9 dbcheck: Ensure dbcheck can operate with --attrs set from 5277fc4 s3-rpc_server: Fix handling of fragmented rpc requests. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit efad13addca918e18e3df341cc38405a93028940 Author: Andrew Bartlett abart...@samba.org Date: Mon Mar 3 14:26:36 2014 +1300 build: Exclude source4/selftest/provisions/release-4-1-0rc3 from the tarball Change-Id: Id4ddaabb91363174d2fbef09e823f53b13912a51 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Mar 21 10:06:04 CET 2014 on sn-devel-104 commit f596dc94e1ab839f13e2a9edbcec774635b5c211 Author: Andrew Bartlett abart...@samba.org Date: Thu Feb 27 15:17:35 2014 +1300 dbcheck: Ensure dbcheck can operate with --attrs set This also includes a test to ensure we do not regress on this point. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: python/samba/dbchecker.py |2 +- testprogs/blackbox/dbcheck.sh |5 + wscript |2 +- 3 files changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 4281e6b..e6f26c3 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -1142,7 +1142,7 @@ newSuperior: %s % (str(from_dn), str(to_rdn), str(to_base))) self.fix_metadata(dn, att) if self.is_fsmo_role(dn): -if fSMORoleOwner not in obj: +if fSMORoleOwner not in obj and (* in attrs or fsmoroleowner in map(str.lower, attrs)): self.err_no_fsmoRoleOwner(obj) error_count += 1 diff --git a/testprogs/blackbox/dbcheck.sh b/testprogs/blackbox/dbcheck.sh index c1e8aaf..66628b0 100755 --- a/testprogs/blackbox/dbcheck.sh +++ b/testprogs/blackbox/dbcheck.sh @@ -26,12 +26,17 @@ reindex() { $BINDIR/samba-tool dbcheck --reindex } +fixed_attrs() { + $BINDIR/samba-tool dbcheck --attrs=cn +} + force_modules() { $BINDIR/samba-tool dbcheck --force-modules } testit dbcheck dbcheck testit reindex reindex +testit fixed_attrs fixed_attrs testit force_modules force_modules exit $failed diff --git a/wscript b/wscript index 26431a4..5007834 100644 --- a/wscript +++ b/wscript @@ -12,7 +12,7 @@ import wafsamba, Options, samba_dist, Scripting, Utils, samba_version samba_dist.DIST_DIRS('.') -samba_dist.DIST_BLACKLIST('.gitignore .bzrignore source4/selftest/provisions/alpha13 source4/selftest/provisions/release-4-0-0/') +samba_dist.DIST_BLACKLIST('.gitignore .bzrignore source4/selftest/provisions/alpha13 source4/selftest/provisions/release-4-0-0/ source4/selftest/provisions/release-4-1-0rc3/') # install in /usr/local/samba by default Options.default_prefix = '/usr/local/samba' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d783697 wintest: Try harder to make wintest force the telnet server to start via 7db0def ldapsrv: Pass struct ldb_result * rather than void * from 1b7f387 docs: Add gpfs:recalls parameter to vfs_gpfs manpage http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d78369789afa178b4fc64dec3e32f72cb2eb0483 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 30 10:21:00 2013 +1300 wintest: Try harder to make wintest force the telnet server to start We try and force the server to start, and we try to force the TelnetClients group to exist Change-Id: I192f0aaaf283b77065ecc671ca2b59a69781d744 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-on: https://gerrit.samba.org/36 Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Mar 14 14:51:20 CET 2014 on sn-devel-104 commit 7db0defdd2f7ed39bda6c1ebc2110b83b82f1adc Author: Andrew Bartlett abart...@samba.org Date: Mon Dec 2 15:47:42 2013 +1300 ldapsrv: Pass struct ldb_result * rather than void * Change-Id: Ic521cbfcf922cfe9e14c89116c097b777a86af40 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-on: https://gerrit.samba.org/35 Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source4/ldap_server/ldap_backend.c | 16 wintest/wintest.py | 11 +++ 2 files changed, 19 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 3432594..b0877d2 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -285,7 +285,7 @@ static NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error) static int ldapsrv_add_with_controls(struct ldapsrv_call *call, const struct ldb_message *message, struct ldb_control **controls, -void *context) +struct ldb_result *res) { struct ldb_context *ldb = call-conn-ldb; struct ldb_request *req; @@ -299,7 +299,7 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, ret = ldb_build_add_req(req, ldb, ldb, message, controls, - context, + res, ldb_modify_default_callback, NULL); @@ -341,7 +341,7 @@ static int ldapsrv_add_with_controls(struct ldapsrv_call *call, static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, const struct ldb_message *message, struct ldb_control **controls, -void *context) +struct ldb_result *res) { struct ldb_context *ldb = call-conn-ldb; struct ldb_request *req; @@ -355,7 +355,7 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, ret = ldb_build_mod_req(req, ldb, ldb, message, controls, - context, + res, ldb_modify_default_callback, NULL); @@ -399,7 +399,7 @@ static int ldapsrv_mod_with_controls(struct ldapsrv_call *call, static int ldapsrv_del_with_controls(struct ldapsrv_call *call, struct ldb_dn *dn, struct ldb_control **controls, -void *context) +struct ldb_result *res) { struct ldb_context *ldb = call-conn-ldb; struct ldb_request *req; @@ -408,7 +408,7 @@ static int ldapsrv_del_with_controls(struct ldapsrv_call *call, ret = ldb_build_del_req(req, ldb, ldb, dn, controls, - context, + res, ldb_modify_default_callback, NULL); @@ -450,7 +450,7 @@ static int ldapsrv_rename_with_controls(struct ldapsrv_call *call, struct ldb_dn *olddn, struct ldb_dn *newdn, struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 48ffca0 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 9f53b61 CVE-2013-4496:samr: Remove ChangePasswordUser via 76e5ea3 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via 824add8 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes from 29d779c smbreadline: switch to new-style readline typedef http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 48ffca0acac83bb31266390361ee77e1eaa2f2be Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-on: https://gerrit.samba.org/38 Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104 commit 9f53b61f0674f7855a42b8e0de66f343f4592589 Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 7 16:23:12 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-on: https://gerrit.samba.org/37 commit 76e5ea3a2c5f49cfc1026bd7c6b8baddb1e7dc16 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Iabf22753effd80086d7956619a3dae830e487da8 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-on: https://gerrit.samba.org/161 commit 824add8aaffca4adfec652fb1f6565d038387f9d Author: Andrew Bartlett abart...@samba.org Date: Fri Nov 1 14:55:44 2013 +1300 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-on: https://gerrit.samba.org/162 --- Summary of changes: source3/auth/check_samsec.c |1 + source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++ source3/rpc_server/samr/srv_samr_nt.c| 111 +--- source3/smbd/lanman.c| 254 -- source4/rpc_server/samr/samr_password.c | 214 - source4/torture/rpc/samr.c |6 + 6 files changed, 111 insertions(+), 530 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index b6cac60..7c97170 100644
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 71eade3 Merge tag 'samba-4.1.6' into v4-1-test via 48966b6 VERSION: Disable git snapshots for the 4.1.6 release. via 6125d12 WHATSNEW: Add release notes for Samba 4.1.6. via 7ff3ed7 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via 435541a CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 70efaac CVE-2013-4496:samr: Remove ChangePasswordUser via 05ba344 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via f5743f0 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via 0a0f17d VERSION: Bump version number up to 4.1.6... from 1cd273e VERSION: Bump version number up to 4.1.7. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 71eade3f8f2e6196fb839259e1467c9223086489 Merge: 1cd273eeabe765e0be8c7dd056dd537c0ea30b08 48966b660733c9c9726cc3a87fa670b4c8427f5a Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 11 20:50:47 2014 +0100 Merge tag 'samba-4.1.6' into v4-1-test Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e42fd53 Merge tag 'samba-4.0.16' into v4-0-test via bc0f537 VERSION: Disable git snapshots for the 4.0.16 release. via 2cd17b5 WHATSNEW: Add release notes for Samba 4.0.16. via 109d63a CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via f580c8c CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 8fee6bd CVE-2013-4496:samr: Remove ChangePasswordUser via 139b90d CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via a597c31 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via adfa17e VERSION: Bump version number up to 4.0.16... from 58cb450 VERSION: Bump version number up to 4.0.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e42fd53389807d8375a69a1b8c69d48007b48a19 Merge: 58cb450bae8cc1b3d73167422dfdeb4d964f3070 bc0f537280d7b34c717629312015170344289e5c Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 11 20:55:57 2014 +0100 Merge tag 'samba-4.0.16' into v4-0-test Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ee8f98f pidl-waf: Only install Yapp::Driver if it is not available. via 9e591e3 pidl-waf: Check for system perl(Parse::Yapp::Driver). via 410ada4 pidl-waf: Add a function to check for a system perl module. via b7b0ca1 pidl-waf: Do not glob to install pidl modules. via 17244ef pidl-waf: Install pidl modules to the perl vendorlib directory. via 0bb6b01 pidl-waf: Remove unused variable pidl_src. via 1d95410 autobuild: Set perl vendorlib direcotry. via 48f0183 buildtools: Add perl vendorlib configure option. via 04685ff buildtools: Rename perl vendorarch configure option. via 87976b4 Revert pidl: Install pidl files corrently. via c2d58c3 Revert waf: Add option to specify perl vendor dir. via c46aaf1 Revert pidl: Make perl(Parse:Yapp:Driver) installation optional. from d8e110e ctdb-vacuum: fix delete list counts in delete_marshall_traverse_first http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ee8f98f26a3d6f02a0d10ceeac1194675d505246 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 16:00:54 2014 +0100 pidl-waf: Only install Yapp::Driver if it is not available. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Mar 6 23:30:47 CET 2014 on sn-devel-104 commit 9e591e3d619d127c5ec5f6ac86326c84f59878fa Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:59:45 2014 +0100 pidl-waf: Check for system perl(Parse::Yapp::Driver). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 410ada45b7041be6976fcfefadccbb99212a15a3 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:59:41 2014 +0100 pidl-waf: Add a function to check for a system perl module. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit b7b0ca1ba9067362bb8a4b901f3a7f2f3bcbd6a1 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:55:46 2014 +0100 pidl-waf: Do not glob to install pidl modules. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 17244ef750f699b30ff7ff3a71264f4c76adad6d Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:53:10 2014 +0100 pidl-waf: Install pidl modules to the perl vendorlib directory. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 0bb6b0102f6fa21e6c9f8010421386a660c5a5e0 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:54:09 2014 +0100 pidl-waf: Remove unused variable pidl_src. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1d954103f582cd219c939606a43112f4374531ff Author: Andreas Schneider a...@samba.org Date: Wed Mar 5 16:27:15 2014 +0100 autobuild: Set perl vendorlib direcotry. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 48f0183dbeddd7bdf333a40fe0d3e1c7e7fe00f2 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:50:02 2014 +0100 buildtools: Add perl vendorlib configure option. After this patch has been pushed, we need to change autobuild to compile with this option or we will not be able to install pidl. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 04685ff4eed9535769d6a5feee7353f1796a4389 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:47:45 2014 +0100 buildtools: Rename perl vendorarch configure option. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 87976b4e45bd71b086e9201f0d0a563b9071ca4a Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:46:01 2014 +0100 Revert pidl: Install pidl files corrently. This reverts commit cee11cfa4544425099268cd32393169afb4bb107. Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c2d58c3c2059ef3d43f876df547cbc7256235563 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:45:51 2014 +0100 Revert waf: Add option to specify perl vendor dir. This reverts commit 9b200555fec2e33da9521db388d1839375aa8d83. Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c46aaf1102da5e8ba53e9f89f2f756fe8dce83c5 Author: Andreas Schneider a...@samba.org Date: Fri Feb 28 15:45:35 2014 +0100 Revert pidl: Make perl(Parse:Yapp:Driver) installation optional. This reverts
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e35b1d8 passdb: spare superfluous call to lookup_rids() in lookup_sids() via 0cb15c1 rpc: fix name-normalization in rpc_sid_to_name() via ab7992b rpc: correctly tread domain-only requests in rpc_sid_to_name() via 8fec421 samr: don't block the sam sid or the builtin domain sid in sid_to_name from fcf846a ctdb-eventscripts: Switch on dumping of stuck nfsd threads http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e35b1d8dc43e63d8932e8e0e3cd274e9de6963e3 Author: Michael Adam ob...@samba.org Date: Thu Feb 20 16:57:21 2014 +0100 passdb: spare superfluous call to lookup_rids() in lookup_sids() If we have no name indexes for a domain, all names were domain names and have been resolved earlier, including the domain name. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104 commit 0cb15c169f134026e0dae40994640f76e64f99d9 Author: Michael Adam ob...@samba.org Date: Thu Feb 20 16:55:15 2014 +0100 rpc: fix name-normalization in rpc_sid_to_name() Hand the *input* name as input into the normalize call, not the (potentially uninitialized...) *output* name... Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I4f3fc25882c22d96329e252d0a53bbe13d533472 Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ab7992b5bfa40d9cda66de319ded08276bb54e99 Author: Michael Adam ob...@samba.org Date: Thu Feb 20 16:53:51 2014 +0100 rpc: correctly tread domain-only requests in rpc_sid_to_name() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I6a8a8c272b9cf7dbce4f9a99012209c29c31e839 Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 8fec421543ff25c99655acca801d363c416fd61d Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 20 16:50:32 2014 +0100 samr: don't block the sam sid or the builtin domain sid in sid_to_name Previously only members of these domains were handled. But we also need to handle the domain itself. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I44f85267eda243d586fffd24a799e153de0ff982 Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@sernet.de Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: source3/passdb/lookup_sid.c | 19 --- source3/winbindd/winbindd_rpc.c |4 ++-- source3/winbindd/winbindd_samr.c |2 ++ 3 files changed, 16 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 6ec6ce8..fa44f3e 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -899,13 +899,18 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, break; } - if (dom-num_idxs) { - if (!(rids = talloc_array(tmp_ctx, uint32, dom-num_idxs))) { - result = NT_STATUS_NO_MEMORY; - goto fail; - } - } else { - rids = NULL; + if (dom-num_idxs == 0) { + /* +* This happens only if the only sid related to +* this domain is the domain sid itself, which +* is mapped to SID_NAME_DOMAIN above. +*/ + continue; + } + + if (!(rids = talloc_array(tmp_ctx, uint32, dom-num_idxs))) { + result = NT_STATUS_NO_MEMORY; + goto fail; } for (j=0; jdom-num_idxs; j++) { diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 0986d82..739088f 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -362,7 +362,7 @@ NTSTATUS rpc_sid_to_name(TALLOC_CTX *mem_ctx, map_status = normalize_name_map(mem_ctx, domain
