[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 26a043a WHATSNEW: Start release notes for Samba 3.5.21. via f807043 VERSION: Bump version number up to 3.5.21. from 31292e6 WHATSNEW: Prepare release notes for Samba 3.5.20. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 26a043a0997e199701a1bd72f91edc607471e700 Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 18 10:51:35 2012 +0100 WHATSNEW: Start release notes for Samba 3.5.21. Karolin commit f80704321ffe22ed3a5dfab02e0ebaa1cc104c22 Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 18 10:50:59 2012 +0100 VERSION: Bump version number up to 3.5.21. Karolin --- Summary of changes: WHATSNEW.txt| 45 +++-- source3/VERSION |2 +- 2 files changed, 44 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e2249fc..c96f46f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.5.21 +, 2013 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.21 include: + +o + +Changes since 3.5.19: +- + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.20 December 17, 2012 == @@ -51,8 +92,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.19 diff --git a/source3/VERSION b/source3/VERSION index ff94b83..754ca85 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 31292e6 WHATSNEW: Prepare release notes for Samba 3.5.20. from 06e3c65 Fix bug #9455 munmap called for an address location not mapped by samba. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 31292e6fbedef78126435c92d6e687a4844847d9 Author: Karolin Seeger ksee...@samba.org Date: Fri Dec 14 10:12:34 2012 +0100 WHATSNEW: Prepare release notes for Samba 3.5.20. Karolin --- Summary of changes: WHATSNEW.txt | 17 - 1 files changed, 16 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f0114d6..e2249fc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,12 +8,27 @@ This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.20 include: -o +o Fix segfaults in log level = 10 on Solaris (bug #9390). +o Apply ACL masks correctly when setting ACLs (bug #9236). + Changes since 3.5.19: - o Jeremy Allison j...@samba.org +* BUG 7781: Samba transforms ShareName to lowercase (sharename) when adding + new share via MMC. +* BUG 9236: Apply ACL masks correctly when setting ACLs. +* BUG 9455: munmap called for an address location not mapped by Samba. + + +o Björn Baumbach b...@sernet.de +* BUG 9345: Fix usage of smbconfoption tag. + + +o Stefan Metzmacher me...@samba.org +* BUG 9390: Fix segfaults in log level = 10 on Solaris. +* BUG 9402: Fix dns updates against BIND9 (used in a Samba4 domain). ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 06e3c65 Fix bug #9455 munmap called for an address location not mapped by samba. from cf4773f source3/libaddns: don't depend on the order in resp-answers[] http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 06e3c65af559baaee7fa61ed3df1287b786d1858 Author: Jeremy Allison j...@samba.org Date: Mon Dec 10 10:40:12 2012 -0800 Fix bug #9455 munmap called for an address location not mapped by samba. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/lib/util_unistr.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index f53ef94..e8483d3 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -45,6 +45,7 @@ void gfree_case_tables(void) unmap_file(upcase_table, 0x2); else SAFE_FREE(upcase_table); + upcase_table = NULL; } if ( lowcase_table ) { @@ -52,6 +53,7 @@ void gfree_case_tables(void) unmap_file(lowcase_table, 0x2); else SAFE_FREE(lowcase_table); + lowcase_table = NULL; } if ( valid_table ) { @@ -59,6 +61,7 @@ void gfree_case_tables(void) unmap_file(valid_table, 0x1); else SAFE_FREE(valid_table); + valid_table = NULL; } initialized = false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via cf4773f source3/libaddns: don't depend on the order in resp-answers[] via 4bb99f4 source3/libaddns: remove pointless check for resp-num_additionals != 1 from 05f151c lib/replace: replace all *printf function if we replace snprintf (bug #9390) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit cf4773f929b2ac01bfe22e8113ccd3843c92bf56 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:59:36 2012 +0100 source3/libaddns: don't depend on the order in resp-answers[] Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) The last 2 patches address bug #9402 - lib/addns doesn't work samba4 with a bind9 server. commit 4bb99f454cea8a0c37422f1e64cabe96543ca6e8 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:55:40 2012 +0100 source3/libaddns: remove pointless check for resp-num_additionals != 1 We never use resp-additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) --- Summary of changes: source3/libaddns/dnsgss.c | 16 1 files changed, 12 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libaddns/dnsgss.c b/source3/libaddns/dnsgss.c index c903741..a8b2ea1 100644 --- a/source3/libaddns/dnsgss.c +++ b/source3/libaddns/dnsgss.c @@ -164,6 +164,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_request *resp; struct dns_buffer *buf; struct dns_tkey_record *tkey; + struct dns_rrec *tkey_answer = NULL; + uint16_t i; err = dns_receive(mem_ctx, conn, buf); if (!ERR_DNS_IS_OK(err)) goto error; @@ -174,10 +176,16 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, /* * TODO: Compare id and keyname */ - - if ((resp-num_additionals != 1) || - (resp-num_answers == 0) || - (resp-answers[0]-type != QTYPE_TKEY)) { + + for (i=0; i resp-num_answers; i++) { + if (resp-answers[i]-type != QTYPE_TKEY) { + continue; + } + + tkey_answer = resp-answers[i]; + } + + if (tkey_answer == NULL) { err = ERROR_DNS_INVALID_MESSAGE; goto error; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 92292ac Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. from 9a8d7ab docs-xml: fix use of smbconfoption tag (fix bug #9345) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 92292ac55144521824610a5d4b09f8dc1ff19a8a Author: Jeremy Allison j...@samba.org Date: Thu Nov 8 13:45:19 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of -w-, which violates the principle that the owner of a file/directory can always read. --- Summary of changes: source3/smbd/posix_acls.c | 14 ++ 1 files changed, 10 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 646efa4..65a77d4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1359,7 +1359,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl !is_default_acl) { + if (setting_acl) { + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ apply_default_perms(params, is_directory, pace, S_IRUSR); } got_user = True; @@ -1439,9 +1443,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, pace-perms = pace_other-perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 05f151c lib/replace: replace all *printf function if we replace snprintf (bug #9390) via 27405fb libreplace: Fix symbol names for snprintf/asprintf/vasprintf. via fa16d0e libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from commit a599319d0a389ff0c31dae8068cd7a78352aa9e7) via 4bf8dc4 libreplace: added replacements for dprintf() and vdprintf() via 4205779 libreplace: some systems don't have memmem() from 92292ac Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 05f151c041e407514c1b35619b2f2454aa4d614b Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 13 14:07:11 2012 +0100 lib/replace: replace all *printf function if we replace snprintf (bug #9390) This fixes segfaults in log level = 10 on Solaris. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104 (cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52) The last 5 patches address bug #9390 - Solaris printf doesn't allow %s, NULL. commit 27405fb8cfaa56f3a39cdcd2fd635fd37af629f9 Author: Jelmer Vernooij jel...@samba.org Date: Sun May 13 03:21:34 2012 +0200 libreplace: Fix symbol names for snprintf/asprintf/vasprintf. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104 (cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e) commit fa16d0e4c2329fad8edde5a5e8d626a90caba6d9 Author: Andrew Tridgell tri...@freebsd.home.tridgell.net Date: Wed Mar 24 05:06:25 2010 +1100 libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from commit a599319d0a389ff0c31dae8068cd7a78352aa9e7) commit 4bf8dc438318e06ee96dc1b60848700739e7 Author: Andrew Tridgell tri...@samba.org Date: Thu Feb 11 20:18:50 2010 +1100 libreplace: added replacements for dprintf() and vdprintf() these are very useful for writing files with formatted writes Pair-Programmed-With: Andrew Bartlett abart...@samba.org (cherry picked from commit d6fb64c51244529388b1f79ba8220ff608e1e4de) commit 42057793ebb3ccdc4e63f59753bca8dd677e9748 Author: Andrew Tridgell tri...@samba.org Date: Sat Jan 2 10:01:11 2010 +1100 libreplace: some systems don't have memmem() added rep_memmem() and a testsuite (cherry picked from commit fef3c910da421e890925e5e61275fc457da87f6e) --- Summary of changes: lib/replace/libreplace.m4|4 ++- lib/replace/replace.c| 54 ++ lib/replace/replace.h| 38 - lib/replace/snprintf.c | 17 ++--- lib/replace/test/testsuite.c | 37 5 files changed, 138 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index af85879..7a26deb 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -108,7 +108,7 @@ AC_CHECK_HEADERS(unix.h) AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid wait4 strlcpy strlcat initgroups memmove strdup) -AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2) +AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2 dprintf vdprintf) AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath) AC_HAVE_DECL(setresuid, [#include unistd.h]) AC_HAVE_DECL(setresgid, [#include unistd.h]) @@ -228,6 +228,8 @@ AC_HAVE_DECL(environ, [#include unistd.h]) AC_CHECK_FUNCS(strnlen) AC_CHECK_FUNCS(strtoull __strtoull strtouq strtoll __strtoll strtoq) +AC_CHECK_FUNCS(memmem) + # this test disabled as we don't actually need __VA_ARGS__ yet AC_TRY_CPP([ #define eprintf(...) fprintf(stderr, __VA_ARGS__) diff --git a/lib/replace/replace.c b/lib/replace/replace.c index fc15717..85d0e36 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -681,3 +681,57 @@ char *rep_realpath(const char *path, char *resolved_path) return NULL; } #endif + + +#ifndef HAVE_MEMMEM +void *rep_memmem(const void *haystack, size_t haystacklen, +const void *needle, size_t needlelen) +{ + if (needlelen == 0) { + return discard_const(haystack); + } + while (haystacklen = needlelen) { + char *p = memchr(haystack, *(const char *)needle, +haystacklen-(needlelen-1)); +
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 9a8d7ab docs-xml: fix use of smbconfoption tag (fix bug #9345) from e81b3c9 Second part of fix for bug #7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 9a8d7ab3773e1d4d1981f8b45998d689180a4cbf Author: Björn Baumbach b...@sernet.de Date: Fri Nov 2 10:25:27 2012 +0100 docs-xml: fix use of smbconfoption tag (fix bug #9345) Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Karolin Seeger k...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Fri Nov 2 12:37:42 CET 2012 on sn-devel-104 (cherry picked from commit 3ecbe8c83a003825fc58f6dcb9e02a35aad2d86e) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Nov 5 13:09:12 CET 2012 on sn-devel-104 (cherry picked from commit 6195cb667b1c162436bfbf5d4f499bdc776f83b4) (cherry picked from commit a6dea8e6556bd5e391cd709b86664fb7cc34433a) --- Summary of changes: docs-xml/build/DTD/samba.entities | 13 - 1 files changed, 8 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities index f5d8cd2..c7e46c2 100644 --- a/docs-xml/build/DTD/samba.entities +++ b/docs-xml/build/DTD/samba.entities @@ -180,7 +180,7 @@ use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic./para paraNote that specifying this parameter here will -override the smbconfoptionnamelog level/name/smbconfoption parameter +override the smbconfoption name=log level / parameter in the smb.conf; file./para /listitem /varlistentry' @@ -207,7 +207,7 @@ use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic./para paraNote that specifying this parameter here will -override the smbconfoptionnamelog level/name/smbconfoption parameter +override the smbconfoption name=log level / parameter in the smb.conf; file./para /listitem /varlistentry' @@ -297,11 +297,13 @@ being on a locally connected subnet. paraIf this parameter is not set then the name resolve order defined in the smb.conf; file parameter -(smbconfoptionnamename resolve order/name/smbconfoption) will be used. +(smbconfoption name=name resolve order /) will be used. /para paraThe default order is lmhosts, host, wins, bcast. Without -this parameter or any entry in the smbconfoptionnamename resolve order/name/smbconfoption parameter of the smb.conf; file, the name +this parameter or any entry in the +smbconfoption name=name resolve order / parameter of +the smb.conf; file, the name resolution methods will be attempted in this order. /para/listitem /varlistentry' @@ -310,7 +312,8 @@ resolution methods will be attempted in this order. /para/listitem term-n|--netbiosname lt;primary NetBIOS namegt;/term listitemparaThis option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the smbconfoptionnamenetbios name/name/smbconfoption parameter in the smb.conf; file. +to setting the smbconfoption name=netbios name / parameter in +the smb.conf; file. However, a command line setting will take precedence over settings in smb.conf;./para/listitem -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6b03743 WHATSNEW: Start release notes for Samba 3.5.20. via 6048e80 VERSION: Bump version number up to 3.5.20. from 4067d19 WHATSNEW: Prepare release notes for Samba 3.5.19. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6b03743f3f342a874971b9fc8be1eb1f520b74da Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 5 09:50:55 2012 +0100 WHATSNEW: Start release notes for Samba 3.5.20. And fix a typo. Karolin commit 6048e80e1f3ca0d603d5e7458c91f9e5c43f8b67 Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 5 09:44:10 2012 +0100 VERSION: Bump version number up to 3.5.20. Karolin --- Summary of changes: WHATSNEW.txt| 47 --- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5bf1c53..f0114d6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.5.20 +December 17, 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.20 include: + +o + +Changes since 3.5.19: +- + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.19 November 5, 2012 == @@ -13,7 +54,7 @@ o ACL masks incorrectly applied when setting ACLs (bug #9236). o Samba panics if a user specifies an invalid port number (bug #9218). -Changes since 3.5.17: +Changes since 3.5.18: - o Jeremy Allison j...@samba.org @@ -61,8 +102,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.18 diff --git a/source3/VERSION b/source3/VERSION index 584aabd..ff94b83 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=19 +SAMBA_VERSION_RELEASE=20 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e81b3c9 Second part of fix for bug #7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC via 3b1528d Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) from 6b03743 WHATSNEW: Start release notes for Samba 3.5.20. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e81b3c9a2aa58cbf5e12ef129fa63aab784c9598 Author: Jeremy Allison j...@samba.org Date: Thu Nov 1 11:56:22 2012 -0700 Second part of fix for bug #7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC Ensure safe_strcpy is safe when src == dest. This probably needs porting to master/3.6.x/4.0.x. commit 3b1528dcd67d62f20313094be9b5d609a1ca4f25 Author: Jeremy Allison j...@samba.org Date: Wed May 23 22:22:17 2012 +0200 Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source3/include/proto.h |2 +- source3/lib/dummysmbd.c |2 +- source3/lib/util_str.c |8 +++ source3/modules/vfs_xattr_tdb.c |3 +- source3/param/loadparm.c|9 +--- source3/printing/nt_printing.c | 12 + source3/registry/reg_backend_printing.c |7 ++- source3/rpc_server/srv_srvsvc_nt.c | 75 +-- source3/smbd/lanman.c | 14 -- source3/smbd/msdfs.c|3 +- source3/smbd/service.c | 16 +-- source3/smbd/smb2_tcon.c|2 +- 12 files changed, 83 insertions(+), 70 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 785cc30..cee5d6a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7002,7 +7002,7 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath); bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); -int find_service(fstring service); +int find_service(const char *service_in, fstring service); connection_struct *make_connection_snum(struct smbd_server_connection *sconn, int snum, user_struct *vuser, DATA_BLOB password, diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index a41e6dc..28c6f0e 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -28,7 +28,7 @@ int get_client_fd(void) return -1; } -int find_service(fstring service) +int find_service(const char *service_in, fstring service) { return -1; } diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index d869637..c98bebe 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -514,6 +514,10 @@ char *safe_strcpy_fn(const char *fn, return NULL; } + if (src == dest) { + return dest; + } + #ifdef DEVELOPER clobber_region(fn,line,dest, maxlength+1); #endif @@ -2301,6 +2305,10 @@ bool validate_net_name( const char *name, { int i; + if (!name) { + return false; + } + for ( i=0; imax_len name[i]; i++ ) { /* fail if strchr_m() finds one of the invalid characters */ if ( name[i] strchr_m( invalid_chars, name[i] ) ) { diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index f7fbfce..fa8db04 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -733,8 +733,7 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, return res; } - fstrcpy(sname, service); - snum = find_service(sname); + snum = find_service(service, sname); if (snum == -1) { /* * Should not happen, but we should not fail just *here*. diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8c1cf09..eaff9e6 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -9471,15 +9471,10 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx, const char *sharename) { struct share_params *result; - char *sname; + fstring sname; int snum; - if (!(sname = SMB_STRDUP(sharename))) { - return NULL; - } - - snum = find_service(sname); - SAFE_FREE(sname); + snum = find_service(sharename, sname); if (snum 0) { return
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4067d19 WHATSNEW: Prepare release notes for Samba 3.5.19. from 92bd768 Revert Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4067d192f62d6fc20e1cdf8820656b03aa9f5931 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 1 09:30:00 2012 +0100 WHATSNEW: Prepare release notes for Samba 3.5.19. Karolin --- Summary of changes: WHATSNEW.txt | 27 ++- 1 files changed, 26 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1551865..5bf1c53 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,12 +8,37 @@ This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.19 include: -o +o Connection to outbound trusted domain goes offline (bug #9016). +o ACL masks incorrectly applied when setting ACLs (bug #9236). +o Samba panics if a user specifies an invalid port number (bug #9218). + Changes since 3.5.17: - o Jeremy Allison j...@samba.org +* BUG 9016: Connection to outbound trusted domain goes offline. +* BUG 9117: smbclient can't connect to a Windows 7 server using NTLMv2. +* BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free. +* BUG 9236: ACL masks incorrectly applied when setting ACLs. + + +o Andrew Bartlett abart...@samba.org +* BUG 8788: libsmb: Initialise ticket to ensure we do not free invalid memory. + + +o Björn Jacke b...@sernet.de +* BUG 8344: autoconf: Fix --with(out)-sendfile-support option handling. +* BUG 8732: Fix compile of krb5 locator on Solaris. +* BUG 9172: Add quota support for gfs2. + + +o Matthieu Patou m...@matws.net +* BUG 9259: lib-addns: Ensure that allocated buffer are pre set to 0. + + +o Andreas Schneider a...@samba.org +* BUG 9218: Samba panics if a user specifies an invalid port number. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 92bd768 Revert Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) via 79564b8 Revert Revert s3-smbd: Don't segfault if user specified ports out for range. from fce3a18 Revert s3-smbd: Don't segfault if user specified ports out for range. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 92bd768ed56585c2a45d0ca41eec9e6a1e3701ae Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 31 11:40:26 2012 +0100 Revert Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) This reverts commit 157b88da4db727eafa682c7fc7eab11d5955f57b. This one seems to break make test on my system. Karolin commit 79564b889dba69fa39d9839e5d45457657ab0950 Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 31 11:39:34 2012 +0100 Revert Revert s3-smbd: Don't segfault if user specified ports out for range. This reverts commit fce3a18d3d5ed46f8e0d1653f862e46b5dff0e03. This patch does not seem to cause the issue. Sorry for the noise. Karolin --- Summary of changes: source3/include/proto.h |2 +- source3/lib/dummysmbd.c |2 +- source3/lib/util_str.c |4 -- source3/modules/vfs_xattr_tdb.c |3 +- source3/param/loadparm.c|9 +++- source3/printing/nt_printing.c | 12 - source3/registry/reg_backend_printing.c |7 +-- source3/rpc_server/srv_srvsvc_nt.c | 75 ++- source3/smbd/lanman.c | 14 ++ source3/smbd/msdfs.c|3 +- source3/smbd/server.c | 23 +- source3/smbd/service.c | 16 ++- source3/smbd/smb2_tcon.c|2 +- 13 files changed, 82 insertions(+), 90 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index cee5d6a..785cc30 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7002,7 +7002,7 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath); bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); -int find_service(const char *service_in, fstring service); +int find_service(fstring service); connection_struct *make_connection_snum(struct smbd_server_connection *sconn, int snum, user_struct *vuser, DATA_BLOB password, diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index 28c6f0e..a41e6dc 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -28,7 +28,7 @@ int get_client_fd(void) return -1; } -int find_service(const char *service_in, fstring service) +int find_service(fstring service) { return -1; } diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 17a4a8f..d869637 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -2301,10 +2301,6 @@ bool validate_net_name( const char *name, { int i; - if (!name) { - return false; - } - for ( i=0; imax_len name[i]; i++ ) { /* fail if strchr_m() finds one of the invalid characters */ if ( name[i] strchr_m( invalid_chars, name[i] ) ) { diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index fa8db04..f7fbfce 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -733,7 +733,8 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, return res; } - snum = find_service(service, sname); + fstrcpy(sname, service); + snum = find_service(sname); if (snum == -1) { /* * Should not happen, but we should not fail just *here*. diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index eaff9e6..8c1cf09 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -9471,10 +9471,15 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx, const char *sharename) { struct share_params *result; - fstring sname; + char *sname; int snum; - snum = find_service(sharename, sname); + if (!(sname = SMB_STRDUP(sharename))) { + return NULL; + } + + snum = find_service(sname); + SAFE_FREE(sname); if (snum 0) { return NULL; diff --git a/source3/printing/nt_printing.c
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 31518a6 s3: fix compile of krb5 locator on Solaris from ee5a100 lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 31518a6acd3399a29499b5f758e36115cf3db78b Author: Björn Jacke b...@sernet.de Date: Tue May 29 08:01:40 2012 +0200 s3: fix compile of krb5 locator on Solaris the krb5 locator plugin on Solaris needs LIBREPLACE_LIBS (bug #8732) Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Tue May 29 09:58:42 CEST 2012 on sn-devel-104 (cherry picked from commit 3085225e72c75abf84d7740334459cd971ee4c56) (cherry picked from commit 7ca265423a36c114ac9216a780e005956967eae7) --- Summary of changes: source3/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index d1a8780..aebfc3b 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2547,7 +2547,7 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) $(LIBTDB) bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT) @echo Linking $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5LIBS) \ - @SONAMEFLAG@`basename $@` + $(LIBREPLACE_LIBS) @SONAMEFLAG@`basename $@` bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) @echo Linking shared library $@ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via fce3a18 Revert s3-smbd: Don't segfault if user specified ports out for range. from 31518a6 s3: fix compile of krb5 locator on Solaris http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit fce3a18d3d5ed46f8e0d1653f862e46b5dff0e03 Author: Karolin Seeger ksee...