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33f10d0 s3:smbd: avoid invalid lock_order panic triggered by CTDB_SRVID_RELEASE_IP via 9677fae s3:lib/ctdbd_conn: let release_ip_handler return bool via 52ccb40 s3:smbd: maintain smbd_server_connection-status via 58c71be s3:smbd: simplify exit_server_common() from 913b2a1 clitar: don't panic, propagate talloc errors upwards http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33f10d06baf44e31d558bc5bd926c886915322cc Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 13 15:36:27 2014 +0100 s3:smbd: avoid invalid lock_order panic triggered by CTDB_SRVID_RELEASE_IP If smbd_server_connection_terminate(CTDB_SRVID_RELEASE_IP) is triggered from within ctdbd_migrate(), we got a smb_panic complaining about invalid lock_order, as ctdbd_migrate is called from dbwrap_fetch_locked(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10444 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Feb 21 14:51:51 CET 2014 on sn-devel-104 commit 9677fae6aab26d2bf0884dc31516d2dcd8840c03 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 17 11:57:52 2014 +0100 s3:lib/ctdbd_conn: let release_ip_handler return bool If it returns true the passed ip address matched and we let a nested ctdb operation fail with NT_STATUS_ADDRESS_CLOSED. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 52ccb40d595fc80bfa53b0b9cd75ffb902369681 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 17 12:01:12 2014 +0100 s3:smbd: maintain smbd_server_connection-status If this isn't NT_STATUS_OK, we skip any io on the socket. This avoids possible problems during shutdown. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 58c71bee40bb91868fc69d8f7fa640db0e33efae Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 17 12:05:42 2014 +0100 s3:smbd: simplify exit_server_common() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: source3/include/ctdbd_conn.h |2 +- source3/lib/ctdbd_conn.c | 36 +--- source3/smbd/globals.h |1 + source3/smbd/process.c | 72 +++-- source3/smbd/server_exit.c | 17 +++-- source3/smbd/smb2_server.c | 16 + 6 files changed, 129 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/ctdbd_conn.h b/source3/include/ctdbd_conn.h index ce5c8ba..0f85229 100644 --- a/source3/include/ctdbd_conn.h +++ b/source3/include/ctdbd_conn.h @@ -76,7 +76,7 @@ NTSTATUS ctdbd_traverse(uint32_t db_id, NTSTATUS ctdbd_register_ips(struct ctdbd_connection *conn, const struct sockaddr_storage *server, const struct sockaddr_storage *client, - void (*release_ip_handler)(const char *ip_addr, + bool (*release_ip_handler)(const char *ip_addr, void *private_data), void *private_data); diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 6ab4bbe..4d90324 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -59,7 +59,7 @@ struct ctdbd_connection { struct ctdb_packet_context *pkt; struct tevent_fd *fde; - void (*release_ip_handler)(const char *ip_addr, void *private_data); + bool (*release_ip_handler)(const char *ip_addr, void *private_data); void *release_ip_priv; }; @@ -428,10 +428,23 @@ static NTSTATUS ctdb_read_req(struct ctdbd_connection *conn, uint32_t reqid, if ((conn-release_ip_handler != NULL) (msg-srvid == CTDB_SRVID_RELEASE_IP)) { + bool ret; + /* must be dispatched immediately */ DEBUG(10, (received CTDB_SRVID_RELEASE_IP\n)); - conn-release_ip_handler((const char *)msg-data, -conn-release_ip_priv); + ret = conn-release_ip_handler((const char *)msg-data, + conn-release_ip_priv); + if (ret) { + /* +* We need to release the ip, +* so return an error to the upper layers
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e0bf930 s3:smb2_notify: fix use after free on long living notify requests from 0535f73 ctdb:vacuum: move retrieval of freelist to after vacuum run http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e0bf930f23fe20ee00d0006a5f6c2ba1a8f592a0 Author: Stefan Metzmacher me...@samba.org Date: Thu Jan 30 16:12:44 2014 +0100 s3:smb2_notify: fix use after free on long living notify requests This is a hack, but it should fix the bug: change_notify_add_request() talloc moves smb_request away, which is not expected by the smb2_notify.c code... smbd_smb2_notify_reply() uses tevent_req_defer_callback() (in older versions an immediate event) to defer the response. This is needed as change_notify_reply() will do more things after calling reply_fn() (smbd_smb2_notify_reply is this case) and often change_notify_remove_request() is called after change_notify_reply(). change_notify_remove_request() implicitly free's the smb_request that was passed to change_notify_add_request(). smbd_smb2_fake_smb_request() added the smb_request as smb2req-smb1req, which is expected to be available after smbd_smb2_notify_recv() returned. The long term solution would be the following interface: struct tevent_req *change_notify_request_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct files_struct *fsp, uint32_t max_length, uint32_t filter, bool recursive); NTSTATUS change_notify_request_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *buffer); Bug: https://bugzilla.samba.org/show_bug.cgi?id=10442 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Feb 14 11:18:15 CET 2014 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_notify.c | 55 1 files changed, 55 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 77399ef..228346e 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -28,6 +28,8 @@ struct smbd_smb2_notify_state { struct smbd_smb2_request *smb2req; struct smb_request *smbreq; + bool has_request; + bool skip_reply; NTSTATUS status; DATA_BLOB out_output_buffer; }; @@ -160,6 +162,44 @@ static void smbd_smb2_notify_reply(struct smb_request *smbreq, uint8_t *buf, size_t len); static bool smbd_smb2_notify_cancel(struct tevent_req *req); +static int smbd_smb2_notify_state_destructor(struct smbd_smb2_notify_state *state) +{ + if (!state-has_request) { + return 0; + } + + state-skip_reply = true; + smbd_notify_cancel_by_smbreq(state-smbreq); + return 0; +} + +static int smbd_smb2_notify_smbreq_destructor(struct smb_request *smbreq) +{ + struct tevent_req *req = talloc_get_type_abort(smbreq-async_priv, + struct tevent_req); + struct smbd_smb2_notify_state *state = tevent_req_data(req, + struct smbd_smb2_notify_state); + + /* +* Our temporary parent from change_notify_add_request() +* goes away. +*/ + state-has_request = false; + + /* +* move it back to its original parent, +* which means we no longer need the destructor +* to protect it. +*/ + talloc_steal(smbreq-smb2req, smbreq); + talloc_set_destructor(smbreq, NULL); + + /* +* We want to keep smbreq! +*/ + return -1; +} + static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, @@ -183,6 +223,7 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, state-smb2req = smb2req; state-status = NT_STATUS_INTERNAL_ERROR; state-out_output_buffer = data_blob_null; + talloc_set_destructor(state, smbd_smb2_notify_state_destructor); DEBUG(10,(smbd_smb2_notify_send: %s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e02c94d cmdline: Remove dynconfig hooks in command line processing from 276b233 ctdb-daemon: Consult CTDB_DEBUG_HUNG_SCRIPT variable before running debug script http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e02c94d13bab4fb4ad791b7c0dedd963c33804cb Author: Andrew Bartlett abart...@samba.org Date: Wed Jan 8 13:35:34 2014 +1300 cmdline: Remove dynconfig hooks in command line processing This removes the ability to set paths like the sbindir, bindir, and changes the tool for setting lockdir statedir etc to be via --option=lock dir=/var/lock. These were originally added by commit 90a6873b0570f2691ba8d8fd11154c856bdd4415 by James Peach jpe...@samba.org The important use case, qemu, does not use these options, but specifies these directories via an smb.conf. They are being removed to remove a layer from the loadparm system, now that options can be specified from the command line. It will also make it easier to generate the affected parameters from the XML documentation if this layer of indirection is removed. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Feb 12 16:42:14 CET 2014 on sn-devel-104 --- Summary of changes: source3/lib/popt_common.c | 145 - source3/smbd/server.c |1 - 2 files changed, 0 insertions(+), 146 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index e8eca57..2555809 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -200,151 +200,6 @@ struct poptOption popt_common_option[] = { POPT_TABLEEND }; -/* Handle command line options: - * --sbindir - * --bindir - * --lmhostsfile - * --libdir - * --modulesdir - * --shlibext - * --lockdir - * --statedir - * --cachedir - * --piddir - * --smb-passwd-file - * --private-dir - */ - -enum dyn_item{ - DYN_SBINDIR = 1, - DYN_BINDIR, - DYN_LMHOSTSFILE, - DYN_LIBDIR, - DYN_MODULESDIR, - DYN_SHLIBEXT, - DYN_LOCKDIR, - DYN_STATEDIR, - DYN_CACHEDIR, - DYN_PIDDIR, - DYN_SMB_PASSWD_FILE, - DYN_PRIVATE_DIR, -}; - - -static void popt_dynconfig_callback(poptContext con, - enum poptCallbackReason reason, - const struct poptOption *opt, - const char *arg, const void *data) -{ - - switch (opt-val) { - case DYN_SBINDIR: - if (arg) { - set_dyn_SBINDIR(arg); - } - break; - - case DYN_BINDIR: - if (arg) { - set_dyn_BINDIR(arg); - } - break; - - case DYN_LMHOSTSFILE: - if (arg) { - set_dyn_LMHOSTSFILE(arg); - } - break; - - case DYN_LIBDIR: - if (arg) { - set_dyn_LIBDIR(arg); - } - break; - - case DYN_MODULESDIR: - if (arg) { - set_dyn_MODULESDIR(arg); - } - break; - - case DYN_SHLIBEXT: - if (arg) { - set_dyn_SHLIBEXT(arg); - } - break; - - case DYN_LOCKDIR: - if (arg) { - set_dyn_LOCKDIR(arg); - } - break; - - case DYN_STATEDIR: - if (arg) { - set_dyn_STATEDIR(arg); - } - break; - - case DYN_CACHEDIR: - if (arg) { - set_dyn_CACHEDIR(arg); - } - break; - - case DYN_PIDDIR: - if (arg) { - set_dyn_PIDDIR(arg); - } - break; - - case DYN_SMB_PASSWD_FILE: - if (arg) { - set_dyn_SMB_PASSWD_FILE(arg); - } - break; - - case DYN_PRIVATE_DIR: - if (arg) { - set_dyn_PRIVATE_DIR(arg); - } - break; - - } -} - -const struct poptOption popt_common_dynconfig[] = { - - { NULL, '\0', POPT_ARG_CALLBACK, (void *)popt_dynconfig_callback }, - - { sbindir, '\0' , POPT_ARG_STRING, NULL, DYN_SBINDIR, - Path to sbin directory, SBINDIR
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b210e7a dbwrap: use DBWRAP_LOCK_ORDER_VALID() in db_open() via c7961ee dbwrap: completely check validity of lock order in dbwrap_check_lock_order() via 9914017 dbwrap: add a comment explaining the supported lock orders via 5e5a31b dbwrap: add DBWRAP_LOCK_ORDER_VALID() via 8dbb582 dbwrap: add DBWRAP_LOCK_ORDER_MIN via 24e434d dbwrap: move definition of DBWRAP_LOCK_ORDER_MAX to the private header. via 44c6643 dbwrap: explicitly use DBWRAP_LOCK_ORDER_NONE in tdb-ntdb conversion via 31c2336 s4:cluster: use DBWRAP_LOCK_ODER_NONE for local_db_tmp_open() via 85235d0 libcli: use DBWRAP_LOCK_ORDER_NONE when opening schannel_store.tdb via 4eb57bd dbwrap: introduce DBWRAP_LOCK_ORDER_NONE for lock order 0. via 7e766a0 dbwrap: add dbwrap_flags argument to dbwrap_local_open() via e4fbaad dbwrap: add a dbwrap_flags argument to db_open_ntdb() via bbf0903 dbwrap: add a dbwrap_flags argument to db_open_tdb() via 906abe5 s3:registry: introduce REG_DBWRAP_FLAGS to use for all db_open calls via 020fab3 s3:rpc_client: optimize the netlogon_creds_cli.tdb for read-only access via a20c977 dbwrap_open: add 'dbwrap_optimize_readonly:* = yes' option via a97b588 dbwrap_ctdb: implement DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS via 56bd404 dbwrap: add DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS via 6def1c3 dbwrap: add a dbwrap_flags argument to db_open_ctdb() via cf0cb0a dbwrap: add a dbwrap_flags argument to db_open() via 229dcfd dbwrap: add flags DBWRAP_FLAG_NONE from 353fdc5 .gitignore: Ignore tag files from GNU Global tool http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b210e7aade5bc6445df22e4cd4b9b906cb40c236 Author: Michael Adam ob...@samba.org Date: Tue Jan 28 11:58:05 2014 +0100 dbwrap: use DBWRAP_LOCK_ORDER_VALID() in db_open() instead of the hand written test. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Feb 7 18:05:51 CET 2014 on sn-devel-104 commit c7961ee4953dbcc8c45790d3c92fe3172e924f47 Author: Michael Adam ob...@samba.org Date: Mon Jan 27 17:34:31 2014 +0100 dbwrap: completely check validity of lock order in dbwrap_check_lock_order() This is currently not strictly necessay, because the only caller catches the DBWRAP_LOCK_ORDER_NONE case, and maximum is already checked, but this seems too dangerous to me. Use the new DBWRAP_LOCK_ORDER_VALID() macro. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 99140170a587102493e9f073145ba941987d01d3 Author: Michael Adam ob...@samba.org Date: Tue Jan 28 11:44:21 2014 +0100 dbwrap: add a comment explaining the supported lock orders Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5e5a31bfb2de9ffa9829db1002118773a22ac9e4 Author: Michael Adam ob...@samba.org Date: Tue Jan 28 11:54:06 2014 +0100 dbwrap: add DBWRAP_LOCK_ORDER_VALID() Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 8dbb58285b6590203d3c510c22cb6936fd642e5f Author: Michael Adam ob...@samba.org Date: Tue Jan 28 12:04:38 2014 +0100 dbwrap: add DBWRAP_LOCK_ORDER_MIN Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 24e434d1aec880d1292d003cbcf6f869e3d35526 Author: Michael Adam ob...@samba.org Date: Tue Jan 28 11:52:36 2014 +0100 dbwrap: move definition of DBWRAP_LOCK_ORDER_MAX to the private header. This is only needed internally. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 44c66435bafc786f8a4c10e3652c7de168f642b1 Author: Michael Adam ob...@samba.org Date: Tue Jan 28 12:42:31 2014 +0100 dbwrap: explicitly use DBWRAP_LOCK_ORDER_NONE in tdb-ntdb conversion Make lack of lock order checking more visible. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 31c233651972c94b66d7cebf42ebcdcb43c39036 Author: Michael Adam ob...@samba.org Date: Mon Jan 27 17:26:50 2014 +0100 s4:cluster: use DBWRAP_LOCK_ODER_NONE for local_db_tmp_open() Make lack of lock oder checking more visible. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 85235d03c1030a8bd510232a068da7f933ceb268 Author: Michael Adam ob...@samba.org Date: Mon Jan 27 17:25:54 2014 +0100 libcli: use DBWRAP_LOCK_ORDER_NONE when opening schannel_store.tdb Make lack
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b449d13 selftest/Samba3: make --log-stdout optional from fca80dc selftest: updated docs.py script http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b449d13be4e26b98aeefe4b3d9961f86103862c3 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 25 09:45:25 2014 +0100 selftest/Samba3: make --log-stdout optional It's still used by default, but the following environment variables are able to avoid it NMBD_DONT_LOG_STDOUT=1, WINBINDD_DONT_LOG_STDOUT=1 and SMBD_DONT_LOG_STDOUT=1. It's strange that nmbd and smbd take --log-stdout, while winbindd takes --stdout. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Feb 1 01:27:18 CET 2014 on sn-devel-104 --- Summary of changes: selftest/target/Samba3.pm | 40 ++-- 1 files changed, 26 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 573b8e1..cd1585e 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -657,23 +657,27 @@ sub check_or_start($) { exit 0; } + $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, nmbd); my @optargs = (-d0); if (defined($ENV{NMBD_OPTIONS})) { @optargs = split(/ /, $ENV{NMBD_OPTIONS}); } - - $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, nmbd); - my @preargs = (Samba::bindir_path($self, timelimit), $self-{server_maxtime}); if(defined($ENV{NMBD_VALGRIND})) { @preargs = split(/ /, $ENV{NMBD_VALGRIND}); } + my @args = (-F, --no-process-group, + -s, $env_vars-{SERVERCONFFILE}, + -l, $env_vars-{LOGDIR}); + if (not defined($ENV{NMBD_DONT_LOG_STDOUT})) { + push(@args, --log-stdout); + } close($env_vars-{STDIN_PIPE}); open STDIN, , \*STDIN_READER or die can't dup STDIN_READER to STDIN: $!; - exec(@preargs, Samba::bindir_path($self, nmbd), -F, --no-process-group, --log-stdout, -s, $env_vars-{SERVERCONFFILE}, --l, $env_vars-{LOGDIR}, @optargs) or die(Unable to start nmbd: $!); + exec(@preargs, $ENV{MAKE_TEST_BINARY}, @args, @optargs) + or die(Unable to start $ENV{MAKE_TEST_BINARY}: $!); } $env_vars-{NMBD_TL_PID} = $pid; write_pid($env_vars, nmbd, $pid); @@ -710,25 +714,27 @@ sub check_or_start($) { exit 0; } + $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, winbindd); my @optargs = (-d0); if (defined($ENV{WINBINDD_OPTIONS})) { @optargs = split(/ /, $ENV{WINBINDD_OPTIONS}); } - - $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, winbindd); - my @preargs = (Samba::bindir_path($self, timelimit), $self-{server_maxtime}); if(defined($ENV{WINBINDD_VALGRIND})) { @preargs = split(/ /, $ENV{WINBINDD_VALGRIND}); } - - print Starting winbindd with config $env_vars-{SERVERCONFFILE}\n; + my @args = (-F, --no-process-group, + -s, $env_vars-{SERVERCONFFILE}, + -l, $env_vars-{LOGDIR}); + if (not defined($ENV{WINBINDD_DONT_LOG_STDOUT})) { + push(@args, --stdout); + } close($env_vars-{STDIN_PIPE}); open STDIN, , \*STDIN_READER or die can't dup STDIN_READER to STDIN: $!; - exec(@preargs, Samba::bindir_path($self, winbindd), -F, --no-process-group, --stdout, -s, $env_vars-{SERVERCONFFILE}, --l, $env_vars-{LOGDIR}, @optargs) or die(Unable to start winbindd: $!); + exec(@preargs, $ENV{MAKE_TEST_BINARY}, @args, @optargs) + or die(Unable to start $ENV{MAKE_TEST_BINARY}: $!); } $env_vars-{WINBINDD_TL_PID} = $pid; write_pid($env_vars, winbindd, $pid); @@ -774,12 +780,18 @@ sub check_or_start($) { if(defined($ENV{SMBD_VALGRIND})) { @preargs = split(/ /,$ENV{SMBD_VALGRIND}); } + my @args = (-F, --no-process-group, + -s, $env_vars-{SERVERCONFFILE}, + -l, $env_vars
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b23345 s3:smbd: skip empty records in smbXsrv_open_cleanup() via 6b2d67a smbd:smb2: fix durable reconnect: set fsp-fnum from the smbXsrv_open-local_id via e93f052 docs: remove extra spaces in synopsis of dbwrap_tool via 1e3b352 docs: document new --non-persistent option to dbwrap_tool via c3f9327 dbwrap_tool: add option --non-persistent and force excatly one of --[non-]persistent via 6f748fe docs: remove short form -p of --persistent from dbwrap_tool manpage via 6dd1008 dbwrap_tool: remove the short form -p of --persistent from f42d380 s3:brlock: fix a comment typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b23345676c6f02d5bb1a327174d8456705ec0c7 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 24 09:00:01 2013 +0100 s3:smbd: skip empty records in smbXsrv_open_cleanup() This should avoid scary ndr_pull errors, if there's a cleanup race. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jan 30 18:49:37 CET 2014 on sn-devel-104 commit 6b2d67a345e90306f0d35402d0f4e3067a014057 Author: Michael Adam ob...@samba.org Date: Fri Jan 24 00:09:50 2014 +0100 smbd:smb2: fix durable reconnect: set fsp-fnum from the smbXsrv_open-local_id Originally, fsp-fnum was left at the INVALID fnum value. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit e93f052e37e736e5776fe7f7c7d246f9ecc4b4c8 Author: Michael Adam ob...@samba.org Date: Thu Jan 30 10:47:15 2014 +0100 docs: remove extra spaces in synopsis of dbwrap_tool Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1e3b352f799038ec25437db53e051dadb9d97c95 Author: Michael Adam ob...@samba.org Date: Thu Jan 30 10:36:46 2014 +0100 docs: document new --non-persistent option to dbwrap_tool Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c3f93271ef447f9f16cd3002307c630c5f149f5a Author: Michael Adam ob...@samba.org Date: Thu Jan 30 10:29:49 2014 +0100 dbwrap_tool: add option --non-persistent and force excatly one of --[non-]persistent We want to force users of dbwrap_tool to explicitly specify persistent or non-persistent. Otherwise, one could easily by accident wipe a whole database that is actually persistent but not currently opened by a samba process, just by openeing the DB with the default non-persistent mode... Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6f748fef652bbea3c8dbbbfb96b95270e6f1dcfc Author: Michael Adam ob...@samba.org Date: Thu Jan 30 10:33:00 2014 +0100 docs: remove short form -p of --persistent from dbwrap_tool manpage Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6dd1008c4e8b0b798d589959021c9b578db74ff4 Author: Michael Adam ob...@samba.org Date: Wed Jan 29 16:58:37 2014 +0100 dbwrap_tool: remove the short form -p of --persistent Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml | 28 +--- source3/smbd/durable.c |1 + source3/smbd/smbXsrv_open.c |9 + source3/utils/dbwrap_tool.c | 23 ++- 4 files changed, 49 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml index 8e979f6..0c27fad 100644 --- a/docs-xml/manpages/dbwrap_tool.1.xml +++ b/docs-xml/manpages/dbwrap_tool.1.xml @@ -19,7 +19,8 @@ refsynopsisdiv cmdsynopsis commanddbwrap_tool/command - arg choice=opt-p|--persistent/arg + arg choice=opt--persistent/arg + arg choice=opt--non-persistent/arg arg choice=opt-d lt;debug levelgt;/arg arg choice=opt-s lt;config filegt;/arg arg choice=opt-l lt;log file basegt;/arg @@ -29,9 +30,7 @@ arg choice=reqlt;operationgt;/arg arg choice=optlt;keygt; arg choice=optlt;typegt; - arg choice=optlt;valuegt;/arg - /arg - /arg + arg choice=optlt;valuegt;/arg/arg/arg /cmdsynopsis /refsynopsisdiv @@ -70,10 +69,25 @@ variablelist varlistentry
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 05c1fe5 s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600 via afdb715 build: Build idmap_ad by default from 9fb9438 selftets: durable-open.reopen4 succeeds now. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05c1fe50556e2330e23b7efb38e653428b9bdadf Author: Michael Brown mich...@netdirect.ca Date: Wed Jan 22 03:23:12 2014 + s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10392 Signed-off-by: Michael Brown mich...@netdirect.ca Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jan 31 01:27:03 CET 2014 on sn-devel-104 commit afdb715d21feaef495685abcd9469976282b34d1 Author: Volker Lendecke v...@samba.org Date: Thu Jan 30 11:30:05 2014 + build: Build idmap_ad by default Most other idmap modules are built by default. I don't see a reason why idmap_ad should be special here. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/wscript |1 + source4/lib/tls/tls_tstream.c |5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript b/source3/wscript index 501707b..af0ed9f 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1812,6 +1812,7 @@ main() { vfs_worm vfs_crossrename vfs_linux_xfs_sgid vfs_time_audit idmap_autorid idmap_tdb2 + idmap_ad idmap_rid idmap_hash idmap_rfc2307''')) if Options.options.developer: diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c index 2cb75ed..d67f2d9 100644 --- a/source4/lib/tls/tls_tstream.c +++ b/source4/lib/tls/tls_tstream.c @@ -1113,16 +1113,17 @@ NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx, } if (file_exist(key_file) + !file_check_permissions(key_file, geteuid(), 0400, st) !file_check_permissions(key_file, geteuid(), 0600, st)) { DEBUG(0, (Invalid permissions on TLS private key file '%s':\n - owner uid %u should be %u, mode 0%o should be 0%o\n + owner uid %u should be %u, mode %04o should be %04o or %04o\n This is known as CVE-2013-4476.\n Removing all tls .pem files will cause an auto-regeneration with the correct permissions.\n, key_file, (unsigned int)st.st_uid, geteuid(), - (unsigned int)(st.st_mode 0777), 0600)); + (unsigned int)(st.st_mode 0777), 0400, 0600)); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 38f8788 s4:torture/rpc: add invalidAuthenticate2 via 25fb73f s4:rpc_server/netlogon: return a zero return_authenticator and rid on error via dcc2c83 s3:rpc_server/netlogon: return a zero return_authenticator on error via b8fdeb8 libcli/auth: reject computer_name longer than 15 chars via 387ed2e libcli/auth: don't alter the computer_name in cluster mode. via 8cf4eff s3:rpc_client: use db_open() to open netlogon_creds_cli.tdb via ece3ba1 libcli/auth: add netlogon_creds_cli_set_global_db() from c427b29 messaging3: Remove unused messaging_tdb_event http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 38f8788d6bf7fac509dcf492214a66a8bb3ac3fc Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 10 12:19:08 2014 +0100 s4:torture/rpc: add invalidAuthenticate2 This add 'rpc.netlogon.netlogon.invalidAuthenticate2' as new test it demonstrates the STATUS_BUFFER_OVERFLOW on computer names larger than 15 characters. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jan 22 19:07:12 CET 2014 on sn-devel-104 commit 25fb73f2821821630dde4cc263794e754ca03d68 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 11 17:13:04 2014 +0100 s4:rpc_server/netlogon: return a zero return_authenticator and rid on error Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit dcc2c8362df9af088613722ebd8a6261fb098a5c Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 11 17:13:04 2014 +0100 s3:rpc_server/netlogon: return a zero return_authenticator on error Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit b8fdeb8ca7ce362058bb86a4e58b34fb6340867e Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 10 13:13:40 2014 +0100 libcli/auth: reject computer_name longer than 15 chars This matches Windows, it seems they use a fixed size field to store netlogon_creds_CredentialState. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 387ed2e15df085274f72cebda341040a1e767a4b Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 17 14:08:59 2014 +0100 libcli/auth: don't alter the computer_name in cluster mode. This breaks NTLMv2 authentication. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 8cf4eff201aa9e1ba8127311bcfc2a357fb4ef03 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 17 14:07:37 2014 +0100 s3:rpc_client: use db_open() to open netlogon_creds_cli.tdb This uses dbwrap_ctdb if running in a cluster. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ece3ba10a16138a75b207a0cf9fe299759253d99 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 17 14:00:27 2014 +0100 libcli/auth: add netlogon_creds_cli_set_global_db() This can be used to inject a db_context from dbwrap_ctdb. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: libcli/auth/netlogon_creds_cli.c | 32 - libcli/auth/netlogon_creds_cli.h |2 + libcli/auth/schannel_state_tdb.c |8 ++ source3/rpc_client/cli_netlogon.c | 38 ++- source3/rpc_server/netlogon/srv_netlog_nt.c |1 + source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 ++- source4/torture/rpc/netlogon.c| 88 + 7 files changed, 142 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 51b30a1..88893ad 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -199,6 +199,16 @@ static NTSTATUS netlogon_creds_cli_context_common( static struct db_context *netlogon_creds_cli_global_db; +NTSTATUS netlogon_creds_cli_set_global_db(struct db_context **db) +{ + if (netlogon_creds_cli_global_db != NULL) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } + + netlogon_creds_cli_global_db = talloc_move(talloc_autofree_context(), db); + return NT_STATUS_OK; +} + NTSTATUS netlogon_creds_cli_open_global_db(struct loadparm_context *lp_ctx) { char *fname; @@ -251,28 +261,12 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, bool seal_secure_channel = true
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 741cb24 s3:lib/tldap: make use of tevent_req_set_cleanup_fn() via 5fd9eab s3:lib/tldap: make use of tevent_req_defer_callback() via c84fe17 s3:lib/fncall: make use of tevent_req_set_cleanup_fn() via f08c0b2 libcli/smb: make use of tevent_req_set_cleanup_fn() via c4c88d1 tevent: version 0.9.21 via 50b9f15 tevent: add tevent_req_set_cleanup_fn() via 0ed93e0 tevent: add/use tevent_req_destructor via 7502a30 tevent: add doxygen comments for tevent_num_signals() and tevent_sa_info_queue_count() via fd80e54 tevent: Add prototypes via e7d4b7d tevent: Only build std_fallback_to_poll when epoll is around via 7fe5584 tevent: fix crash bug in tevent_queue_immediate_trigger() from b7bfe46 ctdb/eventscripts: Move all eventscript state under $CTDB_VARDIR/state http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 741cb24f7a953498940d7b3ada6cb5538ec590fd Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:31:15 2014 +0100 s3:lib/tldap: make use of tevent_req_set_cleanup_fn() This is more better than a custom tevent_req destructor. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jan 17 14:34:06 CET 2014 on sn-devel-104 commit 5fd9eab20fc48f84c2ab389f91ae11d65361ccf5 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 19:46:01 2014 +0100 s3:lib/tldap: make use of tevent_req_defer_callback() In tldap_msg_received() we call tevent_req_error() for more than one request, if we do that we need to use tevent_req_defer_callback() otherwise we're likely to crash, as a triggered callback may invalidate our state. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit c84fe17ba954d2784cc1ac5f9e1f3a8302ca951d Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:31:15 2014 +0100 s3:lib/fncall: make use of tevent_req_set_cleanup_fn() This is more better than a custom tevent_req destructor. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit f08c0b2ef1bb92928ae86ba9d1c276a8e117367c Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:31:15 2014 +0100 libcli/smb: make use of tevent_req_set_cleanup_fn() This is more better than a custom tevent_req destructor. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit c4c88d1ee8960ae0d8a392821cf4f218725ab660 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 27 04:06:00 2013 +0200 tevent: version 0.9.21 This fixes a the following bugs: - fix a crash bug in tevent_queue_immediate_trigger() - add missing tevent_num_signals() and tevent_sa_info_queue_count() prototypes including documentation. This adds the following new features: - tevent_req_set_cleanup_fn() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 50b9f154d22f5c356e66bba341e9ee0292218cfd Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 27 02:29:57 2013 +0200 tevent: add tevent_req_set_cleanup_fn() Note that some callers used their own destructor for their tevent_req instance, they'll just overwrite this, which is not intended, but works without problems. The intended way is to specify a cleanup function and handle the TEVENT_REQ_RECEIVED state as destructor. Note that the TEVENT_REQ_RECEIVED cleanup event might be triggered by an explicit tevent_req_received() in the _recv() function. The TEVENT_REQ_RECEIVED event is only triggered once as tevent_req_received() will remove the destructor. So the difference compared to a custom destructor is that the struct tevent_req itself can continue to be there, while tevent_req_received() removed all internal state. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 0ed93e099af833045d9d00b9a8faeb5b93b6ef2e Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 27 03:41:29 2013 +0200 tevent: add/use tevent_req_destructor This makes sure we call tevent_req_received(req) on talloc_free() and cleanup things in a defined order. Note that some callers used their own destructor for their tevent_req instance, they'll just overwrite this, which is not intended, but works without problems. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 7502a309e8b817036c1ddc38740c214ae416bf29