@samba.org Date: Thu Oct 18 11:48:16 2012 +0200 Revert s3-smbd: Don't segfault if user specified ports out for range. This reverts commit 60b15f3b646d10e027e8288132db5b942261de8f. This commit seems to break 'make test' on my system, so reverting it for now. (Bug report has been re-opened, see https://bugzilla.samba.org/show_bug.cgi?id=9218 for details). --- Summary of changes: source3/smbd/server.c | 23 +++ 1 files changed, 11 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index f34d9f6..63a9869 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -560,8 +560,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, int num_interfaces = iface_count(); int i; char *ports; - char *tok; - const char *ptr; unsigned dns_port = 0; #ifdef HAVE_ATEXIT @@ -583,16 +581,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, ports = talloc_strdup(talloc_tos(), smb_ports); } - for (ptr = ports; -next_token_talloc(talloc_tos(),ptr, tok, \t,);) { - unsigned port = atoi(tok); - - if (port == 0 || port 0x) { - exit_server_cleanly(Invalid port in the config or on - the commandline specified!); - } - } - if (lp_interfaces() lp_bind_interfaces_only()) { /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a @@ -604,6 +592,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, for(i = 0; i num_interfaces; i++) { const struct sockaddr_storage *ifss = iface_n_sockaddr_storage(i); + char *tok; + const char *ptr; if (ifss == NULL) { DEBUG(0,(open_sockets_smbd: @@ -615,6 +605,9 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, for (ptr=ports; next_token_talloc(talloc_tos(),ptr, tok, \t,);) { unsigned port = atoi(tok); + if (port == 0 || port 0x) { + continue; + } /* Keep the first port for mDNS service * registration. @@ -632,6 +625,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, /* Just bind to 0.0.0.0 - accept connections from anywhere. */ + char *tok; + const char *ptr; const char *sock_addr = lp_socket_address(); char *sock_tok; const char *sock_ptr; @@ -649,7 +644,11 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, next_token_talloc(talloc_tos(), sock_ptr, sock_tok, \t,); ) { for (ptr=ports; next_token_talloc(talloc_tos(), ptr, tok, \t,); ) { struct sockaddr_storage ss; + unsigned port = atoi(tok); + if (port == 0 || port 0x) { + continue; + } /* Keep the first port for mDNS service * registration. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8013e2e s3-libsmb: Initialise ticket to ensure we do not invalid memory from f156a35 autoconf: fix --with(out)-sendfile-support option handling http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8013e2e96fd54446584cb91c0120acf41d9e8d46 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:55:04 2012 +1100 s3-libsmb: Initialise ticket to ensure we do not invalid memory The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104 (cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178) Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory. (cherry picked from commit e96f50c9bb145a6af2c023e8ff4c3ec5a4a6) --- Summary of changes: source3/libsmb/clispnego.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 49b484b..3200380 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -387,6 +387,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) bool ret; ASN1_DATA *data; int data_remaining; + *ticket = data_blob_null; data = asn1_init(talloc_tos()); if (data == NULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c13c6eb Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). from 8013e2e s3-libsmb: Initialise ticket to ensure we do not invalid memory http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8 Author: Jeremy Allison j...@samba.org Date: Fri Aug 24 15:54:07 2012 -0700 Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). Simple fix for 3.5.x, tested and confirmed as working by original reporter Blohm, Guntram (I/FP-37, extern) extern.guntram.bl...@audi.de. --- Summary of changes: libcli/auth/smbencrypt.c|5 - source3/libsmb/cliconnect.c |1 + 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index f7c60e7..e821dbc 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -471,8 +471,11 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, /* We don't use the NT# directly. Instead we use it mashed up with the username and domain. This prevents username swapping during the auth exchange + NB. *DON'T* tell ntv2_owf_gen() to uppercase the domain + name here, we may have already been added to an NTLMSSP + exchange in the non-uppercase form. */ - if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, false, ntlm_v2_hash)) { return false; } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index e858280..7b00469 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1178,6 +1178,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, (p=strchr_m(user2,*lp_winbind_separator( { *p = 0; user = p+1; + strupper_m(user2); workgroup = user2; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ee5a100 lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259) from c13c6eb Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ee5a100eaa7cef525a8bc9d1390d7bbdbbfc84fa Author: Matthieu Patou m...@matws.net Date: Thu Sep 27 01:22:57 2012 -0700 lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259) It avoid bugs when one of the buffer is supposed to contain a string that is not null terminated (ie. label-label) and that we don't force the last byte to 0. (similar to commit 03c4dceaab82ca2c60c9ce0e09fddd071f98087b) --- Summary of changes: source3/libaddns/dnsmarshall.c | 24 1 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libaddns/dnsmarshall.c b/source3/libaddns/dnsmarshall.c index 5530290..b2e84eb 100644 --- a/source3/libaddns/dnsmarshall.c +++ b/source3/libaddns/dnsmarshall.c @@ -27,7 +27,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx) { struct dns_buffer *result; - if (!(result = talloc(mem_ctx, struct dns_buffer))) { + if (!(result = talloc_zero(mem_ctx, struct dns_buffer))) { return NULL; } @@ -39,7 +39,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx) */ result-size = 2; - if (!(result-data = TALLOC_ARRAY(result, uint8, result-size))) { + if (!(result-data = TALLOC_ZERO_ARRAY(result, uint8, result-size))) { TALLOC_FREE(result); return NULL; } @@ -216,14 +216,14 @@ static void dns_unmarshall_label(TALLOC_CTX *mem_ctx, return; } - if (!(label = talloc(mem_ctx, struct dns_domain_label))) { + if (!(label = talloc_zero(mem_ctx, struct dns_domain_label))) { buf-error = ERROR_DNS_NO_MEMORY; return; } label-len = len; - if (!(label-label = TALLOC_ARRAY(label, char, len+1))) { + if (!(label-label = TALLOC_ZERO_ARRAY(label, char, len+1))) { buf-error = ERROR_DNS_NO_MEMORY; goto error; } @@ -250,7 +250,7 @@ void dns_unmarshall_domain_name(TALLOC_CTX *mem_ctx, if (!ERR_DNS_IS_OK(buf-error)) return; - if (!(name = talloc(mem_ctx, struct dns_domain_name))) { + if (!(name = talloc_zero(mem_ctx, struct dns_domain_name))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -281,7 +281,7 @@ static void dns_unmarshall_question(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; - if (!(q = talloc(mem_ctx, struct dns_question))) { + if (!(q = talloc_zero(mem_ctx, struct dns_question))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -314,7 +314,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; - if (!(r = talloc(mem_ctx, struct dns_rrec))) { + if (!(r = talloc_zero(mem_ctx, struct dns_rrec))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -329,7 +329,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; if (r-data_length != 0) { - if (!(r-data = TALLOC_ARRAY(r, uint8, r-data_length))) { + if (!(r-data = TALLOC_ZERO_ARRAY(r, uint8, r-data_length))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -406,22 +406,22 @@ DNS_ERROR dns_unmarshall_request(TALLOC_CTX *mem_ctx, err = ERROR_DNS_NO_MEMORY; if ((req-num_questions != 0) - !(req-questions = TALLOC_ARRAY(req, struct dns_question *, + !(req-questions = TALLOC_ZERO_ARRAY(req, struct dns_question *, req-num_questions))) { goto error; } if ((req-num_answers != 0) - !(req-answers = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-answers = TALLOC_ZERO_ARRAY(req, struct dns_rrec *, req-num_answers))) { goto error; } if ((req-num_auths != 0) - !(req-auths = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-auths = TALLOC_ZERO_ARRAY(req, struct dns_rrec *, req-num_auths))) { goto error; } if ((req-num_additionals != 0) - !(req-additionals = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-additionals = TALLOC_ZERO_ARRAY(req, struct
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f156a35 autoconf: fix --with(out)-sendfile-support option handling from 7dcb017 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f156a357e6af0aaa6b1bcddc521761d43409e70f Author: Björn Jacke b...@sernet.de Date: Fri Sep 14 00:02:22 2012 +0200 autoconf: fix --with(out)-sendfile-support option handling this fixes bug #8344 (cherry picked from commit a1db9aada46e2e7eefc989f888d22650320533de) --- Summary of changes: source3/configure.in | 35 --- 1 files changed, 20 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 2494593..9d7fb5d 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -5696,16 +5696,23 @@ fi # # check for sendfile support -with_sendfile_support=yes -AC_MSG_CHECKING(whether to check to support sendfile) +AC_MSG_CHECKING(whether sendfile support should be built in) AC_ARG_WITH(sendfile-support, -[AS_HELP_STRING([--with-sendfile-support], [Check for sendfile support (default=yes)])], +[AS_HELP_STRING([--with-sendfile-support], [Whether sendfile support should be built in (default=auto)])], [ case $withval in - yes) - - AC_MSG_RESULT(yes); + yes|no) + AC_MSG_RESULT($withval); + with_sendfile_support=$withval + ;; + *) + AC_MSG_RESULT(yes) + with_sendfile_support=auto + ;; + esac ], +) - case $host_os in +if test x$with_sendfile_support != xno ; then +case $host_os in *linux* | gnu* | k*bsd*-gnu | kopensolaris*-gnu) AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[ AC_TRY_LINK([#include sys/sendfile.h], @@ -5941,14 +5948,12 @@ samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)]) ;; *) ;; -esac -;; - *) -AC_MSG_RESULT(no) -;; - esac ], - AC_MSG_RESULT(yes) -) +esac +fi + +if test x$with_sendfile_support = xyes -a x$samba_cv_HAVE_SENDFILE != xyes ; then + AC_MSG_ERROR(sendfile support requested but sendfile not available ) +fi # See if we have the Linux readahead syscall. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7dcb017 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. via 580f616 Only apply masks on non-default ACL entries when setting the ACL. via 9647be9 Use is_default_acl variable in canonicalise_acl(). via 4ed5dea Reformat spacing to be even. from e521734 html docs: Remove link to Using Samba. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594 Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 10:15:54 2012 -0700 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. Fix bug #9236 - ACL masks incorrectly applied when setting ACLs. commit 580f61622c449aee8420e3519e764706d11c20fc Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 13:01:59 2012 -0700 Only apply masks on non-default ACL entries when setting the ACL. commit 9647be9699b464ee5060e8ccc8328adef6d6641d Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 09:55:09 2012 -0700 Use is_default_acl variable in canonicalise_acl(). commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef Author: Jeremy Allison j...@samba.org Date: Tue Oct 2 12:38:16 2012 -0700 Reformat spacing to be even. --- Summary of changes: source3/smbd/posix_acls.c | 55 +++-- 1 files changed, 38 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 78b373a..646efa4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1342,12 +1342,13 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) / static bool ensure_canon_entry_valid(canon_ace **pp_ace, -const struct share_params *params, -const bool is_directory, - const DOM_SID *pfile_owner_sid, - const DOM_SID *pfile_grp_sid, - const SMB_STRUCT_STAT *pst, - bool setting_acl) + bool is_default_acl, + const struct share_params *params, + const bool is_directory, + const DOM_SID *pfile_owner_sid, + const DOM_SID *pfile_grp_sid, + const SMB_STRUCT_STAT *pst, + bool setting_acl) { canon_ace *pace; bool got_user = False; @@ -1358,8 +1359,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRUSR); + } got_user = True; } else if (pace-type == SMB_ACL_GROUP_OBJ) { @@ -1368,8 +1370,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, * Ensure create mask/force create mode is respected on set. */ - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IRGRP); + } got_grp = True; } else if (pace-type == SMB_ACL_OTHER) { @@ -1378,10 +1381,21 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, * Ensure create mask/force create mode is respected on set. */ - if (setting_acl) + if (setting_acl !is_default_acl) { apply_default_perms(params, is_directory, pace, S_IROTH); + } got_other = True; pace_other = pace; + + } else if (pace-type == SMB_ACL_USER || pace-type == SMB_ACL_GROUP) { + + /* +* Ensure create mask/force create mode is respected on set. +*/ + + if (setting_acl !is_default_acl) { + apply_default_perms(params, is_directory, pace, S_IRGRP); + } } } @@ -1425,7 +1439,9 @@