[SCM] Samba Shared Repository - annotated tag tevent-0.9.21 created
The annotated tag, tevent-0.9.21 has been created at 88cdcc887eb42c45435eda9404c6d9d10edc8c9e (tag) tagging c4c88d1ee8960ae0d8a392821cf4f218725ab660 (commit) replaces tevent-0.9.20 tagged by Stefan Metzmacher on Fri Jan 17 14:41:24 2014 +0100 - Log - tevent: tag release tevent-0.9.21 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJS2TMEAAoJEEeTkWETCEAl6PsH/1xoEe3YFI2IgNAGcklDQ+J0 tuMhgKhMRVkG9POcS5AVwEdJgOF+e3vbk3il73Vz98rrVS3r4TXfa1j9hLMI473G 2hdsiOPxukMa2zVYhGVuUEICdXKsFsRhWFU4YLhfVivwvhZCgHnpf2f9rsoOtz2D PhG8eNxIBdmrL9xh/cifXxErAHEZLeO/QBx+XMRSAO7adMGq8fLnqUoT3PT2X7+6 sDymL5CFYffuInw7ZnqfDmvWmUi8wRZv3Hg1nKGcb2jDgsc2F6qkpYBObeLuYaEL PN6/fZWY2ljZAbvgiJqXD1PYYV4Q71+zR3uuBnBrA5n0xTRuA3nbVDbH17GxDd4= =cnCe -END PGP SIGNATURE- Abhidnya Joshi (2): s3: Add DAC_OVERRIDE capability support s3: Handle stat call with capability in vfs_gpfs Amitay Isaacs (10): ctdb-common: mkdir_p should not try to create . ctdb-daemon: Deprecate RELOAD and STATUS events ctdb-daemon: No need to call event scripts with CTDB_CALLED_BY_USER ctdb-daemon: Add ctdb_vfork_with_logging() ctdb-daemon: Add helper process to execute event scripts ctdb-daemon: Replace ctdb_fork_with_logging with ctdb_vfork_with_logging (part 1) ctdb-daemon: Replace ctdb_fork_with_logging with ctdb_vfork_with_logging (part 2) ctdb-daemon: Remove unused code to run eventscripts ctdb-tests: Set CTDB_EVENT_HELPER when running with local daemons ctdb-daemon: Remove ctdb_fork_with_logging() Andreas Schneider (5): lib: Fix strict-aliasing warning in md5 code. s3-libads: Fix memory leaks in ads_build_path(). wbinfo: Fix a memory leak in wbinfo_ping_dc(). s3-passdb: Fix string duplication to pointers. Add missing include dirs to .clang_complete. Andrew Bartlett (2): auth_samba4: Describe the slightly unusual role of auth_samba4 ntvfs: Remove CAP_UNIX from the ntvfs file server as it was never finished Björn Baumbach (2): docs-man: add manual page for the new worm vfs module waf docs: build the new vfs worm man page Björn Jacke (3): build: test the generic md5 function after importing it from hashlib crypto: fix build on OS X s3: set native os according to Windows and NBT_ANNOUNCE_VERSION defines Christian Ambach (26): s3:messaging add MSG_SMB_KILL_CLIENT_IP message s3:smbd react on message that client should be disconnected s3:utils/smbcontrol implement kill-client-ip in smbcontrol lib/compression: fix a compiler warnings lib/ldb-samba: fix a compiler warning lib/ldb fix compiler warnings lib/ldb fix compiler warnings lib/tdb: fix compiler warnings lib/clap fix compiler warnings libcli: fix compiler warnings s3:libsmb fix a compiler warning s3:printing fix a compiler warning s3:smbd/smb2 fix compiler warnings s3:winbindd fix a compiler warning s4:dsdb fix compiler warnings s4:dsdb fix compiler warnings s4:dsdb fix compiler warnings s4:dsdb fix compiler warnings s4:dsdb fix compiler warnings s4:dsdb fix compiler warnings s4:echo_server fix compiler warnings s4:kdc fix compiler warnings s4:libcli fix compiler warnings s4:rpc_server/lsa_lookup fix a compile warning s3:dbwrap report time for chainlock and CTDB migrate s3:dbwrap include the hashchain in the logs Christof Schmitt (5): docs: Add kill-client-ip to smbcontrol manpage docs: Add num-children to smbcontrol manpage s3: Avoid oplock break by storing timestamps with gpfs_set_times s3:dbwrap: Store warning thresholds in db_ctdb_ctx s3:dbwrap: Use milliseconds for Held tdb lock message David Disseldorp (2): smbcontrol: fix NUM_CHILDREN message deregister dcerpc.idl: use logical dcerpc_object ordering David Keegel (1): shadow_copy2: Fix some typos Garming Sam (14): selftest: add new rpc client test selftest: add new credential change test selftest: add rodc and other env tests for wbinfo waf: Require ACL support to be specifically disabled waf: Require ldap support to be specifically disabled waf: Require --without-ads-support to build without ADS support waf: fix a typo in an ADS error message doc: Modify build doc concerning missing headers s3:rpcclient: give errors and clean up correctly after failing to obtain secret dfs: always call create_conn_struct with root privileges lib/param: fix unix extensions setting to be consistent with s3 and docs pam_winbind: Fix segfault caused by invalid configuration options pam_winbind: Do not honour require_membership_of in the acct module parameters Revert pam_winbind: fix segfault in pam_sm_authenticate
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 175b8e1 s4:rpc_server: remember the hdr_signing negotiation result in dcesrv_auth via c4726e4 s4:rpc_server: use talloc_zero for struct dcesrv_connection via 79996cd s4:rpc_server: remove unused DCESRV_CALL_STATE_FLAG_HEADER_SIGNING via 410c30f ndrdump: dump verification trailer via 0f3848a librpc/ndr: add ndr_pop_dcerpc_sec_verification_trailer() via b7a5380 librpc/rpc: simplify tevent_req_nterror() usage in binding_handle.c via 0e62f32 libcli/auth: fix usage of an uninitialized variable in netlogon_creds_cli_check_caps() from f8363dd crypto: fix build on OS X http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 175b8e1475c45a6a829941127f018197baec3909 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:57:44 2014 +0100 s4:rpc_server: remember the hdr_signing negotiation result in dcesrv_auth Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jan 8 18:37:22 CET 2014 on sn-devel-104 commit c4726e414de13060bca29882f900d6df6d008792 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:57:19 2014 +0100 s4:rpc_server: use talloc_zero for struct dcesrv_connection Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 79996cd1eb4855fbb780c10ff96cfab1c5e7c312 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 10:52:51 2014 +0100 s4:rpc_server: remove unused DCESRV_CALL_STATE_FLAG_HEADER_SIGNING Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 410c30f12374b13854378f1d0fecaed9b5112bbb Author: Gregor Beck gb...@sernet.de Date: Mon Jan 6 11:19:04 2014 +0100 ndrdump: dump verification trailer Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 0f3848a8632d6f6c113d128e71171dc49f4f74b9 Author: Gregor Beck gb...@sernet.de Date: Thu Jan 2 15:30:52 2014 +0100 librpc/ndr: add ndr_pop_dcerpc_sec_verification_trailer() This extracts the dcerpc_sec_verification_trailer from the end of an ndr_pull structure, it found it reduces ndr-data_size. NDR_ERR_ALLOC is the only possible error, all other errors are ignored and a trailer with command count = 0 is returned. Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit b7a53803f3e5596329688ad8186bb0287705821f Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 09:48:06 2013 +0200 librpc/rpc: simplify tevent_req_nterror() usage in binding_handle.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 0e62f3279525ea864590f713f334f4dc5f5d3a32 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 8 12:04:22 2014 +0100 libcli/auth: fix usage of an uninitialized variable in netlogon_creds_cli_check_caps() If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org --- Summary of changes: libcli/auth/netlogon_creds_cli.c |4 +- librpc/idl/dcerpc.idl |3 + librpc/ndr/ndr_dcerpc.c | 121 + libcli/auth/schannel.h = librpc/ndr/ndr_dcerpc.h | 12 +- librpc/rpc/binding_handle.c |9 +- librpc/tools/ndrdump.c| 21 librpc/tools/wscript_build|2 +- librpc/wscript_build |4 +- source4/rpc_server/dcerpc_server.c| 14 +--- source4/rpc_server/dcerpc_server.h|3 +- source4/rpc_server/dcesrv_auth.c |5 +- 11 files changed, 165 insertions(+), 33 deletions(-) copy libcli/auth/schannel.h = librpc/ndr/ndr_dcerpc.h (70%) Changeset truncated at 500 lines: diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 1724064..51b30a1 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -1390,7 +1390,7 @@ struct netlogon_creds_cli_check_state { }; static void netlogon_creds_cli_check_cleanup(struct tevent_req *req
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6b586c3 s4:librpc: remove recv_data from transport via 9d2557d s4:librpc: factor out xxx_send_request() to dcerpc_send_request() via 4459131 s4:librpc: factor out xxx_send_read() to dcerpc_send_read() via 9832eb6 s4:librpc: factor out xxx_shutdown_pipe() to dcerpc_shutdown_pipe() via 30ca477 s4:librpc: factor out xxx_dead() to dcerpc_transport_dead() via 3193c27 s4:librpc: remove server_name from transport via 383ba3d s4:librpc: make 'struct dcerpc_pipe_connect' private via 27d0d32 s4:librpc: remove unused dcerpc_smb2.c via a9bb84c s4:librpc: implement dcerpc_pipe_open_smb2() in dcerpc_smb.c via 7352f7f s4:librpc: make use of dcerpc_pipe_open_smb_send/recv for SMB2 via 45fc961 s4:librpc: pass dcecli_connection instead of dcerpc_pipe to dcerpc_secondary_smb_send() via bebc05a s4:librpc: use dcerpc_binding_dup() instead of talloc_reference() via a08ee93 s4:librpc: pass smbXcli_{conn,session,tcon} to dcerpc_pipe_open_smb_send() via f7b1ff2 s4:librpc: don't talloc_reference smbcli_tree via e6474ba s4:librpc: keep smbcli_tree/smb2_tree as talloc child of dcecli_connection via d230f73 s4:librpc: use tstream_smbXcli_np in dcerpc_smb.c via 2ec65ea s4:librpc: use tstream in dcerpc_sock.c via 01ea63e s4:librpc: make it possible for the transport to specify the max_xmit/recv_size via 0059929 libcli/smb: s/tstream_cli_np/tstream_smbXcli_np via 8ec4163 libcli/smb: s/TSTREAM_CLI_NP/TSTREAM_SMBXCLI_NP via 024fc73 libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.c via acbd12a s3:libsmb: add a TSTREAM_CLI_NP_DESIRED_ACCESS define as collection of individual flags via eb8869a s3:libsmb: add tstream_cli_np_ref as protection to talloc_free(smbXcli_conn) via 46d29d4 s3:libsmb: do not use cli_state internally within cli_np_tstream via 6ebbce9 s3:libsmb: let cli_np_tstream use smb1cli_readx via 68d8aa4 s3:libsmb: let cli_np_tstream use smb1cli_writex via c25f19e s3:libsmb: let cli_np_tstream use smb1cli_close via a8c6a05 s3:libsmb: let cli_np_tstream use smb1cli_trans via 7ebb081 s3:libsmb: let cli_np_tstream use smb1cli_ntcreatex via 3d90e93 libcli/smb: add smb1cli_readx* via cb295d7 libcli/smb: add smb1cli_writex* via b9d19e8 libcli/smb: add smb1cli_close* via 50f910f libcli/smb: add smb1cli_ntcreatex* via ef28ed6 libcli/smb: move some *TRANSACT_* flags to smb_constants.h via 306cba4 libcli/smb: move some FILE_* flags to smb_constants.h via 54c0bde midltests: add tests with v1_enum and NDR64 via 2ba9453 pidl:NDR/Client: avoid useless memcpy() via f50b561 pidl:NDR/Client: fix dcerpc_function() with [out,ref] pointers via 662fc2d pidl:NDR/Client: simplify tevent_req_nterror() usage via 02c34fe pidl:NDR/Client: add missing TALLOC_FREE(subreq) after dcerpc_binding_handle_call_recv() via 3a0fa36 pidl:Samba3/ServerNDR: skip DCERPC pipe elements and leave NULL pointers. via d821661 s4:librpc/rpc: update alloc_hint for each fragment via ce84ade s4:librpc/rpc: remove unused rpc_request-ndr structure via cc899e8 s4:rpc_server: don't support functions DCERPC pipes in remoted backend via ef568f4 librpc/rpc: read the full header in dcerpc_read_ncacn_packet_next_vector() via cd46437 dcerpc.idl: add DCERPC_NCACN_PAYLOAD_OFFSET via 4289750 librpc: fix possible memory leak via a0f781c s4:librpc: fix memory leaks in dcerpc_request_recv_data() via b61f717 s4:librpc: fix memory leak in ncacn_pull() via 70d8ac6 librpc/ndrdump: free some temporary memory while parsing dcerpc pipe chunks via 4cc3388 s4:pyrpc: fix talloc hierachie in dcerpc_InterfaceObject via 13ccc5b s4:torture:spoolss_win: fix valgrind problem in test_EnumJobs() from 0dc30b9 samba_upgradedns: message the user if they need to change smb.conf http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6b586c3cf6c5e342cabdd157c2c0776204e2aad0 Author: Gregor Beck gb...@sernet.de Date: Wed Dec 4 14:58:40 2013 +0100 s4:librpc: remove recv_data from transport Signed-off-by: Gregor Beck gb...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jan 7 12:42:32 CET 2014 on sn-devel-104 commit 9d2557d6e468aef9415153ef86b495cdcefc8bf9 Author: Gregor Beck gb...@sernet.de Date: Wed Dec 4 15:51:31 2013 +0100 s4:librpc: factor out xxx_send_request() to dcerpc_send_request() Signed-off-by: Gregor Beck gb...@sernet.de Reviewed
[SCM] Samba Shared Repository - branch master updated
recv_data from transport http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d2abf520df1ff46d79dfd8ff579c230f2bc3c2a Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 6 12:08:50 2013 +0100 s4:netlogon: implement allow nt4 crypto and reject md5 clients features. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jan 7 16:53:31 CET 2014 on sn-devel-104 commit 2e36fbc77dc43f31ec78cdbef23b94bd00d6f565 Author: Stefan Metzmacher me...@samba.org Date: Mon Dec 23 10:10:17 2013 +0100 s4:netlogon: don't generate a debug message for SEC_CHAN_NULL. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 3b77b804cdc9e7621f026ef9bc8e7059f471348e Author: Stefan Metzmacher me...@samba.org Date: Mon Dec 23 10:12:24 2013 +0100 s4:netlogon: correctly calculate the negotiate_flags We need to bit-wise AND the client and server flags. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 0d4806f9f056c3e37f5aed1ef19e2924aa8f4151 Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 6 13:41:43 2013 +0100 selftest/Samba4: use allow nt4 crypto = yes for testing Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 807bcb4981fb20a9b97e69f01c3545ea7e85666e Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 6 11:39:15 2013 +0100 lib/param: add reject md5 client option, defaulting to false Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 87bdc88328568359e51af6615b378ba8dc67f647 Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 6 11:38:21 2013 +0100 lib/param: add allow nt4 crypto option, defaulting to false Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 3d45d4dc3c69557bf1d1fe6d4a880ad74a2a41f1 Author: Stefan Metzmacher me...@samba.org Date: Thu Oct 17 19:17:12 2013 +0200 libcli/auth: remove unused netlogon_creds_cli_context_copy() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit c0761c3eae34175d772476006caf5caad68bd8c6 Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 16 19:25:27 2013 +0200 s3:rpc_client: finally remove unused rpc_pipe_client-netlogon_creds Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 3f41b583840ffa2220f61eea61833bf3c6bd33db Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 16 19:23:54 2013 +0200 s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit e4fea80693b49e79a96acdac09d5ea292756635c Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 16 19:23:18 2013 +0200 s3:rpc_client: remove unused rpccli_netlogon_sam_logon() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit a4faf57b47095bfc0f4370ac093c8c4cef17584f Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 6 13:06:53 2013 +0200 s3:rpc_client: remove unused rpccli_netlogon_setup_creds() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 6d457ad9c156cf86d99e58dea21dba170defad1b Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 6 13:54:30 2013 +0200 s3:rpc_client: remove unused rpccli_netlogon_set_trust_password() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 660150b12a637da7f9ebb820e687f27ac22fb93a Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 16 20:53:51 2013 +0200 s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible It expects a messaging_context now and returns a netlogon_creds_cli_context. This way we can finally avoid having a rpc_pipe_client-netlogon_creds. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit a34c837fdb59df1e66be9b5f23a07990e34fea1c Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 17 00:56:15 2013 +0200 s3:winbindd: make use of rpccli_netlogon_network_logon() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit c6bb47f2f199cc13101dccf656ac36e9eb879201 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 17 00:48:31 2013 +0200 s3:rpcclient: make use of rpccli_netlogon_password_logon
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ab9164 s3:rpc_client: send a dcerpc_sec_verification_trailer if needed via f0532fe s3:rpc_client: fill alloc_hint with the remaining data not the total data. via c0dc2fb dcerpc.idl: add dcerpc_sec_verification_trailer via 66c3942 dcerpc.idl: add documentation references via b62308e librpc/ndr: add LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES via 523d616 s3:rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN via 61bdbc2 s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN via f7bf7e70 s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backend via 4d3376e s3:rpc_client: add some const to rpc_api_pipe_req_send() via 946e29d s3:rpc_client: make rpc_api_pipe_req_send/recv static via 5b39a35 s3:rpc_client: talloc_zero pipe_auth_data via 03006d0 auth/gensec: implement GENSEC_FEATURE_SIGN_PKT_HEADER in schannel.c via 616cd00 auth/gensec: move libcli/auth/schannel_sign.c into schannel.c via 54b5b30 s4:gensec_gssapi: make sure gensec_gssapi_[un]seal_packet() rejects header signing via 14f6c41 s4:auth/gensec_gssapi: handle GENSEC_FEATURE_SIGN_PKT_HEADER in have_feature() via 64fc015 auth/ntlmssp: GENSEC_FEATURE_SIGN_PKT_HEADER is always supported via 661fe3c s4:rpc_server: support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN by default via 7db1dc1 s4:librpc: always try to negotiate DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN from e8eb47f docs: Add num-children to smbcontrol manpage http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ab9164c74e0ad57bdde8abb568953026b644e27 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 5 08:12:45 2014 +0100 s3:rpc_client: send a dcerpc_sec_verification_trailer if needed Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104 commit f0532fe0cd69aeb161088ca990d376f119102e61 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 5 07:57:51 2014 +0100 s3:rpc_client: fill alloc_hint with the remaining data not the total data. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit c0dc2fb7e1dadcef35a132040448cb27ff1d5bfa Author: Stefan Metzmacher me...@samba.org Date: Thu Jan 2 11:18:38 2014 +0100 dcerpc.idl: add dcerpc_sec_verification_trailer See [MS-RPCE] 2.2.2.13 Verification Trailer for details. Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 66c39420e29e7c257d9cdc5d04c061472bbefd19 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 3 15:06:23 2014 +0100 dcerpc.idl: add documentation references To [C706 - DCE 1.1: Remote Procedure Call] and [MS-RPCE]. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit b62308ed994e9734dfd934d230531010d9e7cefa Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 3 09:25:23 2014 +0100 librpc/ndr: add LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES This lets ndr_pull_subcontext_end() make sure that all subcontext bytes are consumed otherwise it returns NDR_ERR_UNREAD_BYTES. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 523d616268af5f94e11c863f9acdebabace80608 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 3 22:56:03 2014 +0100 s3:rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN If the backend supports it there's no reason to avoid it. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 61bdbc23cd09a594a63f49ff8626934c85a8e51a Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 3 22:41:33 2014 +0100 s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit f7bf7e705e704d2f1702e42a8e400baff9521066 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 5 08:26:15 2014 +0100 s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backend Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 4d3376e919b5c33f272b3a584d8172729a7468e0 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 5 07:56:20 2014 +0100 s3:rpc_client: add some const to rpc_api_pipe_req_send() Signed-off-by: Stefan
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a7f1f5d Happy New Year 2014! from ac7de80 Compare the correct values http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a7f1f5d6b85fd9a1380098ce0f1956027a2a9ce3 Author: Stefan Metzmacher me...@samba.org Date: Thu Jan 2 14:04:26 2014 +0100 Happy New Year 2014! Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/include/smb.h |2 +- source4/smbd/server.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 9fe0533..aae510d 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -30,7 +30,7 @@ #include libds/common/roles.h /* logged when starting the various Samba daemons */ -#define COPYRIGHT_STARTUP_MESSAGE Copyright Andrew Tridgell and the Samba Team 1992-2013 +#define COPYRIGHT_STARTUP_MESSAGE Copyright Andrew Tridgell and the Samba Team 1992-2014 #define BUFFER_SIZE (128*1024) diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 37aac62..79fe2ee 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -368,7 +368,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ umask(0); DEBUG(0,(%s version %s started.\n, binary_name, SAMBA_VERSION_STRING)); - DEBUGADD(0,(Copyright Andrew Tridgell and the Samba Team 1992-2013\n)); + DEBUGADD(0,(Copyright Andrew Tridgell and the Samba Team 1992-2014\n)); if (sizeof(uint16_t) 2 || sizeof(uint32_t) 4 || sizeof(uint64_t) 8) { DEBUG(0,(ERROR: Samba is not configured correctly for the word size on your machine\n)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e6afeae libcli/auth: try to use the current timestamp creds-sequence via 636daac libcli/auth: remove bogus comment regarding replay attacks via 202bcf9 libcli/auth: set the return_authenticator-timestamp = 0 from 819e1f5 selftest: add rodc and other env tests for wbinfo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e6afeae69537f55ed187b28b60ad29b9e237ec6e Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 17 19:55:12 2013 +0100 libcli/auth: try to use the current timestamp creds-sequence If the last usage of netlogon_creds_client_authenticator() is in the past try to use the current timestamp and increment more than just 2. If we use netlogon_creds_client_authenticator() a lot within a second, we increment keep incrementing by 2. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104 commit 636daac3b7b08ccb8845dab060157918d296ef67 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 17 19:40:15 2013 +0100 libcli/auth: remove bogus comment regarding replay attacks creds-sequence (timestamp) is the value that is used to increment the internal state, it's not a real sequence number. The sequence comes from adding all timestamps of the whole session. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 202bcf9096e53d94b294936d6144ae77f1536b72 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 17 19:35:37 2013 +0100 libcli/auth: set the return_authenticator-timestamp = 0 This is what windows returns, the value is ignored by the client anyway. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: libcli/auth/credentials.c | 26 +++--- 1 files changed, 23 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 1f664d3..f52538a 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -344,7 +344,29 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TA void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds, struct netr_Authenticator *next) { + uint32_t t32n = (uint32_t)time(NULL); + + /* +* we always increment and ignore an overflow here +*/ creds-sequence += 2; + + if (t32n creds-sequence) { + /* +* we may increment more +*/ + creds-sequence = t32n; + } else { + uint32_t d = creds-sequence - t32n; + + if (d = INT32_MAX) { + /* +* got an overflow of time_t vs. uint32_t +*/ + creds-sequence = t32n; + } + } + netlogon_creds_step(creds); next-cred = creds-client; @@ -473,13 +495,11 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState return NT_STATUS_ACCESS_DENIED; } - /* TODO: this may allow the a replay attack on a non-signed - connection. Should we check that this is increasing? */ creds-sequence = received_authenticator-timestamp; netlogon_creds_step(creds); if (netlogon_creds_server_check_internal(creds, received_authenticator-cred)) { return_authenticator-cred = creds-server; - return_authenticator-timestamp = creds-sequence; + return_authenticator-timestamp = 0; return NT_STATUS_OK; } else { ZERO_STRUCTP(return_authenticator); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 819e1f5 selftest: add rodc and other env tests for wbinfo via 48820b9 selftest: add new credential change test via 2fae806 s3:rpcclient: close the connection if setting up the netlogon secure channel fails via 0e46205 selftest: add new rpc client test via ae67201 s3:rpc_server: use make_session_info_guest() directly from ec790f8 libgpo: remove unused process_group_policy2 callback from CSE module API. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 819e1f561df5074ae21db77c6558b34f4b0e1351 Author: Garming Sam garm...@catalyst.net.nz Date: Mon Dec 23 17:12:39 2013 +1300 selftest: add rodc and other env tests for wbinfo Pair-programmed-with: Andrew Bartlett abart...@samba.org Signed-off-by: Garming Sam garm...@catalyst.net.nz Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Dec 23 17:17:39 CET 2013 on sn-devel-104 commit 48820b95285f7dffd827143ba56f432f3e283a6f Author: Garming Sam garm...@catalyst.net.nz Date: Mon Dec 2 13:20:39 2013 +1300 selftest: add new credential change test Signed-off-by: Garming Sam garm...@catalyst.net.nz Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 2fae806550f3355298541a344b217bf810bf92e4 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 29 08:45:38 2013 +0100 s3:rpcclient: close the connection if setting up the netlogon secure channel fails This is based on a patch from Garming Sam garm...@catalyst.net.nz. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 0e46205ff83d137ca486868e4376b258b6dfa1a2 Author: Garming Sam garm...@catalyst.net.nz Date: Fri Nov 29 16:51:08 2013 +1300 selftest: add new rpc client test Pair-programmed-with: Andrew Bartlett abart...@samba.org Signed-off-by: Garming Sam garm...@catalyst.net.nz Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ae6720117ae5fb3c922486ce46e2b0d51e020301 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 29 09:46:01 2013 +0100 s3:rpc_server: use make_session_info_guest() directly This removes the useless static auth_anonymous_session_info() wrapper. auth_anonymous_session_info() is also a public function in source4. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source3/rpc_server/rpc_server.c | 22 +- source3/rpcclient/rpcclient.c |5 source3/script/tests/test_net_cred_change.sh| 16 + source3/script/tests/test_rpcclient_samlogon.sh | 27 +++ source3/selftest/tests.py |5 source4/selftest/tests.py |4 +- 6 files changed, 61 insertions(+), 18 deletions(-) create mode 100755 source3/script/tests/test_net_cred_change.sh create mode 100755 source3/script/tests/test_rpcclient_samlogon.sh Changeset truncated at 500 lines: diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index d10d3ac..58c16c0 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -37,19 +37,6 @@ #define SERVER_TCP_LOW_PORT 1024 #define SERVER_TCP_HIGH_PORT 1300 -static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info) -{ - NTSTATUS status; - - status = make_session_info_guest(mem_ctx, session_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return NT_STATUS_OK; -} - /* Creates a pipes_struct and initializes it with the information * sent from the client */ int make_server_pipes_struct(TALLOC_CTX *mem_ctx, @@ -1068,11 +1055,14 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, } if (ncacn_conn-session_info == NULL) { - status = auth_anonymous_session_info(ncacn_conn, -ncacn_conn-session_info); + /* +* TODO: use auth_anonymous_session_info() here? +*/ + status = make_session_info_guest(ncacn_conn, +ncacn_conn-session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(2, (Failed to create - auth_anonymous_session_info - %s\n
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f3556bd tdb: Avoid reallocs for lockrecs via 2a77e61 smbd: Early exit via 5baa740 smbd: Implement and use full_path_tos via 7a06b16 smbd: Avoid pointless strcsequal calls via 706c4de dbwrap: No lock_order check if not required via 95bfc15 dbwrap_cache: Check negative first via a31d08f dbwrap_cache: Fix dbwrap_cache_validate via 7ae77a5 smbd: Simplify get_share_mode_lock a bit via fd94f82 dbwrap: Avoid a stackframe in fetch_locked_internal via 70dfb51 iconv: Use a static buffer in iconf not to spoil the talloc_pool via a9753c1 smbd: Fix a false DEBUG fn name via 92f9aac torture3: Do not depend on epoll from eaf807c secacl: Slightly simplify make_sec_acl http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f3556bd03bf9dfa16fb00d85da1a2c065cb0e522 Author: Volker Lendecke v...@samba.org Date: Mon Dec 9 09:56:33 2013 + tdb: Avoid reallocs for lockrecs In normal operations we have at most 3 entries in this array. Don't bother with shrinking. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Dec 14 13:19:47 CET 2013 on sn-devel-104 commit 2a77e613cb0ca6402b5401ef9bde7a06a07ba91c Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 10:31:22 2013 + smbd: Early exit Yes, this also showed up in profiles Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5baa7402ba8eebd9b2ddc6b259ae9bb2852b4bb1 Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 14:34:05 2013 + smbd: Implement and use full_path_tos Yes, this looks like a hack, but talloc_asprintf does show up high in profiles called from these routines Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 7a06b1661c1423780f05bc35ea435003712ca4b5 Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 12:10:37 2013 + smbd: Avoid pointless strcsequal calls Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 706c4deca142ce1363da54ab4806337726e6a50c Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 11:57:42 2013 + dbwrap: No lock_order check if not required Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 95bfc1568648d03d5f03ab3f720a961dbc4d6cd5 Author: Volker Lendecke v...@samba.org Date: Sat Dec 7 12:58:43 2013 + dbwrap_cache: Check negative first dbwrap_cache is right now used for notify most, and we hope to have very few notifies around. So negative hits will be more likely than positive Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a31d08feeb65bd3b4ff175c8096fb23f8d496789 Author: Volker Lendecke v...@samba.org Date: Sat Dec 7 12:58:07 2013 + dbwrap_cache: Fix dbwrap_cache_validate Classic brown paper bag bug :-( Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 7ae77a5d265e5ac4d1006528a178c1d777599f39 Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 07:40:03 2013 + smbd: Simplify get_share_mode_lock a bit This does two things: It gets rid of a talloc_stackframe in a hot code path and to me it makes the code easier to understand. It makes the talloc hierarchy more obvious to follow. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit fd94f8248198dc943f8b3107b944e971b5e742ce Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 11:38:12 2013 + dbwrap: Avoid a stackframe in fetch_locked_internal This shows in profiles. We call this so often that this is a pretty hot code path. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 70dfb51430bc3b6e436fb5c5452d7ef8612ca02f Author: Volker Lendecke v...@samba.org Date: Fri Dec 6 10:31:07 2013 + iconv: Use a static buffer in iconf not to spoil the talloc_pool This is a buffer that is strictly used like a stack variable. This patch makes it one and while there it fixes an error path memleak. In the pull_failed case we did not talloc_free(cvtbuf). With talloc_tos(), this does not really matter, but for code without this it does. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a9753c180fbd06764987367fe3115159cdef4330 Author: Volker Lendecke v...@samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 646d8c2 s3/rpc_server: don't unmarshall PDUs twice from 27baff0 shadow_copy2: add a comment explaining why we don't talloc_zero_array(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 646d8c26f82ce3a70b189f618979f63448658c4c Author: David Disseldorp dd...@samba.org Date: Tue Dec 10 13:59:06 2013 +0100 s3/rpc_server: don't unmarshall PDUs twice DCE/RPC PDUs are currently unmarshalled firstly by the generic librpc dcerpc_read_ncacn_packet_[send/recv] functions, and subsequently a second time by the source3 rpc_server, which ignores the unmarshalled packet and re-parses the receive buffer. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Dec 11 22:24:31 CET 2013 on sn-devel-104 --- Summary of changes: source3/rpc_server/rpc_server.c | 59 +++ source3/rpc_server/rpc_server.h |2 +- source3/rpc_server/srv_pipe.c | 52 +- source3/rpc_server/srv_pipe_hnd.c | 366 - source3/rpc_server/srv_pipe_hnd.h |2 - 5 files changed, 28 insertions(+), 453 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index f283559..d10d3ac 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -432,9 +432,6 @@ void named_pipe_packet_process(struct tevent_req *subreq) DATA_BLOB recv_buffer = data_blob_null; struct ncacn_packet *pkt; NTSTATUS status; - ssize_t data_left; - ssize_t data_used; - char *data; uint32_t to_send; size_t i; bool ok; @@ -445,23 +442,20 @@ void named_pipe_packet_process(struct tevent_req *subreq) goto fail; } - data_left = recv_buffer.length; - data = (char *)recv_buffer.data; - - while (data_left) { - - data_used = process_incoming_data(npc-p, data, data_left); - if (data_used 0) { - DEBUG(3, (Failed to process dceprc request!\n)); - status = NT_STATUS_UNEXPECTED_IO_ERROR; - goto fail; - } - - data_left -= data_used; - data += data_used; + /* dcerpc_read_ncacn_packet_recv() returns a full PDU */ + npc-p-in_data.pdu_needed_len = 0; + npc-p-in_data.pdu = recv_buffer; + if (dcerpc_get_endian_flag(recv_buffer) DCERPC_DREP_LE) { + npc-p-endian = RPC_LITTLE_ENDIAN; + } else { + npc-p-endian = RPC_BIG_ENDIAN; } + DEBUG(10, (PDU is in %s Endian format!\n, + npc-p-endian ? Big : Little)); + process_complete_pdu(npc-p, pkt); - /* Do not leak this buffer, npc is a long lived context */ + /* reset pipe state and free PDU */ + npc-p-in_data.pdu.length = 0; talloc_free(recv_buffer.data); talloc_free(pkt); @@ -1134,10 +1128,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq) struct _output_data *out = ncacn_conn-p-out_data; DATA_BLOB recv_buffer = data_blob_null; struct ncacn_packet *pkt; - ssize_t data_left; - ssize_t data_used; uint32_t to_send; - char *data; NTSTATUS status; bool ok; @@ -1153,22 +1144,20 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq) goto fail; } - data_left = recv_buffer.length; - data = (char *) recv_buffer.data; - - while (data_left) { - data_used = process_incoming_data(ncacn_conn-p, data, data_left); - if (data_used 0) { - DEBUG(3, (Failed to process dcerpc request!\n)); - status = NT_STATUS_UNEXPECTED_IO_ERROR; - goto fail; - } - - data_left -= data_used; - data += data_used; + /* dcerpc_read_ncacn_packet_recv() returns a full PDU */ + ncacn_conn-p-in_data.pdu_needed_len = 0; + ncacn_conn-p-in_data.pdu = recv_buffer; + if (dcerpc_get_endian_flag(recv_buffer) DCERPC_DREP_LE) { + ncacn_conn-p-endian = RPC_LITTLE_ENDIAN; + } else { + ncacn_conn-p-endian = RPC_BIG_ENDIAN; } + DEBUG(10, (PDU is in %s Endian format!\n, + ncacn_conn-p-endian ? Big : Little)); + process_complete_pdu(ncacn_conn-p, pkt); - /* Do not leak this buffer */ + /* reset pipe state and free PDU */ + ncacn_conn-p-in_data.pdu.length = 0; talloc_free(recv_buffer.data); talloc_free
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e26736d tevent: version 0.9.20 via 4b330ba tevent: give the user the chance to ask for TEVENT_NUM_SIGNALS and TEVENT_SA_INFO_QUEUE_COUNT via cbb93f5 tevent: change TEVENT_SA_INFO_QUEUE_COUNT from 64 to 256 via 36345d4 tevent: tevent_epoll_set_panic_fallback() can be a void function via 4cc02d7 tevent: make use of talloc_get_type_abort() in tevent_epoll.c via 7bf5e6b tevent: make use of talloc_get_type_abort() in tevent_signal.c via fbdaf74 tevent: make use of talloc_get_type_abort() in tevent_select.c via 99910b6 tevent: make use of talloc_get_type_abort() in tevent_req.c via 982bf3c tevent: make use of talloc_get_type_abort() in tevent_queue.c via fb06f0e tevent: use talloc_get_type_abort() in the documentation examples via 8e44c2f tevent: add tevent_queue_wait_send/recv() via 7a97d4c tevent: tevent_req_create() already uses ZERO_STRUCT(req) via 39888fd tevent: let tevent_req_received() clear the private_cancel function via 577afba tevent: cancel the timeout timer when the request is finished from 646d8c2 s3/rpc_server: don't unmarshall PDUs twice http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e26736dcc25a204bf21a367462d0c10060bee1ad Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 27 04:06:00 2013 +0200 tevent: version 0.9.20 This adds the following new features: - tevent_queue_wait_send/recv() - tevent_num_signals() - tevent_sa_info_queue_count() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Dec 12 00:39:35 CET 2013 on sn-devel-104 commit 4b330ba0a83e17205c851e83097ec8c1dab02a5c Author: Stefan Metzmacher me...@samba.org Date: Mon Dec 9 10:32:00 2013 +0100 tevent: give the user the chance to ask for TEVENT_NUM_SIGNALS and TEVENT_SA_INFO_QUEUE_COUNT This way the caller can change use the supported limits without using hardcoded values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10214 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit cbb93f5442776fbe9810d242f7fe6759adfe3194 Author: Stefan Metzmacher me...@samba.org Date: Mon Dec 9 10:29:45 2013 +0100 tevent: change TEVENT_SA_INFO_QUEUE_COUNT from 64 to 256 There are some existing callers which assume the old SA_INFO_QUEUE_COUNT 100 value. 256 should give room for the future. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10214 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 36345d44c8f5ac614f40a9b5bd4b421ffa6cd49a Author: Stefan Metzmacher me...@samba.org Date: Wed Dec 11 18:58:41 2013 +0100 tevent: tevent_epoll_set_panic_fallback() can be a void function There's no case where this could return an error. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 4cc02d7c84e6c6a07ecde02fc6792ed041bdbe3a Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:47:27 2013 +0100 tevent: make use of talloc_get_type_abort() in tevent_epoll.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 7bf5e6b181cc4ea23103ac3fc4f183ba183476b6 Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:47:27 2013 +0100 tevent: make use of talloc_get_type_abort() in tevent_signal.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit fbdaf7481b81f021a560e366276c79be6680bce6 Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:47:27 2013 +0100 tevent: make use of talloc_get_type_abort() in tevent_select.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 99910b67d267732ac088d9b2b96cd08d367f2cec Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:47:27 2013 +0100 tevent: make use of talloc_get_type_abort() in tevent_req.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 982bf3c082893bbf59a76ed0e7f670d8932102b1 Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:47:27 2013 +0100 tevent: make use of talloc_get_type_abort() in tevent_queue.c Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit fb06f0e3d38a0cd2d6a55e93c993763adb7cf278 Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 5 08:46:47 2013 +0100 tevent: use talloc_get_type_abort() in the documentation examples
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dc0415 smbd: Remove a set but unused variable from ebc1579 torture3: Reproducer for bug 10284 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dc0415f91073b81dc8764dd22e142929b5a38ef Author: Volker Lendecke v...@samba.org Date: Wed Nov 27 09:13:52 2013 + smbd: Remove a set but unused variable This is should have been in a793ac0 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Nov 27 13:30:48 CET 2013 on sn-devel-104 --- Summary of changes: source3/smbd/reply.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 87bda99..ce1a127 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1885,7 +1885,6 @@ void reply_open(struct smb_request *req) uint32 create_options = 0; uint32_t private_flags = 0; NTSTATUS status; - bool ask_sharemode = lp_parm_bool(SNUM(conn), smbd, search ask sharemode, true); TALLOC_CTX *ctx = talloc_tos(); START_PROFILE(SMBopen); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3cc0651 s3:smb2_server: avoid calling set_current_user_info() for each request via 36efaac s3:smb2_server: generate a header blob for the sendfile path via 9d33a3f s3:smb2_server: allocate smbd_smb2_request on talloc_tos() via acfd4b0 s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue() via 4244a26 s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly via 9393e28 s3:smb2_server: fix drain_socket error handling via 22ee3b4 smbd: Fix a typo from 0dc0415 smbd: Remove a set but unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3cc0651d9feda00b6a04f84b76744b2acc3a0446 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 19 05:21:05 2013 +0100 s3:smb2_server: avoid calling set_current_user_info() for each request Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Nov 27 16:31:44 CET 2013 on sn-devel-104 commit 36efaac2597d2d36826c02f23be15e7323b09784 Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 14 14:18:26 2013 +0200 s3:smb2_server: generate a header blob for the sendfile path We need to pass the NBT header, SMB2 header and SMB2 Read header as header blob to SMB_VFS_SENDFILE(). This allows the usage of MSG_SEND or other tricks to avoid multiple TCP packets on the wire. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 9d33a3f3e814e2924a423496ccc133c6c73fcd12 Author: Stefan Metzmacher me...@samba.org Date: Wed Oct 16 09:15:12 2013 +0200 s3:smb2_server: allocate smbd_smb2_request on talloc_tos() This matches the behavior for smb1 requests and avoids an additional malloc() per request. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit acfd4b068a5b99ac1d3fe716afff34cb7d2a0147 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 12 02:40:12 2013 +0200 s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue() If the request is already done we can avoid one iteration of tevent_loop_once(), which means we avoids one talloc_stackframe_pool/talloc_free pair. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 4244a2686cddcdc754c284df884ae497afa4053a Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 14 10:33:57 2013 +0200 s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly Going via tevent_req_create/talloc_free at multiple layer costs too much cpu cycles per request. I tested downloading a 16GB (sparse) file with smbclient -b1 -mNT1, and -mSMB2_02. Using smb2 max read = 64512, which means smb1 and smb2 will use the same read size. I build with -O3 -g and compared the results with valgrind --tool=callgrind. With -mNT1 the server uses about 2.000.000.000 cpu cycles. This patch reduces the userspace cpu cycles for -mSMB2_02 from about ~ 8.000.000.000 down to ~ 4.000.000.000. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 9393e28df59954414313bfae70ffb796d3e332fe Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 14 16:42:55 2013 +0200 s3:smb2_server: fix drain_socket error handling smbd_smb2_request_error_ex() should return NTSTATUS and the caller will terminate the connection. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 22ee3b472da68e3f1d202ace44e2adaca51211c0 Author: Volker Lendecke v...@samba.org Date: Wed Nov 27 10:08:20 2013 + smbd: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/smbd/globals.h | 31 ++- source3/smbd/notify_internal.c |2 +- source3/smbd/process.c |5 +- source3/smbd/smb2_read.c | 10 +- source3/smbd/smb2_server.c | 886 5 files changed, 479 insertions(+), 455 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 6beee59..94111b6 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -367,6 +367,7 @@ struct smbXsrv_connection { * this session_table is used for SMB1 and SMB2, */ struct smbXsrv_session_table *session_table; + uint64_t
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7e01e4b script: prepare librelease.sh for ntdb releases from c0d897e Release ntdb 1.0. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7e01e4bc64a80ee43f1fe845e0e2eed523f235fa Author: Stefan Metzmacher me...@samba.org Date: Sun Nov 17 10:47:47 2013 +0100 script: prepare librelease.sh for ntdb releases Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Nov 17 12:50:13 CET 2013 on sn-devel-104 --- Summary of changes: script/librelease.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/script/librelease.sh b/script/librelease.sh index 5119ca4..7584e48 100755 --- a/script/librelease.sh +++ b/script/librelease.sh @@ -80,7 +80,7 @@ release_lib() { for lib in $*; do case $lib in - talloc | tdb | tevent | ldb) + talloc | tdb | ntdb | tevent | ldb) [ -z $GPG_USER ] { GPG_USER='Samba Library Distribution Key samba-b...@samba.org' } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8dc931b librpc-idl: change the drsuapi_DsBindInfoCtr so that it match what is on the wire both in NDR32 and NDR64. from 5990de5 s3-rpc_client: Make data pointer const in trans_send(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8dc931bafca00c1c61a4366ffb6cfa72a98bb412 Author: Matthieu Patou m...@matws.net Date: Sun Oct 20 13:37:17 2013 -0700 librpc-idl: change the drsuapi_DsBindInfoCtr so that it match what is on the wire both in NDR32 and NDR64. Previous implementation had a problem with NDR64 with uint32 and uint3264 being in the wrong order Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104 --- Summary of changes: librpc/idl/drsuapi.idl | 57 ++--- librpc/ndr/ndr_drsuapi.c | 156 ++ 2 files changed, 204 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl index 7e3d343..f1c6cd6 100644 --- a/librpc/idl/drsuapi.idl +++ b/librpc/idl/drsuapi.idl @@ -115,14 +115,14 @@ interface drsuapi } drsuapi_SupportedExtensionsExt; /* this is used by w2k */ - typedef struct { + typedef [public] struct { drsuapi_SupportedExtensions supported_extensions; GUID site_guid; uint32 pid; } drsuapi_DsBindInfo24; /* this is used by w2k3 */ - typedef struct { + typedef [public] struct { drsuapi_SupportedExtensions supported_extensions; GUID site_guid; uint32 pid; @@ -130,7 +130,7 @@ interface drsuapi } drsuapi_DsBindInfo28; /* this is used by w2k8 */ - typedef struct { + typedef [public] struct { drsuapi_SupportedExtensions supported_extensions; GUID site_guid; uint32 pid; @@ -139,15 +139,21 @@ interface drsuapi GUID config_dn_guid; } drsuapi_DsBindInfo48; - typedef struct { + typedef [public] struct { [flag(NDR_REMAINING)] DATA_BLOB info; } drsuapi_DsBindInfoFallBack; - typedef [nodiscriminant] union { - [case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24; - [case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28; - [case(48)][subcontext(4)] drsuapi_DsBindInfo48 info48; - [default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack; + typedef [nopull, nopush, noprint] [nodiscriminant] union { + [case(24)][subcontext(0), subcontext_size(24)] drsuapi_DsBindInfo24 info24; + [case(28)][subcontext(0), subcontext_size(28)] drsuapi_DsBindInfo28 info28; + [case(48)][subcontext(0), subcontext_size(48)] drsuapi_DsBindInfo48 info48; + /* +* The size for the defaut case is a bit arbitrary it in fact the value +* of the switch but we can't reference it. +* As we hand(un-)marshall this structure it has 0 impact and makes +* pidl happy for wireshark too +*/ + [default][subcontext(0), subcontext_size(48)] drsuapi_DsBindInfoFallBack Fallback; } drsuapi_DsBindInfo; /* the drsuapi_DsBindInfoCtr was this before @@ -160,11 +166,44 @@ interface drsuapi * so we're doing it here */ + /* +* MS-DRSR.pdf gives the following definition + typedef struct { + [range(1,1)] DWORD cb; + [size_is(cb)] BYTE rgb[]; + } DRS_EXTENSIONS; + + But we use a subcontext which has a slighly different signification on how + data are laid out. + With the MS-DRSR definition we will have + size_is_cb cv rgb_array + with size_is_cb being a uint3264 and cv being a uint32 + + We used to have typedef struct { [range(1,1)] uint32 length; [switch_is(length)] drsuapi_DsBindInfo info; } drsuapi_DsBindInfoCtr; + typedef [nodiscriminant] union { + [case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24; + [case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28; + [case(48)][subcontext(4)] drsuapi_DsBindInfo48 info48; + [default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack; + } drsuapi_DsBindInfo; + + With this definition data is laid out this way: + length subcontext_size drsuapi_DsBindInfoxx + with length being a uint32