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e521734 html docs: Remove link to Using Samba. from 157b88d Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e521734eda77b483594452a878acfadabbd08c2d Author: Karolin Seeger ksee...@samba.org Date: Thu Oct 4 11:43:20 2012 +0200 html docs: Remove link to Using Samba. Thanks to Christian Perrier bubu...@debian.org for reporting! Fix bug #7826 - HTML docs index file still points to Using Samba. Karolin Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104 (cherry picked from commit 1bf209dd7e5a0f0001b3d1e3798093772bbd3fd3) --- Summary of changes: docs-xml/htmldocs.html |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/htmldocs.html b/docs-xml/htmldocs.html index 44fcc0f..6fb9e73 100644 --- a/docs-xml/htmldocs.html +++ b/docs-xml/htmldocs.html @@ -23,10 +23,6 @@ td valign=topThis book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework./td /tr tr - td valign=topa href=using_samba/toc.htmlUsing Samba/a, 2nd Edition/td - td valign=topiUsing Samba/i, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients./td -/tr -tr td valign=topa href=manpages/index.htmlMan pages/a/td td valign=topThe Samba man pages in HTML./td /tr -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 265ff55 Fix bug #9016 - Connection to outbound trusted domain goes offline. from bea4512 quota: add supprt for gfs2 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 265ff5579b2671db250928b631b35e4df3b9a7f6 Author: Jeremy Allison j...@samba.org Date: Fri Jul 13 16:25:23 2012 -0700 Fix bug #9016 - Connection to outbound trusted domain goes offline. By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104 (cherry picked from commit 726ecf6a915ff534af4076e9d0cdebf8b5435d61) (cherry picked from commit d4faae3dbdfdd600bbf9bddb2589b8a6dc8434b6) --- Summary of changes: source3/winbindd/winbindd_cm.c |6 -- 1 files changed, 0 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index a63c3f5..7f55c01 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1623,12 +1623,6 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain) return NT_STATUS_OK; } - if (!winbindd_can_contact_domain(domain)) { - invalidate_cm_connection(domain-conn); - domain-initialized = True; - return NT_STATUS_OK; - } - if (connection_ok(domain)) { if (!domain-initialized) { set_dc_type_and_flags(domain); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1b85990 Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free. from 265ff55 Fix bug #9016 - Connection to outbound trusted domain goes offline. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1b85990b833fe4ef2007e82ffe26ee18f87cb464 Author: Jeremy Allison j...@samba.org Date: Tue Sep 25 16:35:09 2012 -0700 Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free. Not the correct fix for the specific issue, but a general fix to make sure this can never happen again. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104 (cherry picked from commit 83f60672e1b3069e6b1b90b376460da895e37df3) (cherry picked from commit d0b872ea7ca112d047b9ee2d10d1a75a2ee4aed3) --- Summary of changes: source3/libsmb/clispnego.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 3322529..49b484b 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -136,6 +136,10 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, bool ret; ASN1_DATA *data; + for (i = 0; i ASN1_MAX_OIDS; i++) { + OIDs[i] = NULL; + } + data = asn1_init(talloc_tos()); if (data == NULL) { return false; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 60b15f3 s3-smbd: Don't segfault if user specified ports out for range. from 1b85990 Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 60b15f3b646d10e027e8288132db5b942261de8f Author: Andreas Schneider a...@samba.org Date: Tue Sep 25 14:28:22 2012 +0200 s3-smbd: Don't segfault if user specified ports out for range. (cherry picked from commit 50d324b7e070de4672eff3fb6231923e6dca807a) Signed-off-by: Andreas Schneider a...@samba.org Fix bug #9218 - Samba panics if a user specifies an invalid port number. --- Summary of changes: source3/smbd/server.c | 23 --- 1 files changed, 12 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 63a9869..f34d9f6 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -560,6 +560,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, int num_interfaces = iface_count(); int i; char *ports; + char *tok; + const char *ptr; unsigned dns_port = 0; #ifdef HAVE_ATEXIT @@ -581,6 +583,16 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, ports = talloc_strdup(talloc_tos(), smb_ports); } + for (ptr = ports; +next_token_talloc(talloc_tos(),ptr, tok, \t,);) { + unsigned port = atoi(tok); + + if (port == 0 || port 0x) { + exit_server_cleanly(Invalid port in the config or on + the commandline specified!); + } + } + if (lp_interfaces() lp_bind_interfaces_only()) { /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a @@ -592,8 +604,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, for(i = 0; i num_interfaces; i++) { const struct sockaddr_storage *ifss = iface_n_sockaddr_storage(i); - char *tok; - const char *ptr; if (ifss == NULL) { DEBUG(0,(open_sockets_smbd: @@ -605,9 +615,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, for (ptr=ports; next_token_talloc(talloc_tos(),ptr, tok, \t,);) { unsigned port = atoi(tok); - if (port == 0 || port 0x) { - continue; - } /* Keep the first port for mDNS service * registration. @@ -625,8 +632,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, /* Just bind to 0.0.0.0 - accept connections from anywhere. */ - char *tok; - const char *ptr; const char *sock_addr = lp_socket_address(); char *sock_tok; const char *sock_ptr; @@ -644,11 +649,7 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, next_token_talloc(talloc_tos(), sock_ptr, sock_tok, \t,); ) { for (ptr=ports; next_token_talloc(talloc_tos(), ptr, tok, \t,); ) { struct sockaddr_storage ss; - unsigned port = atoi(tok); - if (port == 0 || port 0x) { - continue; - } /* Keep the first port for mDNS service * registration. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 157b88d Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) from 60b15f3 s3-smbd: Don't segfault if user specified ports out for range. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 157b88da4db727eafa682c7fc7eab11d5955f57b Author: Jeremy Allison j...@samba.org Date: Wed May 23 22:22:17 2012 +0200 Fix bug #7781 (Samba transforms ShareName to lowercase when adding new share via MMC) Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source3/include/proto.h |2 +- source3/lib/dummysmbd.c |2 +- source3/lib/util_str.c |4 ++ source3/modules/vfs_xattr_tdb.c |3 +- source3/param/loadparm.c|9 +--- source3/printing/nt_printing.c | 12 + source3/registry/reg_backend_printing.c |7 ++- source3/rpc_server/srv_srvsvc_nt.c | 75 +-- source3/smbd/lanman.c | 14 -- source3/smbd/msdfs.c|3 +- source3/smbd/service.c | 16 +-- source3/smbd/smb2_tcon.c|2 +- 12 files changed, 79 insertions(+), 70 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 785cc30..cee5d6a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7002,7 +7002,7 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath); bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); -int find_service(fstring service); +int find_service(const char *service_in, fstring service); connection_struct *make_connection_snum(struct smbd_server_connection *sconn, int snum, user_struct *vuser, DATA_BLOB password, diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index a41e6dc..28c6f0e 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -28,7 +28,7 @@ int get_client_fd(void) return -1; } -int find_service(fstring service) +int find_service(const char *service_in, fstring service) { return -1; } diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index d869637..17a4a8f 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -2301,6 +2301,10 @@ bool validate_net_name( const char *name, { int i; + if (!name) { + return false; + } + for ( i=0; imax_len name[i]; i++ ) { /* fail if strchr_m() finds one of the invalid characters */ if ( name[i] strchr_m( invalid_chars, name[i] ) ) { diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index f7fbfce..fa8db04 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -733,8 +733,7 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, return res; } - fstrcpy(sname, service); - snum = find_service(sname); + snum = find_service(service, sname); if (snum == -1) { /* * Should not happen, but we should not fail just *here*. diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8c1cf09..eaff9e6 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -9471,15 +9471,10 @@ struct share_params *get_share_params(TALLOC_CTX *mem_ctx, const char *sharename) { struct share_params *result; - char *sname; + fstring sname; int snum; - if (!(sname = SMB_STRDUP(sharename))) { - return NULL; - } - - snum = find_service(sname); - SAFE_FREE(sname); + snum = find_service(sharename, sname); if (snum 0) { return NULL; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index beaa9e5..85ce703 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1472,9 +1472,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p, return 3; } - fstrcpy(printdollar, print$); - - printdollar_snum = find_service(printdollar); + printdollar_snum = find_service(print$, printdollar); if (printdollar_snum == -1) { *perr = WERR_NO_SUCH_SHARE; return -1; @@ -1864,9 +1862,7 @@ WERROR move_driver_to_download_area(struct pipes_struct *p, return WERR_UNKNOWN_PRINTER_DRIVER; } -
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via bea4512 quota: add supprt for gfs2 from 48d90a8 WHATSNEW: Start release notes for Samba 3.5.19. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit bea45125fc10d0eef02c5cedb5585f70eebe9450 Author: Björn Jacke b...@sernet.de Date: Tue Sep 18 13:57:30 2012 +0200 quota: add supprt for gfs2 gfs2 uses the same generic quota interface as xfs and it has the same base block/quota block size ratio and seems to work nice with the xfs quota module. (People using gfs should be aware that quota reporting is lagging quite a bit on gfs. If you copy a file on a gfs volume the quota values are being updated with a delay of 30s here with kernel 3.5. This reporting can lead to data corruption if a client thinks he can write but actually he suddently can't.) (cherry picked from commit 0b57d1c07520f4995412f224945324fef29f5989) Fix bug #9172 - quota on gfs2 being reported wrong. (cherry picked from commit 16a3b6e02d1bb8345984ab6a8c81e446d8de2f54) --- Summary of changes: source3/lib/sysquotas.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/sysquotas.c b/source3/lib/sysquotas.c index 3d4697c..6682a80 100644 --- a/source3/lib/sysquotas.c +++ b/source3/lib/sysquotas.c @@ -176,6 +176,8 @@ static struct { } sys_quota_backends[] = { #ifdef HAVE_XFS_QUOTAS {xfs, sys_get_xfs_quota, sys_set_xfs_quota}, + {gfs, sys_get_xfs_quota, sys_set_xfs_quota}, + {gfs2, sys_get_xfs_quota, sys_set_xfs_quota}, #endif /* HAVE_XFS_QUOTAS */ {NULL, NULL, NULL} }; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 48d90a8 WHATSNEW: Start release notes for Samba 3.5.19. via 3262322 VERSION: Bump version up to 3.5.19. from e9e21fa WHWATSNEW: Prepare release notes for Samba 3.5.18. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 48d90a8eae8873081dcce28c17f483ae07ddb8f6 Author: Karolin Seeger ksee...@samba.org Date: Mon Sep 24 19:59:55 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.19. Karolin commit 3262322e686dadf6cb25b93177b0d16076ca7e06 Author: Karolin Seeger ksee...@samba.org Date: Mon Sep 24 19:57:40 2012 +0200 VERSION: Bump version up to 3.5.19. Karolin --- Summary of changes: WHATSNEW.txt| 45 +++-- source3/VERSION |2 +- 2 files changed, 44 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 37bbe4b..1551865 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.5.19 + November 5, 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.19 include: + +o + +Changes since 3.5.17: +- + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.18 September 24, 2012 == @@ -75,8 +116,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.17 diff --git a/source3/VERSION b/source3/VERSION index 5aeb65b..584aabd 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=18 +SAMBA_VERSION_RELEASE=19 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e9e21fa WHWATSNEW: Prepare release notes for Samba 3.5.18. from a4f48b3 docs: clarify the idmap_rid manpage (bug #7788) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e9e21faae567370f05432462cf25a3df6cf8e07f Author: Karolin Seeger ksee...@samba.org Date: Fri Sep 21 10:19:07 2012 +0200 WHWATSNEW: Prepare release notes for Samba 3.5.18. Karolin --- Summary of changes: WHATSNEW.txt | 44 ++-- 1 files changed, 42 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index da49f98..37bbe4b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,18 +1,58 @@ == Release Notes for Samba 3.5.18 - , 2012 +September 24, 2012 == This is the latest stable release of Samba 3.5. -Major enhancements in Samba 3.5.16 include: +Major enhancements in Samba 3.5.18 include: + +o Fix a smbd crash in reply_lockingX_error (bug #9084). +o Fix Winbind crashes caused by mis-identified idle clients (bug #9104). +o Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in + _pam_winbind_change_pwd() when password is expiring (bug #9013). Changes since 3.5.17: - +o Michael Adam ob...@samba.org +* BUG 7788: Clarify the idmap_rid manpage. + + o Jeremy Allison j...@samba.org +* BUG 9098: Winbind does not refresh Kerberos tickets. +* BUG 9147: Winbind can't fetch user or group info from AD via LDAP. +* BUG 9150: Valid open requests can cause smbd assert due to incorrect + oplock handling on delete requests. + + +o Neil R. Goldberg ngold...@mitre.org +* BUG 9100: Winbind doesn't return Domain Local groups from own domain. + + +o Hargagan sharga...@novell.com +* BUG 9085: NMB registration for a duplicate workstation fails with + registration refuse. + + +o Björn Jacke b...@sernet.de +* BUG 7814: Fix build of sysquote_xfs. +* BUG 8402: Winbind log spammed with idmap messages. + + +o Volker Lendecke v...@samba.org +* BUG 9084: Fix a smbd crash in reply_lockingX_error. + + +o Herb Lewis hle...@panasas.com +* BUG 9104: Fix Winbind crashes caused by mis-identified idle clients. + + +o Luca Lorenzetto lorenzetto-l...@ubuntu-it.org +* BUG 9013: Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in + _pam_winbind_change_pwd() when password is expiring. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 9258a7b Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP from b20ca77 s3: delete requests are not special http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 9258a7b9cfd5fb85e5361d1b49c3bb8655e97159 Author: Jeremy Allison j...@samba.org Date: Mon Sep 10 16:07:37 2012 -0700 Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP Don't use isprint in ldb_binary_encode(). This is locale specific. Restrict to ASCII only, hex encode everything else. --- Summary of changes: source3/lib/ldb/common/ldb_parse.c | 11 +-- source4/lib/ldb/common/ldb_parse.c | 11 +-- 2 files changed, 18 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/ldb/common/ldb_parse.c b/source3/lib/ldb/common/ldb_parse.c index bcc92c5..1412d57 100644 --- a/source3/lib/ldb/common/ldb_parse.c +++ b/source3/lib/ldb/common/ldb_parse.c @@ -92,6 +92,13 @@ struct ldb_val ldb_binary_decode(void *mem_ctx, const char *str) return ret; } +static bool need_encode(unsigned char cval) +{ + if (cval 0x20 || cval 0x7E || strchr( *()\\|!\, cval)) { + return true; + } + return false; +} /* encode a blob as a RFC2254 binary string, escaping any @@ -105,7 +112,7 @@ char *ldb_binary_encode(void *mem_ctx, struct ldb_val val) unsigned char *buf = val.data; for (i=0;ival.length;i++) { - if (!isprint(buf[i]) || strchr( *()\\|!\, buf[i])) { + if (need_encode(buf[i])) { len += 2; } } @@ -114,7 +121,7 @@ char *ldb_binary_encode(void *mem_ctx, struct ldb_val val) len = 0; for (i=0;ival.length;i++) { - if (!isprint(buf[i]) || strchr( *()\\|!\, buf[i])) { + if (need_encode(buf[i])) { snprintf(ret+len, 4, \\%02X, buf[i]); len += 3; } else { diff --git a/source4/lib/ldb/common/ldb_parse.c b/source4/lib/ldb/common/ldb_parse.c index ba16b57..22a25c9 100644 --- a/source4/lib/ldb/common/ldb_parse.c +++ b/source4/lib/ldb/common/ldb_parse.c @@ -89,6 +89,13 @@ struct ldb_val ldb_binary_decode(void *mem_ctx, const char *str) return ret; } +static bool need_encode(unsigned char cval) +{ + if (cval 0x20 || cval 0x7E || strchr( *()\\|!\, cval)) { + return true; + } + return false; +} /* encode a blob as a RFC2254 binary string, escaping any @@ -102,7 +109,7 @@ char *ldb_binary_encode(void *mem_ctx, struct ldb_val val) unsigned char *buf = val.data; for (i=0;ival.length;i++) { - if (!isprint(buf[i]) || strchr( *()\\|!\, buf[i])) { + if (need_encode(buf[i])) { len += 2; } } @@ -111,7 +118,7 @@ char *ldb_binary_encode(void *mem_ctx, struct ldb_val val) len = 0; for (i=0;ival.length;i++) { - if (!isprint(buf[i]) || strchr( *()\\|!\, buf[i])) { + if (need_encode(buf[i])) { snprintf(ret+len, 4, \\%02X, buf[i]); len += 3; } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 25bf057 nsswitch: fix crash on null pam change pw response from 9258a7b Fix bug #9147 - winbind can't fetch user or group info from AD via LDAP http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 25bf057288d5e77c07a5ed3d3c3fb7f5f33f62b6 Author: Luca Lorenzetto lorenzetto-l...@ubuntu-it.org Date: Tue Sep 11 18:35:42 2012 +0200 nsswitch: fix crash on null pam change pw response The function _pam_winbind_change_pwd crashes due to a null value passed to the function strcasecmp and denies to login via graphical login manager. Check for a null value before doing a strcasecmp. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296 Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013 (Desktop Managers (xdm, gdm, lightdm...) crashes with SIGSEGV in _pam_winbind_change_pwd() when password is expiring) (cherry picked from commit 47f2211f137688a7c46c4a38571a9f94e59dbf6a) --- Summary of changes: nsswitch/pam_winbind.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 81055c9..fdaf807 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -831,7 +831,7 @@ static bool _pam_winbind_change_pwd(struct pwb_context *ctx) } _pam_log(ctx, LOG_CRIT, Received [%s] reply from application.\n, resp-resp); - if (strcasecmp(resp-resp, yes) == 0) { + if ((resp-resp != NULL) (strcasecmp(resp-resp, yes) == 0)) { retval = true; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a3eb8d7 quota: fix build of sysquote_xfs on from 25bf057 nsswitch: fix crash on null pam change pw response http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a3eb8d765e48bcbe86458791ec61325a517bd7dd Author: Björn Jacke b...@sernet.de Date: Thu Sep 13 01:23:12 2012 +0200 quota: fix build of sysquote_xfs on linux header files renamed some XFS_* defines to FS_* around kernel v2.6.36 This fixes bug #7814 --- Summary of changes: source3/lib/sysquotas_xfs.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/sysquotas_xfs.c b/source3/lib/sysquotas_xfs.c index 1e438e9..1e3d952 100644 --- a/source3/lib/sysquotas_xfs.c +++ b/source3/lib/sysquotas_xfs.c @@ -35,6 +35,18 @@ #include samba_linux_quota.h #ifdef HAVE_LINUX_DQBLK_XFS_H #include linux/dqblk_xfs.h +#ifndef XFS_QUOTA_UDQ_ACCT +#define XFS_QUOTA_UDQ_ACCT FS_QUOTA_UDQ_ACCT +#endif +#ifndef XFS_QUOTA_UDQ_ENFD +#define XFS_QUOTA_UDQ_ENFD FS_QUOTA_UDQ_ENFD +#endif +#ifndef XFS_QUOTA_GDQ_ACCT +#define XFS_QUOTA_GDQ_ACCT FS_QUOTA_GDQ_ACCT +#endif +#ifndef XFS_QUOTA_GDQ_ENFD +#define XFS_QUOTA_GDQ_ENFD FS_QUOTA_GDQ_ENFD +#endif #endif #define HAVE_GROUP_QUOTA #else /* IRIX */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 04e4325 s3:winbindd: make sure we only call static_init_idmap once from a3eb8d7 quota: fix build of sysquote_xfs on http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 04e4325642d029e604c31b371811fafdf2b61cf8 Author: Björn Jacke b...@sernet.de Date: Wed Aug 24 10:57:49 2011 +0200 s3:winbindd: make sure we only call static_init_idmap once this is a backport of 3f14d03adbda03b821210115af4fae044a9b4a3e Fix bug #8402 - winbind log spammed with idmap messages. --- Summary of changes: source3/winbindd/idmap.c | 21 + 1 files changed, 17 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 7aa2853..2414dab 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -28,6 +28,21 @@ static_decl_idmap; +static void idmap_init(void) +{ + static bool initialized; + + if (initialized) { + return; + } + + DEBUG(10, (idmap_init(): calling static_init_idmap\n)); + + static_init_idmap; + + initialized = true; +} + /** * Pointer to the backend methods. Modules register themselves here via * smb_register_idmap. @@ -346,9 +361,7 @@ static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) char *modulename; char *params; - DEBUG(10, (idmap_init_default_domain: calling static_init_idmap\n)); - - static_init_idmap; + idmap_init(); if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), modulename, params)) { @@ -546,7 +559,7 @@ static NTSTATUS idmap_alloc_init(struct idmap_alloc_context **ctx) char *modulename, *params; NTSTATUS ret = NT_STATUS_NO_MEMORY;; - static_init_idmap; + idmap_init(); if (idmap_alloc_ctx != NULL) { *ctx = idmap_alloc_ctx; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a4f48b3 docs: clarify the idmap_rid manpage (bug #7788) from 04e4325 s3:winbindd: make sure we only call static_init_idmap once http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a4f48b3da0081845336c55ff230179caeab5195c Author: Michael Adam ob...@samba.org Date: Tue Dec 7 17:30:27 2010 +0100 docs: clarify the idmap_rid manpage (bug #7788) The idmap_rid module should not be used as a default backend. Also mention that the old snytax idmap backend = rid:domain=range ... is not supported any more. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104 --- Summary of changes: docs-xml/manpages-3/idmap_rid.8.xml | 18 ++ 1 files changed, 18 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml index 55aed62..a453e91 100644 --- a/docs-xml/manpages-3/idmap_rid.8.xml +++ b/docs-xml/manpages-3/idmap_rid.8.xml @@ -21,6 +21,24 @@ paraThe idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is deterministic./para + + para + Note that the idmap_rid module has changed considerably since Samba + versions 3.0. and 3.2. + Currently, there should to be an explicit idmap configuration for each + domain that should use the idmap_rid backend, using disjoint ranges. + One usually needs to define a writeable default idmap range, using + a backent like parametertdb/parameter or parameterldap/parameter + that can create unix ids, in order to be able to map the BUILTIN sids + and other domains, and also in order to be able to create group mappings. + See the example below. + /para + + para + Note that the old syntax + parameteridmap backend = rid:DOM1=range DOM2=range2 .../parameter + is not supported any more since Samba version 3.0.25. + /para /refsynopsisdiv refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b20ca77 s3: delete requests are not special from 30567b8 s3: Fix bug #9085. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b20ca77e2a9d111eb2e77d0b804fe7505b07e418 Author: Volker Lendecke v...@samba.org Date: Mon Sep 10 11:25:03 2012 +0200 s3: delete requests are not special The only difference between batch and exclusive oplocks is the time of the check: Batch is checked before the share mode check, exclusive after. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests. --- Summary of changes: source3/smbd/open.c | 13 ++--- 1 files changed, 2 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index dfa45ef..843bb2b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -894,11 +894,6 @@ static NTSTATUS open_mode_check(connection_struct *conn, return NT_STATUS_OK; } -static bool is_delete_request(files_struct *fsp) { - return ((fsp-access_mask == DELETE_ACCESS) - (fsp-oplock_type == NO_OPLOCK)); -} - /* * Send a break message to the oplock holder and delay the open for * our client. @@ -1002,13 +997,9 @@ static bool delay_for_oplocks(struct share_mode_lock *lck, } if (exclusive != NULL) { /* Found an exclusive oplock */ - bool delay_it = is_delete_request(fsp) ? - BATCH_OPLOCK_TYPE(exclusive-op_type) : true; SMB_ASSERT(!have_level2); - if (delay_it) { - send_break_message(fsp, exclusive, mid, oplock_request); - return true; - } + send_break_message(fsp, exclusive, mid, oplock_request); + return true; } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 30567b8 s3: Fix bug #9085. from 3844438 Fix bug #9100 - winbind doesn't return Domain Local groups from own domain. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 30567b8f9bc0f5a39a3a65039277aa5f839622cd Author: hargagan sharga...@novell.com Date: Tue Aug 28 09:29:52 2012 +0200 s3: Fix bug #9085. NMB registration for a duplicate workstation fails with registration refuse. (cherry picked from commit 71c4227fd0a741984fb273ad1973ad1724ecb04b) --- Summary of changes: source3/nmbd/nmbd_winsserver.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index 0a5b1c8..20436c5 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -1014,7 +1014,7 @@ static void wins_register_query_success(struct subnet_record *subrec, DEBUG(3,(wins_register_query_success: Original client at IP %s still wants the \ name %s. Rejecting registration request.