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5990de5 s3-rpc_client: Make data pointer const in trans_send(). via cd8f811 s3-rpc_server: Remove obsolete make_internal_rpc_pipe(). via f69a490 s3-rpc_server: Remove obsolete FAKE_FILE_TYPE_NAMED_PIPE handling. via b8e0732 s3-rpc_server: Use make_internal_rpc_pipe_socketpair(). via 4498d07 s3-rpc_server: Pass the server event context to np_open(). via 7daa4b9 s3-rpc_server: Add make_internal_rpc_pipe_socketpair(). via 327b0dd s3-smbd: Do not declare change_to_root_user() twice. via 13d840a s3-smbd_shim: Add become_authenticated_pipe_user(). via 9e723f9 s3-rpc_server: Add named_pipe_client_init() function. via 921ef8f s3-rpc_server: Make named_pipe_packet_process a shared functiion. via 1c069b1 s3-rpc_server: Make make_server_pipes_struct a shared function. via 0152406 s3-waf: Create a target for RPC_SOCK_HELPER. via 710ddf8 s3-waf: Seperate rpc_server and rpc_service. via df4c2df s3-waf: Reorder rpc_server wscript_build file. via 0733836 s3-rpc_server: Use new rpc named pipe functions. via 1e66a8e s3-rpc_server: Add make_internal_rpc_pipe(). via 155a794 s3-rpc_server: Add make_external_rpc_pipe() function. via b86b4d0 s3-rpc_server: Add npa_state_init() function. via eec05fb libcli: Add tstream_npa_socketpair() function. from 30e5a5c rpc_server: Fix a memleak on error exit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5990de5d89f900b9f754357e9ca7afbc142e0e00 Author: Andreas Schneider a...@samba.org Date: Thu Oct 24 11:49:53 2013 +0200 s3-rpc_client: Make data pointer const in trans_send(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Oct 30 01:32:08 CET 2013 on sn-devel-104 commit cd8f811247038c057653995f06aacd8b6cebc0a4 Author: Andreas Schneider a...@samba.org Date: Thu Oct 24 10:32:17 2013 +0200 s3-rpc_server: Remove obsolete make_internal_rpc_pipe(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f69a490a87e31880fd033292d9c2f74f7de39d88 Author: Andreas Schneider a...@samba.org Date: Wed Oct 23 17:16:10 2013 +0200 s3-rpc_server: Remove obsolete FAKE_FILE_TYPE_NAMED_PIPE handling. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit b8e07323c985c4b797c2d31bf91af3f9a9471052 Author: Andreas Schneider a...@samba.org Date: Wed Oct 23 17:04:12 2013 +0200 s3-rpc_server: Use make_internal_rpc_pipe_socketpair(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 4498d07e7355a0ec8b96f7f9138d8321b15bef55 Author: Andreas Schneider a...@samba.org Date: Wed Oct 23 17:03:37 2013 +0200 s3-rpc_server: Pass the server event context to np_open(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 7daa4b94fa6299d6e1788c93ed8ff0b4c4023b40 Author: Andreas Schneider a...@samba.org Date: Wed Sep 25 11:35:41 2013 +0200 s3-rpc_server: Add make_internal_rpc_pipe_socketpair(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 327b0ddcd9ea7db373a92e47db7e796da3186b05 Author: Andreas Schneider a...@samba.org Date: Wed Oct 23 11:07:38 2013 +0200 s3-smbd: Do not declare change_to_root_user() twice. This is already in include/proto.h for smbd_shim. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 13d840ad2ff0db7320e0cbef86cd47872493292c Author: Andreas Schneider a...@samba.org Date: Wed Oct 23 11:02:39 2013 +0200 s3-smbd_shim: Add become_authenticated_pipe_user(). Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 9e723f9d69bbbaefd9e15399654668693854628b Author: Andreas Schneider a...@samba.org Date: Wed Sep 25 11:34:56 2013 +0200 s3-rpc_server: Add named_pipe_client_init() function. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 921ef8f9eb718be7343b5d27b2f6b8341eeca162 Author: Andreas Schneider a...@samba.org Date: Wed Sep 25 10:25:39 2013 +0200 s3-rpc_server: Make named_pipe_packet_process a shared functiion. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1c069b17775ea041051104ae80d4986631634b54 Author: Andreas Schneider a...@samba.org Date: Wed Sep 25 16:33:00 2013 +0200 s3-rpc_server: Make
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cdd232c torture: Extend the raw.oplock.level_ii_1 test via 76e7d8f smbd: Remove MSG_SMB_ASYNC_LEVEL2_BREAK via d9a1d54 smbd: Use MSG_SMB_BREAK_REQUEST for async l2 breaks via 6c3b41c smbd: Fix breaking level2 on OVERWRITE create_disposition via 64e7340 torture: Add a test showing we have to break L2 at open time via 20669d4 smbd: Fix raw.batch.exclusive[59] via ccc808e smbd: Remove unused mid from delay_for_oplock via 4c8bdf7 smbd: Don't send op_mid in a BREAK message via de95b9d smbd: Simplify send_break_message via cb27921 smbd: Remove unused oplock_request arg from send_break_message via 9d3e3a7 torture: Add oplock break to l2/none tests via 96faaf6 torture: Check break level in raw.oplock.exclusive5 via 9890a6a smbd: validate oplock types even for internal and stat opens via 7b51e9f torture: Add reproducer for bug 10216 via f892bdb smbd: Fix bug 10216 from 4e06c61 ldb: Fix CID 240798 Uninitialized pointer read http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cdd232cc06a5652ad9f6800d5baf017632099cd8 Author: Volker Lendecke v...@samba.org Date: Wed Oct 16 21:34:15 2013 +0200 torture: Extend the raw.oplock.level_ii_1 test smbd broke to none twice. Make sure this won't happen again :-) This used to happen before the MSG_SMB_BREAK_RESPONSE merge. In process_oplock_break_message we did not call remove_oplock, which would have prevented this. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Oct 23 14:06:13 CEST 2013 on sn-devel-104 commit 76e7d8f97fd14f3ef796eb49f441e6eb56e9a238 Author: Volker Lendecke v...@samba.org Date: Tue Oct 22 11:37:45 2013 + smbd: Remove MSG_SMB_ASYNC_LEVEL2_BREAK Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d9a1d54b7916462da5ee7b1ec8208f629d12f2df Author: Volker Lendecke v...@samba.org Date: Tue Oct 22 11:33:42 2013 + smbd: Use MSG_SMB_BREAK_REQUEST for async l2 breaks Now that we transmit the level we want to break to via the msg.op_type we can unify MSG_SMB_BREAK_REQUEST and MSG_SMB_ASYNC_LEVEL2_BREAK and thus simplify the code a bit. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6c3b41cfc24fca4a1786604102d1163d2fc0a20c Author: Volker Lendecke v...@samba.org Date: Wed Oct 16 21:21:56 2013 +0200 smbd: Fix breaking level2 on OVERWRITE create_disposition This is shown by the new raw.oplock.level_ii_1 test Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 64e734019f5d0691017a592e78e6cac793875e4a Author: Volker Lendecke v...@samba.org Date: Tue Oct 15 15:22:06 2013 + torture: Add a test showing we have to break L2 at open time Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 20669d4a75386eef4fdcea07fb99812c4e09de13 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 16:15:31 2013 -0700 smbd: Fix raw.batch.exclusive[59] The level we have to break to depend on the breakers create_disposition: If we overwrite, we have to break to none. This patch overloads the op_type field in the break message we send across to the smbd holding the oplock with the oplock level we want to break to. Because it depends on the create_disposition in the breaking open, only the breaker can make that decision. We might want to use a different mechanism for this in the future, but for now using the op_type field seems acceptable to me. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ccc808e0d72be5933ae2449ee8ee56262e631b72 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 15:49:54 2013 -0700 smbd: Remove unused mid from delay_for_oplock Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 4c8bdf7878e7b1b85be356680c5c9a12be6d7244 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 15:48:42 2013 -0700 smbd: Don't send op_mid in a BREAK message The callee doesn't use this anyway Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit de95b9d11d7044a0d592f75f24ad0e67e595e97c Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 15:35:05 2013 -0700 smbd: Simplify send_break_message We don't need an fsp here Signed-off-by: Volker Lendecke v...@samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd0e4c4 smbd: Remove unused create_options from open_mode_check via 4c82e83 smbd: Remove name_hash param from open_mode_check from 26b1103 s3/time_audit: Add offline and durable functions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd0e4c47e5004aaceb5ad64115cfe039edb3fe8b Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 14:42:59 2013 -0700 smbd: Remove unused create_options from open_mode_check Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 14:35:26 CEST 2013 on sn-devel-104 commit 4c82e8358ad8eaac008929aed4fc2a607afeca78 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 14:35:15 2013 -0700 smbd: Remove name_hash param from open_mode_check This came from delete_on_close handling which was factored out. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/smbd/open.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 6255180..f6df035 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1121,10 +1121,8 @@ static bool has_delete_on_close(struct share_mode_lock *lck, static NTSTATUS open_mode_check(connection_struct *conn, struct share_mode_lock *lck, - uint32_t name_hash, uint32 access_mask, uint32 share_access, - uint32 create_options, bool *file_existed) { int i; @@ -2435,9 +2433,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, return NT_STATUS_SHARING_VIOLATION; } - status = open_mode_check(conn, lck, fsp-name_hash, + status = open_mode_check(conn, lck, access_mask, share_access, -create_options, file_existed); +file_existed); if (NT_STATUS_IS_OK(status)) { /* We might be going to allow this open. Check oplock @@ -3173,9 +3171,9 @@ static NTSTATUS open_directory(connection_struct *conn, return NT_STATUS_DELETE_PENDING; } - status = open_mode_check(conn, lck, fsp-name_hash, + status = open_mode_check(conn, lck, access_mask, share_access, -create_options, dir_existed); +dir_existed); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 064433f libcli4: Remove an unused variable from dd0e4c4 smbd: Remove unused create_options from open_mode_check http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 064433f265d2215389f2a377b6e8243318669b65 Author: Volker Lendecke v...@samba.org Date: Sun Oct 13 12:20:29 2013 +0200 libcli4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104 --- Summary of changes: source4/libcli/smb2/transport.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index b4a6c94..9b0c146 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -48,7 +48,6 @@ struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock, struct smbcli_options *options) { struct smb2_transport *transport; - uint32_t smb2_capabilities = 0; transport = talloc_zero(parent_ctx, struct smb2_transport); if (!transport) return NULL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via af3138e samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only via d5077ba join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$ via 5a9265d join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate via ca7c3fb join.py: Use ctx.forestdns_zone variable via a8c6dd5 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call via 48b979c provision: Remove --username and --password options from samba-tool domain provision from a2d45cf provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit af3138e9b6813ef88698c3e6eeb280c6e988c4cc Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 11:54:23 2013 +1200 samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104 commit d5077baee26c593eb55cedf90ae440f50aa32e14 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 25 17:09:30 2013 -0700 join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$ The treeConnectX of the GUID name fails against Windows 2003. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5a9265de88bd5a1e9582ce57b5c5076826e01a85 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:47:29 2013 +1300 join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ca7c3fb279ba8367e00053fe344a72af063bdbcd Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:37:41 2013 +1300 join.py: Use ctx.forestdns_zone variable Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a8c6dd54381412201051fdc78f13e60ec9c47de6 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:36:53 2013 +1300 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 48b979c4fec39c8d3b9684b4a759715c0f93e9cc Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 26 10:19:18 2013 -0700 provision: Remove --username and --password options from samba-tool domain provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: python/samba/join.py | 25 +++--- python/samba/netcmd/domain.py | 18 ++--- python/samba/provision/__init__.py| 26 +++--- python/samba/provision/backend.py | 52 +++- python/samba/provision/common.py |5 + python/samba/provision/sambadns.py| 90 + python/samba/upgrade.py |5 +- python/samba/upgradehelpers.py|7 +- source4/scripting/bin/samba_upgradedns|5 +- source4/scripting/bin/samba_upgradeprovision |2 +- source4/setup/provision_dnszones_add.ldif | 51 ++-- source4/setup/provision_dnszones_modify.ldif | 31 ++- source4/setup/provision_dnszones_partitions.ldif |9 +-- source4/setup/tests/blackbox_provision-backend.sh |2 +- 14 files changed, 135 insertions(+), 193 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/join.py b/python/samba/join.py index 2379d5f..9cac8f5 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -24,6 +24,7 @@ from samba import gensec, Ldb, drs_utils import ldb, samba, sys, uuid from samba.ndr import ndr_pack from samba.dcerpc import