\n, inet_ntoa(ip), nmb_namestr(question_name) )); - send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet); + send_wins_name_registration_response(ACT_ERR, 0, orig_reg_packet); orig_reg_packet-locked = False; free_packet(orig_reg_packet); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 36dc8a0 Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors. via e01df21 Ensure we keep last_access up to date when processing a request. from b27caac s3: Fix a crash in reply_lockingX_error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 36dc8a0f40a38d9c03570856cb4c843b74c1c7bd Author: Herb Lewis hle...@panasas.com Date: Mon Aug 20 16:03:28 2012 -0700 Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors. A connection is idle when both struct winbindd_cli_state-request AND struct winbindd_cli_state-response are NULL. Otherwise we can flag as idle a connection in the state of having sent the request to the winbindd child (request != NULL) but not yet received a reply (response == NULL). commit e01df21a5dbe8f3d401d58de6cffa4d4ba340a24 Author: Jeremy Allison j...@samba.org Date: Mon Aug 20 15:21:26 2012 -0700 Ensure we keep last_access up to date when processing a request. --- Summary of changes: source3/winbindd/winbindd.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index ca5a53b..4442c73 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -566,6 +566,7 @@ static void process_request(struct winbindd_cli_state *state) state-cmd_name = unknown request; state-recv_fn = NULL; + state-last_access = time(NULL); /* Process command */ @@ -871,7 +872,8 @@ static bool remove_idle_client(void) int nidle = 0; for (state = winbindd_client_list(); state; state = state-next) { - if (state-response == NULL + if (state-request == NULL + state-response == NULL !state-pwent_state !state-grent_state) { nidle++; if (!last_access || state-last_access last_access) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 51c5f84 Fix bug #9098 - winbind does not refresh kerberos tickets. from 36dc8a0 Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 51c5f84d2496b5117a2fe6afc061594cf33b5fc1 Author: Jeremy Allison j...@samba.org Date: Tue Aug 21 14:08:24 2012 -0700 Fix bug #9098 - winbind does not refresh kerberos tickets. Based on work from Ian Gordon ian.gor...@strath.ac.uk. --- Summary of changes: source3/winbindd/winbindd_cred_cache.c | 30 +- source3/winbindd/winbindd_pam.c|9 + source3/winbindd/winbindd_proto.h |1 + 3 files changed, 39 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c index e63e732..ba4a7b2 100644 --- a/source3/winbindd/winbindd_cred_cache.c +++ b/source3/winbindd/winbindd_cred_cache.c @@ -484,6 +484,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name, const char *ccname, const char *service, const char *username, + const char *pass, const char *realm, uid_t uid, time_t create_time, @@ -586,7 +587,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name, DEBUG(10,(add_ccache_to_list: added krb5_ticket handler\n)); } - + + /* +* If we're set up to renew our krb5 tickets, we must +* cache the credentials in memory for the ticket +* renew function (or increase the reference count +* if we're logging in more than once). Fix inspired +* by patch from Ian Gordon ian.gor...@strath.ac.uk +* for bugid #9098. +*/ + + ntret = winbindd_add_memory_creds(username, uid, pass); + DEBUG(10, (winbindd_add_memory_creds returned: %s\n, + nt_errstr(ntret))); + return NT_STATUS_OK; } @@ -669,6 +683,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name, added ccache [%s] for user [%s] to the list\n, ccname, username)); + if (entry-event) { + /* +* If we're set up to renew our krb5 tickets, we must +* cache the credentials in memory for the ticket +* renew function. Fix inspired by patch from +* Ian Gordon ian.gor...@strath.ac.uk for +* bugid #9098. +*/ + + ntret = winbindd_add_memory_creds(username, uid, pass); + DEBUG(10, (winbindd_add_memory_creds returned: %s\n, + nt_errstr(ntret))); + } + return NT_STATUS_OK; no_mem: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index c8910d6..4cc181a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -656,6 +656,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, cc, service, state-request-data.auth.user, + state-request-data.auth.pass, realm, uid, time(NULL), @@ -1034,6 +1035,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, cc, service, state-request-data.auth.user, + state-request-data.auth.pass, domain-alt_name, uid, time(NULL), @@ -2456,6 +2458,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain, goto process_result; } + /* +* Remove any mlock'ed memory creds in the child +* we might be using for krb5 ticket renewal. +*/ + + winbindd_delete_memory_creds(state-request-data.logoff.user); + #else result = NT_STATUS_NOT_SUPPORTED; #endif diff --git
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 3844438 Fix bug #9100 - winbind doesn't return Domain Local groups from own domain. from 51c5f84 Fix bug #9098 - winbind does not refresh kerberos tickets. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 38444389c39d5c5adca1c9f300bded47407fd0b5 Author: Goldberg, Neil R ngold...@mitre.org Date: Fri Aug 17 13:52:07 2012 -0700 Fix bug #9100 - winbind doesn't return Domain Local groups from own domain. Back-port of fix for 3.6.x from bug #9052. --- Summary of changes: source3/auth/auth_util.c |2 +- source3/include/proto.h |3 +-- source3/lib/util_sid.c | 20 +++- source3/winbindd/winbindd_pam.c |2 +- source3/winbindd/winbindd_util.c | 12 +--- 5 files changed, 19 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 69d5c65..42e2747 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1826,7 +1826,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, nt_status = sid_array_from_info3(result, info3, result-sids, result-num_sids, -false, false); +false); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(result); return nt_status; diff --git a/source3/include/proto.h b/source3/include/proto.h index 559a34e..785cc30 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1361,8 +1361,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, DOM_SID **user_sids, size_t *num_user_sids, - bool include_user_group_rid, - bool skip_ressource_groups); + bool include_user_group_rid); /* The following definitions come from lib/util_sock.c */ diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index bea04d8..f918eba 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -684,8 +684,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, DOM_SID **user_sids, size_t *num_user_sids, - bool include_user_group_rid, - bool skip_ressource_groups) + bool include_user_group_rid) { NTSTATUS status; DOM_SID sid; @@ -738,19 +737,14 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, } } - /* Copy 'other' sids. We need to do sid filtering here to - prevent possible elevation of privileges. See: - - http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp - */ + /* SID filtering should only be handled by the domain controller on a + trust by trust basis, and is counter-indicated for forests. Since + native AD return all Domain Local groups as other SIDs, then this + must not filter them when parsing INFO3 responses such that the + list is identical to the tokenGroups LDAP query. +*/ for (i = 0; i info3-sidcount; i++) { - - if (skip_ressource_groups - (info3-sids[i].attributes SE_GROUP_RESOURCE)) { - continue; - } - status = add_sid_to_array(mem_ctx, info3-sids[i].sid, sid_array, num_sids); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 4cc181a..59a95b0 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -298,7 +298,7 @@ NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3, status = sid_array_from_info3(talloc_tos(), info3, token-user_sids, token-num_sids, - true, false); + true); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 15a3575..f4e2f56 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1166,12 +1166,18 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, return NT_STATUS_UNSUCCESSFUL;
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 81cf4fc WHATSNEW: Start release notes for Samba 3.5.18. via d505a39 VERSION: Bump version up to 3.5.18. from 6f5cfa2 WHATSNEW: Remove Major enhancements section. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 81cf4fc831a782dc315362852b09eba67c26e685 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 13 07:04:37 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.18. Karolin commit d505a39b117bc450c8ffc43e1836e97531a182e1 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 13 07:02:56 2012 +0200 VERSION: Bump version up to 3.5.18. Karolin --- Summary of changes: WHATSNEW.txt| 44 ++-- source3/VERSION |2 +- 2 files changed, 43 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e95acf1..da49f98 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,44 @@ == + Release Notes for Samba 3.5.18 + , 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.16 include: + + +Changes since 3.5.17: +- + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.17 August 13, 2012 == @@ -44,8 +84,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.16 diff --git a/source3/VERSION b/source3/VERSION index e19f08e..5aeb65b 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=17 +SAMBA_VERSION_RELEASE=18 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b27caac s3: Fix a crash in reply_lockingX_error from 81cf4fc WHATSNEW: Start release notes for Samba 3.5.18. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b27caac5e077b49f46edf34045bb4fd8d17b4c77 Author: Volker Lendecke v...@samba.org Date: Tue Aug 7 16:49:52 2012 -0700 s3: Fix a crash in reply_lockingX_error A timed brlock with 2 locks comes in and the second one blocks, file is closed. smbd_cancel_pending_lock_requests_by_fid sets blr-fsp to NULL. reply_lockingX_error (called via MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr-fsp because blr-lock_num==1 (the second one blocked). This patch fixes the bug by only undoing the locks if fsp!=NULL. fsp==NULL is the close case where everything is undone anyway. Thanks to Peter Somogyi, somo...@hu.ibm.com for this bug report. Fix bug #9084 - Blocking lock followed by close can crash smbd. (cherry picked from commit d80fbbea8ec77c0bda0e3fb9eaed2f170784ea7d) --- Summary of changes: source3/smbd/blocking.c | 17 - 1 files changed, 12 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 3f49421..08af28a 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -299,7 +299,7 @@ static void generic_blocking_lock_error(struct blocking_lock_record *blr, NTSTAT obtained first. */ -static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS status) +static void undo_locks_obtained(struct blocking_lock_record *blr) { files_struct *fsp = blr-fsp; uint16 num_ulocks = SVAL(blr-req-vwv+6, 0); @@ -343,8 +343,6 @@ static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS stat offset, WINDOWS_LOCK); } - - generic_blocking_lock_error(blr, status); } / @@ -357,8 +355,17 @@ static void blocking_lock_reply_error(struct blocking_lock_record *blr, NTSTATUS switch(blr-req-cmd) { case SMBlockingX: - reply_lockingX_error(blr, status); - break; + /* +* This code can be called during the rundown of a +* file after it was already closed. In that case, +* blr-fsp==NULL and we do not need to undo any +* locks, they are already gone. +*/ + if (blr-fsp != NULL) { + undo_locks_obtained(blr); + } + generic_blocking_lock_error(blr, status); +break; case SMBtrans2: case SMBtranss2: reply_nterror(blr-req, status); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6f5cfa2 WHATSNEW: Remove Major enhancements section. from a7e0d4a WHATSNEW: Add changes since 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6f5cfa259dfb5501db21163982ad4397c254a9c9 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 2 19:26:06 2012 +0200 WHATSNEW: Remove Major enhancements section. Karolin --- Summary of changes: WHATSNEW.txt |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 06c1f77..e95acf1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -6,10 +6,6 @@ This is the latest stable release of Samba 3.5. -Major enhancements in Samba 3.5.17 include: - -o - Changes since 3.5.16: - -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a7e0d4a WHATSNEW: Add changes since 3.5.16. from a224e4c Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a7e0d4a78eaacc56463d3a9160db5862c2ea8f7b Author: Karolin Seeger ksee...@samba.org Date: Thu Jul 26 20:03:39 2012 +0200 WHATSNEW: Add changes since 3.5.16. Karolin --- Summary of changes: WHATSNEW.txt | 12 +++- 1 files changed, 11 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a7333f8..06c1f77 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -15,7 +15,17 @@ Changes since 3.5.16: - o Jeremy Allison j...@samba.org -* BUG +* BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in + configure. + + +o Björn Jacke b...@sernet.de +* BUG 8996: Fix build without ads support. +* BUG 9011: Second part of a fix for bug #9011 (Build on HP-UX broken). + + +o Stefan Metzmacher me...@samba.org +* BUG 9022: Make vfs_gpfs less verbose in get/set_xattr functions. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a224e4c Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure. from 4c8fdb5 s3:vfs_gpfs: be less verbose in get/set_xattr functions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a224e4cc1dbb2578813ccffb80e88d9ec92516ce Author: Jeremy Allison j...@samba.org Date: Tue Jul 10 21:13:03 2012 -0700 Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure. Previous code only set the real euid, not the effective one. This is not a security issue as this is *only* used in the quota code, and only between code that brackets it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms (we use USE_SETREUID by preference) but it's better to have this right. (cherry picked from commit ceed322622b46be3745b32a5f6a02e634bfe1789) --- Summary of changes: source3/lib/util_sec.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index d7984ac..b90a6f9 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -334,7 +334,7 @@ int set_re_uid(void) uid_t uid = geteuid(); #if USE_SETRESUID - setresuid(geteuid(), -1, -1); + setresuid(uid, uid, -1); #endif #if USE_SETREUID -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1bbaba8 WHATSNEW: Start release notes for Samba 3.5.17. via 8f4111a VERSION: Bump version up to 3.5.17. from b1a6698 WHATSNEW: Prepare release notes for Samba 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1bbaba8dffa238692a7efc838d8549e7ee40993c Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:48:58 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.17. Karolin commit 8f4111a664b63f68af2b62e7b5d3738907d0bc87 Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:46:01 2012 +0200 VERSION: Bump version up to 3.5.17. Karolin --- Summary of changes: WHATSNEW.txt| 47 +-- source3/VERSION |2 +- 2 files changed, 46 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1e2ff06..a7333f8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,47 @@ == + Release Notes for Samba 3.5.17 + August 13, 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.17 include: + +o + + +Changes since 3.5.16: +- + +o Jeremy Allison j...@samba.org +* BUG + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.16 July 2, 2012 == @@ -103,8 +146,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.15 diff --git a/source3/VERSION b/source3/VERSION index 53fad4d..e19f08e 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7a56042 s3: readd h_errno struct member but rename it from 1bbaba8 WHATSNEW: Start release notes for Samba 3.5.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7a56042642409556c492cadd49772bb70fbd974d Author: Björn Jacke b...@sernet.de Date: Thu Jun 10 23:15:19 2010 +0200 s3: readd h_errno struct member but rename it as pointed out by metze this is a structure of fixed size, which should not be changed. (cherry picked from commit a8c051b2f91852b5228d6a903d6a7fd50d22de28) Second part of a fix for bug #9011 (Build on HP-UX broken). --- Summary of changes: nsswitch/winbind_nss_hpux.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h index 393c0a3..dba70a7 100644 --- a/nsswitch/winbind_nss_hpux.h +++ b/nsswitch/winbind_nss_hpux.h @@ -133,9 +133,9 @@ typedef struct nss_XbyY_args { /* * h_errno is defined as function call macro for multithreaded applications * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss - * modules, so let's simply comment it out here: - * int h_errno; + * modules, so let's simply rename it: */ + int h_errno_unused; nss_status_t status; } nss_XbyY_args_t; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f8ed881 s3: fix build without ads support from 7a56042 s3: readd h_errno struct member but rename it http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f8ed8815adc6acc42bab2f1b69085dcda8bb9894 Author: Björn Jacke b...@sernet.de Date: Mon Jul 2 00:46:06 2012 +0200 s3: fix build without ads support when we have no ads support we don't have the ads_get_sid_token symbol used in this unused code :-) this is the backport of 43c56dc4255a7a6cbd176e6ae66a7652c6d72d2c Fix bug #8996 - build without ads support (e.g. plain solaris 8) broken. --- Summary of changes: libgpo/gpo_util.c |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index 7a23b5c..4e0c8ab 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -840,6 +840,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, const char *dn, NT_USER_TOKEN **token) { +#ifdef HAVE_ADS NT_USER_TOKEN *ad_token = NULL; ADS_STATUS status; #if _SAMBA_BUILD_ == 4 @@ -848,9 +849,6 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, NTSTATUS ntstatus; #endif -#ifndef HAVE_ADS - return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); -#endif status = ads_get_sid_token(ads, mem_ctx, dn, ad_token); if (!ADS_ERR_OK(status)) { return status; @@ -866,4 +864,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, } #endif return ADS_SUCCESS; +#else + return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); +#endif } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4c8fdb5 s3:vfs_gpfs: be less verbose in get/set_xattr functions from f8ed881 s3: fix build without ads support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4c8fdb5ce7ad0d966b3de23a1052191645b6635b Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 22 14:20:32 2011 +0100 s3:vfs_gpfs: be less verbose in get/set_xattr functions metze Signed-off-by: Christian Ambach a...@samba.org (cherry picked from commit 2e95d8048b9e9c7025ddada7ede15494e6016ba9) Fix bug #9022 - vfs_gpfs is very verbose in get/set_xattr functions. (cherry picked from commit 3abaa9dd8a2af9497dfc6afd6f93a638956c1c3a) --- Summary of changes: source3/modules/vfs_gpfs.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index ecfa60a..c80b9e5 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -935,7 +935,7 @@ static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path, /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ - DEBUG(1, (gpfs_set_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_set_xattr:name is %s\n,name)); return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags); } @@ -989,7 +989,7 @@ static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *pat /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ -DEBUG(1, (gpfs_get_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_get_xattr:name is %s\n,name)); return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8243fb8 Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params via e46f242 Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params from 41c2411 s3: Fix a winbind race leading to 100% CPU http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8243fb8dbeed34e1a9a61d44c48d82321eebe7ab Author: Jeremy Allison j...@samba.org Date: Mon Jun 18 16:24:12 2012 -0700 Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls. See MS-CIFS 2.2.4.47.2 for details. (cherry picked from commit d5c01dc502e02cde12abc939afd48519d38c09a9) commit e46f24296158ca48ac450b013cce39dd6ea91b42 Author: Jeremy Allison j...@samba.org Date: Mon Jun 18 16:23:13 2012 -0700 Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params Found by Richard Sharpe realrichardsha...@gmail.com. The correct command code in a reply to NT Transact Secondary (0xa1) is NT Transact (0xa0). (cherry picked from commit 115f5af9a89a20929f02578c08a34ae2736951dd) --- Summary of changes: source3/smbd/nttrans.c | 11 ++- source3/smbd/trans2.c | 15 +-- 2 files changed, 15 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 6fbbed9..2ca14f4 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -134,11 +134,6 @@ void send_nt_replies(connection_struct *conn, + data_alignment_offset); /* -* We might have had SMBnttranss in req-inbuf, fix that. -*/ - SCVAL(req-outbuf, smb_com, SMBnttrans); - - /* * Set total params and data to be sent. */ @@ -3068,6 +3063,12 @@ void reply_nttranss(struct smb_request *req) show_msg((char *)req-inbuf); + /* Windows clients expect all replies to + an NT transact secondary (SMBnttranss 0xA1) + to have a command code of NT transact + (SMBnttrans 0xA0). See bug #8989 for details. */ + req-cmd = SMBnttrans; + if (req-wct 18) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBnttranss); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 794c138..602280d 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -849,12 +849,6 @@ void send_trans2_replies(connection_struct *conn, reply_outbuf(req, 10, total_sent_thistime + alignment_offset + data_alignment_offset); - /* -* We might have SMBtrans2s in req which was transferred to -* the outbuf, fix that. -*/ - SCVAL(req-outbuf, smb_com, SMBtrans2); - /* Set total params and data to be sent */ SSVAL(req-outbuf,smb_tprcnt,paramsize); SSVAL(req-outbuf,smb_tdrcnt,datasize); @@ -8562,6 +8556,15 @@ void reply_transs2(struct smb_request *req) show_msg((char *)req-inbuf); + /* Windows clients expect all replies to + a transact secondary (SMBtranss2 0x33) + to have a command code of transact + (SMBtrans2 0x32). See bug #8989 + and also [MS-CIFS] section 2.2.4.47.2 + for details. + */ + req-cmd = SMBtrans2; + if (req-wct 8) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtranss2); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via fad706e s3: Correct documentation of case sensitive from 8243fb8 Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit fad706e7a7c47d4f0a0933daf5769abfda1f5c49 Author: Olaf Flebbe o.fle...@science-computing.de Date: Fri Oct 28 09:59:07 2011 +0200 s3: Correct documentation of case sensitive this fixes bug #8552 Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Jun 22 21:59:59 CEST 2012 on sn-devel-104 (cherry picked from commit 8558e321c5fc7eab94f47b243024e0439dfe1378) (cherry picked from commit 1f19c2de580b04fe9e3038c879c80d8a54ce828f) --- Summary of changes: docs-xml/smbdotconf/filename/casesensitive.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/filename/casesensitive.xml b/docs-xml/smbdotconf/filename/casesensitive.xml index ed77050..e90f468 100644 --- a/docs-xml/smbdotconf/filename/casesensitive.xml +++ b/docs-xml/smbdotconf/filename/casesensitive.xml @@ -8,5 +8,5 @@ paraSee the discussion in the section smbconfoption name=name mangling/./para /description -value type=defaultno/value +value type=defaultauto/value /samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 92b1d6b Fix bug #8974 - Kernel oplocks are broken when uid(file) != uid(process). from fad706e s3: Correct documentation of case sensitive http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 92b1d6b93571facbb07b7d32f169ba32ef6f8e1f Author: Jeremy Allison j...@samba.org Date: Wed Jun 20 15:50:00 2012 -0700 Fix bug #8974 - Kernel oplocks are broken when uid(file) != uid(process). Based on a fix from Etienne Dechamps e-t...@akegroup.org (cherry picked from commit 0e2fb6c69e971c7502fabe17fa71d1453dda18a6) --- Summary of changes: source3/modules/vfs_default.c |5 - source3/smbd/oplock_linux.c | 13 + 2 files changed, 13 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 60b85d9..0a34198 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1133,11 +1133,6 @@ static int vfswrap_linux_setlease(vfs_handle_struct *handle, files_struct *fsp, START_PROFILE(syscall_linux_setlease); #ifdef HAVE_KERNEL_OPLOCKS_LINUX - /* first set the signal handler */ - if(linux_set_lease_sighandler(fsp-fh-fd) == -1) { - return -1; - } - result = linux_setlease(fsp-fh-fd, leasetype); #else errno = ENOSYS; diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c index c60c745..ff5d596 100644 --- a/source3/smbd/oplock_linux.c +++ b/source3/smbd/oplock_linux.c @@ -74,9 +74,22 @@ int linux_setlease(int fd, int leasetype) { int ret; + /* First set the signal handler. */ + if (linux_set_lease_sighandler(fd) == -1) { + return -1; + } ret = fcntl(fd, F_SETLEASE, leasetype); if (ret == -1 errno == EACCES) { set_effective_capability(LEASE_CAPABILITY); + /* +* Bug 8974 - work around Linux kernel bug +* https://bugzilla.kernel.org/show_bug.cgi?id=43336. +* fcntl(F_SETLEASE) resets signal number when +* called multiple times +*/ + if (linux_set_lease_sighandler(fd) == -1) { + return -1; + } ret = fcntl(fd, F_SETLEASE, leasetype); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6fa785d s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs from 92b1d6b Fix bug #8974 - Kernel oplocks are broken when uid(file) != uid(process). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6fa785d9b2379138bff759266a1545bf0240f092 Author: Volker Lendecke v...@samba.org Date: Fri Jun 22 15:46:13 2012 +0200 s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs gpfs2smb_acl can leave errno!=0 around even if it returned a correct result!