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a2d45cf provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN via a90067e provision: Fix comment to refer to correct file (krb5.conf) via 6da2dcd dsdb: Provide a clearer error when we fail to store the sequence number in metadata.tdb via d2ff474 ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags via da7ef12 dsdb/tests/ldap: fix test_distinguished_name against w2k8r2 via 295b4de s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName' via ca17392 dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2 from b197de7 libndr: Avoid ommitting display of unset bitmap flags. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a2d45cf49e4976d55261d01df955e412ac7fa73f Author: Stefan Metzmacher me...@samba.org Date: Wed Oct 9 09:37:52 2013 +0200 provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104 commit a90067ec8ef56a8edfbede992848f08e70853cb5 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 25 20:28:42 2013 -0700 provision: Fix comment to refer to correct file (krb5.conf) Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6da2dcd17ee46d339d7d80df3dccd456703e7fe2 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 25 17:09:58 2013 -0700 dsdb: Provide a clearer error when we fail to store the sequence number in metadata.tdb Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d2ff474766ebb104309bf1e801c54ce0f8ea0a64 Author: Stefan Metzmacher me...@samba.org Date: Wed Sep 25 01:30:23 2013 +0200 ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags This is what Windows 2008 R2 returns: LDB_MOD_ADD = LDB_ERR_UNWILLING_TO_PERFORM LDB_MOD_REPLACE = LDB_ERR_CONSTRAINT_VIOLATION LDB_MOD_DEL = LDB_ERR_UNWILLING_TO_PERFORM Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit da7ef12b43f355fa6ff92af98645c80c85699d78 Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 23 03:39:58 2013 +0200 dsdb/tests/ldap: fix test_distinguished_name against w2k8r2 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 295b4de7215f3326f9a403973547eb6ed4339f9b Author: Stefan Metzmacher me...@samba.org Date: Wed Sep 25 00:49:19 2013 +0200 s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName' The attribute on the RootDSE object is called 'dnsHostName' instead of 'dNSHostName' (which is used in the schema and on all other directory objects). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ca173923a3937a9ed08f71bfd4ba177a6aeeaeba Author: Stefan Metzmacher me...@samba.org Date: Sun Sep 22 23:40:12 2013 +0200 dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: lib/ldb/modules/rdn_name.c | 10 ++- python/samba/provision/__init__.py |5 +-- python/samba/provision/sambadns.py | 16 ++-- .../dsdb/samdb/ldb_modules/partition_metadata.c| 25 +++ source4/dsdb/samdb/ldb_modules/rootdse.c |2 +- source4/dsdb/tests/python/ldap.py | 16 6 files changed, 48 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/modules/rdn_name.c b/lib/ldb/modules/rdn_name.c index 50b63ae..f44ea71 100644 --- a/lib/ldb/modules/rdn_name.c +++ b/lib/ldb/modules/rdn_name.c @@ -371,6 +371,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; const struct ldb_val *rdn_val_p; + struct ldb_message_element *e = NULL; ldb = ldb_module_get_ctx(module); @@ -389,10 +390,15 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_INVALID_DN_SYNTAX; } - if (ldb_msg_find_element(req-op.mod.message, distinguishedName)) { + e = ldb_msg_find_element
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5241617 pidl-wireshark: fix the trailling white space in the generated headers via cd871a6 pidl-wireshark: fix trailing white space in the HF definition from 0de6282 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 52416175dba7c359f0f324c6f0754c75a4cca18d Author: Matthieu Patou m...@matws.net Date: Tue Oct 8 12:23:21 2013 -0700 pidl-wireshark: fix the trailling white space in the generated headers Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Oct 9 10:31:25 CEST 2013 on sn-devel-104 commit cd871a6b8c82bd2b9d2c1470ea93ba84b7f57885 Author: Matthieu Patou m...@matws.net Date: Tue Oct 8 12:22:18 2013 -0700 pidl-wireshark: fix trailing white space in the HF definition Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: pidl/lib/Parse/Pidl/Wireshark/NDR.pm |6 +++--- pidl/tests/wireshark-ndr.pl |2 +- 2 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm index 1151dc0..91ef118 100644 --- a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm +++ b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm @@ -1021,9 +1021,9 @@ sub Parse($) This filter was automatically generated from $idl_file and $cnf_file. - Pidl is a perl based IDL compiler for DCE/RPC idl files. + Pidl is a perl based IDL compiler for DCE/RPC idl files. It is maintained by the Samba team, not the Wireshark team. - Instructions on how to download and install Pidl can be + Instructions on how to download and install Pidl can be found at http://wiki.wireshark.org/Pidl \$Id\$ @@ -1192,7 +1192,7 @@ sub DumpHfList($) foreach (values %{$self-{conformance}-{header_fields}}) { - $res .= \t{ $_-{INDEX}, + $res .= \t{ $_-{INDEX}, { .make_str($_-{NAME})., .make_str($_-{FILTER})., $_-{FT_TYPE}, $_-{BASE_TYPE}, $_-{VALSSTRING}, $_-{MASK}, .make_str_or_null($_-{BLURB})., HFILL }}, ; } diff --git a/pidl/tests/wireshark-ndr.pl b/pidl/tests/wireshark-ndr.pl index 8c2cd47..49ecc5c 100755 --- a/pidl/tests/wireshark-ndr.pl +++ b/pidl/tests/wireshark-ndr.pl @@ -227,7 +227,7 @@ $x-{conformance} = { }; is($x-DumpHfList(), \tstatic hf_register_info hf[] = { - { hf_bla, + { hf_bla, { \Bla\, \bla.field\, FT_UINT32, BASE_DEC, NULL, 255, \NULL\, HFILL }}, }; ); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f650bb9 smbd: Remove unused brl-key struct element via e9513bc smbd: Convert some dbgtxt to DEBUG via 3a72cdb torture: Remove an unused variable via 960bd9a torture: Continue buffer check after NOT_IMPLEMENTED infolevels via c944d2e libcli: Correct smb2_lease_pull via eb5e817 libcli: Add const to smb2_lease_pull via b40fcf3 torture: Fix a typo via c134a37 smbd: Fix a comment via 41857bd smbd: Fix confusing comments via 4cde5bf smbd: Avoid calling serverid_exists twice from 9110c07 smbd:smb2: clarify and comment code treating dh2c blob check. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f650bb94c8b79bec87c2a1f17b573c27e0ef1b1b Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 09:31:36 2013 + smbd: Remove unused brl-key struct element Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 6 15:49:43 CEST 2013 on sn-devel-104 commit e9513bc6ab2974899a3f6ddc73886e969b142502 Author: Volker Lendecke v...@samba.org Date: Sun Sep 15 19:18:41 2013 -0700 smbd: Convert some dbgtxt to DEBUG Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 3a72cdb33aa34fa1d950b73c6ab6698bdc364bb4 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 21:27:42 2013 -0700 torture: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 960bd9a584a27bde45433be1ca869b2197cf465d Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 21:21:21 2013 -0700 torture: Continue buffer check after NOT_IMPLEMENTED infolevels Patch from the SDC plugfest. Not every implementation supports every infolevel, and we want to be able to test buffersize error behaviour for all supported infolevels Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c944d2ea41456d27e1f327f9e50b70c0bbbde824 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 17:10:50 2013 -0700 libcli: Correct smb2_lease_pull We don't really use leases yet, so so far this went by unnoticed. It's the V2 lease requests that hold the parent lease key, not the V1 ones. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit eb5e817a73ab158c8f106ac6ae0503d70a315d7f Author: Volker Lendecke v...@samba.org Date: Wed Aug 21 10:27:43 2013 + libcli: Add const to smb2_lease_pull Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit b40fcf3f17e4ed9dde31dff73e4669d867753941 Author: Volker Lendecke v...@samba.org Date: Sun Sep 22 17:19:09 2013 -0700 torture: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c134a37df3084d794267730612e38451887a2fc2 Author: Volker Lendecke v...@samba.org Date: Wed Oct 2 15:20:16 2013 + smbd: Fix a comment This has been converted from a timed event to an immediate one in e7dab403c0ca6f6 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 41857bd0f73bf294fa98d6e697ac563297b24310 Author: Volker Lendecke v...@samba.org Date: Tue Sep 3 13:31:27 2013 + smbd: Fix confusing comments The brlock-check is done in grant_fsp_oplock_type Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 4cde5bf1a406e14fcc7a51eba1e337fd1d3c80b3 Author: Volker Lendecke v...@samba.org Date: Sun Sep 22 19:16:56 2013 -0700 smbd: Avoid calling serverid_exists twice Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: libcli/smb/smb2_lease.c| 11 ++- libcli/smb/smb2_lease.h|3 ++- source3/locking/brlock.c |4 +--- source3/locking/locking.c |6 ++ source3/smbd/open.c|3 +-- source3/smbd/oplock.c | 36 ++-- source4/torture/raw/streams.c |2 +- source4/torture/smb2/getinfo.c |4 +++- 8 files changed, 34 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb2_lease.c b/libcli/smb/smb2_lease.c index 10beaca..f97f096 100644 --- a/libcli/smb/smb2_lease.c +++ b/libcli/smb/smb2_lease.c @@ -23,7 +23,8 @@ #include includes.h #include ../libcli/smb/smb_common.h -ssize_t
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c952e11 smbd: Remove byte_range_lock-read_only via 8c435cd smbd: Remove the brl_get_locks wrapper via 440e331 smbd: brl_get_locks_internal is always called r/w now via 5d8f64c smbd: Restructure brl_get_locks_readonly via 2b3c5be smbd: Avoid an if-statement per read/write in the non-clustered case from f650bb9 smbd: Remove unused brl-key struct element http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c952e11859d786418f82204e6cabc6c424e71bb9 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 11:54:37 2013 + smbd: Remove byte_range_lock-read_only With the rewritten brl_get_lock_readonly we only set the destructor for r/w lock records anyway. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 6 22:20:05 CEST 2013 on sn-devel-104 commit 8c435cd588bd15f444eb4d2fcd687eee02204c88 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 11:53:26 2013 + smbd: Remove the brl_get_locks wrapper Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 440e331949fe8da5c09ce9ef6cf79f6e8656abe2 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 11:51:44 2013 + smbd: brl_get_locks_internal is always called r/w now Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5d8f64c47d02c2aa58f3f0c87903bbd41d086aa0 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 11:36:54 2013 + smbd: Restructure brl_get_locks_readonly This is step 1 to get rid of brl_get_locks_internal with its complex readonly business. It also optimizes 2 things: First, it uses dbwrap_parse_record to avoid a talloc and memcpy, and second it uses talloc_pooled_object. And -- hopefully it is easier to understand the caching logic with fsp-brlock_rec and the clustering escape. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 2b3c5bea1c1512bc250481690b2d968491738629 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 10:17:05 2013 + smbd: Avoid an if-statement per read/write in the non-clustered case Without clustering, fsp-brlock_rec will never be set anyway. In the clustering case we can't use the seqnum trick, so this is slow enough that the additional if-statement does not matter in this case anyway. In the non-clustered case it might. Have not measured it, but every little bit helps I guess. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/locking/brlock.c | 168 ++ 1 files changed, 109 insertions(+), 59 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index ee4354c..0d45501 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -47,7 +47,6 @@ struct byte_range_lock { struct files_struct *fsp; unsigned int num_locks; bool modified; - bool read_only; struct lock_struct *lock_data; struct db_record *record; }; @@ -1879,10 +1878,6 @@ int brl_forall(void (*fn)(struct file_id id, struct server_id pid, static void byte_range_lock_flush(struct byte_range_lock *br_lck) { - if (br_lck-read_only) { - SMB_ASSERT(!br_lck-modified); - } - if (!br_lck-modified) { goto done; } @@ -1910,10 +1905,7 @@ static void byte_range_lock_flush(struct byte_range_lock *br_lck) } done: - - br_lck-read_only = true; br_lck-modified = false; - TALLOC_FREE(br_lck-record); } @@ -1929,12 +1921,10 @@ static int byte_range_lock_destructor(struct byte_range_lock *br_lck) TALLOC_FREE(brl) will release the lock in the destructor. / -static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx, - files_struct *fsp, bool read_only) +struct byte_range_lock *brl_get_locks(TALLOC_CTX *mem_ctx, files_struct *fsp) { TDB_DATA key, data; struct byte_range_lock *br_lck = talloc(mem_ctx, struct byte_range_lock); - bool do_read_only = read_only; if (br_lck == NULL) { return NULL; @@ -1947,40 +1937,22 @@ static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx, key.dptr = (uint8 *)fsp-file_id; key.dsize = sizeof(struct file_id
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9110c07 smbd:smb2: clarify and comment code treating dh2c blob check. via dd25679 smbd:smb2: ignore an dhnq blob along with a dhnc in create via ea51681 smbd:smb2_create: fix return code for durable handle create blob combinations via 7b624cf s4:torture:smb2: add durable-v2-open.reopen2c via ba05f70 s4:torture:smb2: add durable-v2-open.reopen2b via 0ecfe17 s4:torture:smb2: add durable-v2-open.create-blob via bd3b922 s4:torture:smb2: extend the durable-open.reopen2 test via 6fc5661 s4:torture:smb2: extend the durable-v2-open.reopen2 test via 1bd2ab4 smbd:smb2: successfully answer a DHnC request when the initial create was DH2Q via 9769f06 smbd:smb2_create: add comment about validity of check reconnect blob being only one via d8cd549 s4:torture:smb2: add a durable-open.reopen-lease-v2 test via 43c4a65 s4:torture:smb2: add durable-v2-open.reopen2-lease-v2 via 5647287 s4:torture:smb2: add smb2_lease_v2_create() wrapper to smb2_lease_v2_create_share() via d4f4d08 s4:torture:smb2: add durable-v2-open.reopen2-lease via 1f14747 s4:torture:smb2: add durable-open.reopen2-lease test via 6c6643c s4:torture:smb2: fix durable-open lease tests to pass against windows. via a31ea15 s4:torture:smb2: add smbcli_options argument to torture_smb2_connection_ext() via 596f802 s4:libcli:smb2: make smbcli_options argument to smb2_connect_(send|ext) const via 5736f13 s4:libcli:smb2: add the smb2_capabilities to the smbcli_options via 4e99a0f s4:libcli:smb2: add the client_guid to the smbcli_options via 39a965a s4:torture:spoolss: use smb2_connect() instead of smb2_connet_ext() via 14e3f4b s4:torture:smb2: fix a comment in the durable-open.lock-oplock test from 8fe1f40 samba_backup: fix bug, add command line parameter, improve error messages http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9110c079f1aa504bc114d8c00a5a48f58dce5459 Author: Michael Adam ob...@samba.org Date: Fri Oct 4 12:39:57 2013 +0200 smbd:smb2: clarify and comment code treating dh2c blob check. This makes the code that checks for extra create blobs in the case of the dh2c blob look very similar to the corresponding (slightly mode complex) code for the dhnc blob. With this preparation it will be easier and more obvious how to add proper treatment of the lease request blobs when leases get implemented. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Oct 5 15:56:11 CEST 2013 on sn-devel-104 commit dd256792568d96c4a8dba5ea28cd3274ed1c040b Author: Michael Adam ob...@samba.org Date: Thu Sep 26 07:48:42 2013 +0200 smbd:smb2: ignore an dhnq blob along with a dhnc in create This is according to MS-SMB2, 3.3.5.9.7 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ea51681cc21f6e84af2f71309875c6692efcbc6e Author: Michael Adam ob...@samba.org Date: Wed Sep 25 20:39:17 2013 +0200 smbd:smb2_create: fix return code for durable handle create blob combinations According to MS-SMB2: 3.3.5.9.7 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context 3.3.5.9.12 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context and verified by test results. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 7b624cf856816851882d00d82658b756c0c29c1e Author: Michael Adam ob...@samba.org Date: Thu Sep 26 07:00:33 2013 +0200 s4:torture:smb2: add durable-v2-open.reopen2c - create durable with v1 request - reconnect with v2 reconnect request == fails Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ba05f705a192a8f20ba1cc488016e58eebce2013 Author: Michael Adam ob...@samba.org Date: Thu Sep 26 06:06:01 2013 +0200 s4:torture:smb2: add durable-v2-open.reopen2b - connect with durable v2 - reconnect with durable v1 = succeeds Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 0ecfe1755e5e402188c9fa18f81561da248e3e12 Author: Michael Adam ob...@samba.org Date: Thu Sep 26 05:47:47 2013 +0200 s4:torture:smb2: add durable-v2