=NULL. We can only rely on errno being set if another error condition (in this case result==NULL) indicates an error. If result!=NULL, errno is undefined and can be anything. This leads to SAFE_FREE(result) further down even in the success case. Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Jun 22 19:27:39 CEST 2012 on sn-devel-104 (cherry picked from commit e7b58146d8576ae8bf4eaf2ec1063fe7697e05b8) (cherry picked from commit bea2d3d007cef5643e863d2d4a80f0ea72461ec3) --- Summary of changes: source3/modules/vfs_gpfs.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index ca29f64..ecfa60a 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -586,8 +586,8 @@ static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type) pacl-acl_nace)); result = gpfs2smb_acl(pacl); - if (result == NULL) { - goto done; + if (result != NULL) { + errno = 0; } done: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 9658d8e s3: fix build on HP-UX from 6fa785d s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 9658d8e13dc045a338a7b1496a6cc3ce5ed0e704 Author: Björn Jacke b...@sernet.de Date: Thu Jun 10 17:19:16 2010 +0200 s3: fix build on HP-UX this struct member h_errno is not used in the HP-UX code paths, it was just there because Solaris has it, too. As h_errno is a function call macro on HP-UX when thread support is enabled we run into trouble here. Just commenting it out should be okay as we don't use it anyway. (cherry picked from commit ec94efb79d4516b09c7d1d93a4ff8ce0f7046f41) Fix bug #9011 - Build on HP-UX broken. --- Summary of changes: nsswitch/winbind_nss_hpux.h |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h index 40a352d..393c0a3 100644 --- a/nsswitch/winbind_nss_hpux.h +++ b/nsswitch/winbind_nss_hpux.h @@ -130,7 +130,12 @@ typedef struct nss_XbyY_args { void *returnval; int erange; - int h_errno; + /* + * h_errno is defined as function call macro for multithreaded applications + * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss + * modules, so let's simply comment it out here: + * int h_errno; + */ nss_status_t status; } nss_XbyY_args_t; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b1a6698 WHATSNEW: Prepare release notes for Samba 3.5.16. from 9658d8e s3: fix build on HP-UX http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b1a6698ec7a6fc661e8ff9876dfbdf740f33ae2d Author: Karolin Seeger ksee...@samba.org Date: Sat Jun 30 21:45:53 2012 +0200 WHATSNEW: Prepare release notes for Samba 3.5.16. Karolin --- Summary of changes: WHATSNEW.txt | 72 +++-- 1 files changed, 69 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3e8711d..1e2ff06 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,6 +1,6 @@ == Release Notes for Samba 3.5.16 - , 2012 + July 2, 2012 == @@ -8,13 +8,79 @@ This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.16 include: -o +o Fix possible memory leaks in the Samba master process (bug #8970). +o Fix uninitialized memory read in talloc_free(). +o Fix smbd crash with unknown user (bug #8314). + Changes since 3.5.15: - - o Jeremy Allison j...@samba.org +* BUG 8314: Fix smbd crash with unknown user. +* BUG 8831: Fix inconsistent (with manpage) command-line switch for help + in smbtree. +* BUG 8882: Fix processing of %U with vfs_full_audit when force user + is set. +* BUG 8897: winbind_krb5_locator only returns one IP address. +* BUG 8910: resolve_ads() code can return zero addresses and miss valid DC + IP addresses. +* BUG 8957: Fix typo in pam_winbindd code. +* BUG 8972: Directory group write permission bit is set if unix extensions + are enabled. +* BUG 8974: Kernel oplocks are broken when uid(file) != uid(process). +* BUG 8989: Send correct responses to NT Transact Secondary when no data and + no params. +* BUG 8994: Fix winbind normalize names. + + +o Andrew Bartlett abart...@samba.org +* BUG 8599: Only use SamLogonEx when we can get unencrypted session keys. +* BUG 8943: Slow but responsive DC can lock up winbindd for 10 minutes + at a time. + + +o Björn Baumbach b...@sernet.de +* BUG 7564: Fix default name resolve order in the manpage. + + +o John Bradshaw j...@johnbradshaw.org +* BUG 7938: Fix typo (overrided - overridden) in Samba3-HOWTO. + + +o Olaf Flebbe o.fle...@science-computing.de +* BUG 8552: Correct documentation of case sensitive. + + +o Björn Jacke b...@sernet.de +* BUG 8869: Remove outdated netscape ds 5 schema file. +* BUG 9011: Fix build on HP-UX. + + +o Volker Lendecke v...@samba.org +* Fix uninitialized memory read in talloc_free(). +* BUG 8338: OS/X can not deal with a 10-vwv read on normal files. +* BUG 8998: Notify code can miss a ChDir. +* BUG 9000: Fix a Winbind race leading to 100% CPU. +* BUG 9003: Fix posix acl on gpfs. + + +o Matthieu Patou m...@matws.net +* BUG 8975: Make sure that Winbind can coredump. + + +o Karolin Seeger ksee...@samba.org +* BUG 7930: Add hint that setting profile acls = yes on normal shares can + cause trouble. + + +o Richard Sharpe realrichardsha...@gmail.com +* BUG 8822: Fix building out-of-tree vfs modules. +* BUG 8970: Fix possible memory leaks in the Samba master process. + + +o Simo Sorce i...@samba.org +* BUG 8915: Fix pam_winbind build against newer iniparser library. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 41c2411 s3: Fix a winbind race leading to 100% CPU from dfa5366 Fix for bug #8998 - Notify code can miss a ChDir. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 41c2411286f76919546b677f98f1166f1e40c706 Author: Volker Lendecke v...@samba.org Date: Fri Aug 26 16:54:18 2011 +0200 s3: Fix a winbind race leading to 100% CPU This fixes a race condition that leads to the winbindd_children list becoming corrupted. It happens when on a busy winbind SIGCHLD is a bit late. Imagine a winbind with multiple requests in the queue for a single child. Child dies, and before the SIGCHLD handler is called we find the socket to be dead. wb_child_request_done is called, receiving an error from wb_simple_trans_recv. It closes the socket. Then immediately the wb_child_request_trigger will do another fork_domain_child before the signal handler is called. This means that we do another fork_domain_child, we have child-sock==-1 at this point. fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time where the child is already part of that list. This corrupts the list. Then the signal handler kicks in, spinning in for (child = winbindd_children; child != NULL; child = child-next) { forever. Not good. This patch makes sure that both conditions (sock==-1 and not part of the list) for a winbindd_child struct match up. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Fri Aug 26 18:51:24 CEST 2011 on sn-devel-104 Fix bug #9000 - winbindd hangs when disconnect domain connection. --- Summary of changes: source3/winbindd/winbindd_dual.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 360f1b2..2c0633c 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -37,6 +37,8 @@ extern bool override_logfile; extern struct winbindd_methods cache_methods; +static struct winbindd_child *children = NULL; + /* Read some data from a client connection */ static NTSTATUS child_read_request(struct winbindd_cli_state *state) @@ -170,6 +172,7 @@ static void wb_child_request_done(struct tevent_req *subreq) */ close(state-child-sock); state-child-sock = -1; + DLIST_REMOVE(children, state-child); tevent_req_error(req, err); return; } @@ -517,8 +520,6 @@ void setup_child(struct winbindd_domain *domain, struct winbindd_child *child, SMB_ASSERT(child-rpccli != NULL); } -struct winbindd_child *children = NULL; - void winbind_child_died(pid_t pid) { struct winbindd_child *child; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via dfa5366 Fix for bug #8998 - Notify code can miss a ChDir. from c615d8e Fix bug #8994 - winbind normalize names. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit dfa5366a6ee418d6292c1832520c0c1bd974af49 Author: Volker Lendecke volker.lende...@sernet.de Date: Thu Jun 14 12:07:33 2012 -0700 Fix for bug #8998 - Notify code can miss a ChDir. --- Summary of changes: source3/smbd/notify.c | 55 1 files changed, 41 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index a53f3fb..1f664d0 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -366,28 +366,55 @@ void remove_pending_change_notify_requests_by_fid(files_struct *fsp, } } -void notify_fname(connection_struct *conn, uint32 action, uint32 filter, - const char *path) +static void notify_parent_dir(connection_struct *conn, + uint32 action, uint32 filter, + const char *path) { - char *fullpath; + struct smb_filename smb_fname_parent; char *parent; const char *name; + char *oldwd; - if (path[0] == '.' path[1] == '/') { - path += 2; + if (!parent_dirname(talloc_tos(), path, parent, name)) { + DEBUG(1, (Can't get parent dirname, giving up\n)); + return; } - if (parent_dirname(talloc_tos(), path, parent, name)) { - struct smb_filename smb_fname_parent; - ZERO_STRUCT(smb_fname_parent); - smb_fname_parent.base_name = parent; + ZERO_STRUCT(smb_fname_parent); + smb_fname_parent.base_name = parent; - if (SMB_VFS_STAT(conn, smb_fname_parent) != -1) { - notify_onelevel(conn-notify_ctx, action, filter, - SMB_VFS_FILE_ID_CREATE(conn, smb_fname_parent.st), - name); - } + oldwd = vfs_GetWd(parent, conn); + if (oldwd == NULL) { + DEBUG(1, (vfs_GetWd failed!\n)); + goto done; + } + if (vfs_ChDir(conn, conn-connectpath) == -1) { + DEBUG(1, (Could not chdir to connect path!\n)); + goto done; + } + + if (SMB_VFS_STAT(conn, smb_fname_parent) == -1) { + goto chdir_done; + } + + notify_onelevel(conn-notify_ctx, action, filter, + SMB_VFS_FILE_ID_CREATE(conn, smb_fname_parent.st), + name); +chdir_done: + vfs_ChDir(conn, oldwd); +done: + TALLOC_FREE(parent); +} + +void notify_fname(connection_struct *conn, uint32 action, uint32 filter, + const char *path) +{ + char *fullpath = NULL; + + if (path[0] == '.' path[1] == '/') { + path += 2; } + notify_parent_dir(conn, action, filter, path); fullpath = talloc_asprintf(talloc_tos(), %s/%s, conn-connectpath, path); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via d853bc0 Fix bug #8970 - Possible memory leaks in the samba master process. from 0529cf9 Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit d853bc02c32a4c1172bf5f3f64c75db5ecc5ccca Author: Richard Sharpe realrichardsha...@gmail.com Date: Thu May 31 15:43:14 2012 -0700 Fix bug #8970 - Possible memory leaks in the samba master process. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/include/proto.h |6 +++--- source3/lib/debug.c | 13 - source3/nmbd/nmbd.c |3 ++- source3/param/loadparm.c| 12 source3/smbd/server.c |1 + source3/winbindd/winbindd.c |3 ++- 6 files changed, 24 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 579fc1b..559a34e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3918,9 +3918,9 @@ void expire_workgroups_and_servers(time_t t); /* The following definitions come from param/loadparm.c */ char *lp_smb_ports(void); -char *lp_dos_charset(void); -char *lp_unix_charset(void); -char *lp_display_charset(void); +const char *lp_dos_charset(void); +const char *lp_unix_charset(void); +const char *lp_display_charset(void); char *lp_logfile(void); char *lp_configfile(void); char *lp_smb_passwd_file(void); diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 80b8310..05e9eee 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -657,9 +657,11 @@ bool reopen_logs( void ) SAFE_FREE(fname); fname = SMB_STRDUP(logfname); if (!fname) { + TALLOC_FREE(logfname); return false; } } + TALLOC_FREE(logfname); } debugf = fname; @@ -1028,6 +1030,8 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func) */ if( lp_timestamp_logs() || lp_debug_prefix_timestamp() || !(lp_loaded()) ) { char header_str[200]; + char *curtime = current_timestring(talloc_tos(), + lp_debug_hires_timestamp()); header_str[0] = '\0'; @@ -1050,19 +1054,18 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func) , class=%s, default_classname_table[cls]); } - + /* Print it all out at once to prevent split syslog output. */ if( lp_debug_prefix_timestamp() ) { (void)Debug1( [%s, %2d%s] , - current_timestring(talloc_tos(), - lp_debug_hires_timestamp()), + curtime, level, header_str); } else { (void)Debug1( [%s, %2d%s] %s(%s)\n, - current_timestring(talloc_tos(), - lp_debug_hires_timestamp()), + curtime, level, header_str, location, func ); } + TALLOC_FREE(curtime); } errno = old_errno; diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index 48e6d93..2a7b28d 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -366,11 +366,12 @@ static bool reload_nmbd_services(bool test) set_remote_machine_name(nmbd, False); if ( lp_loaded() ) { - const char *fname = lp_configfile(); + char *fname = lp_configfile(); if (file_exist(fname) !strcsequal(fname,get_dyn_CONFIGFILE())) { set_dyn_CONFIGFILE(fname); test = False; } + TALLOC_FREE(fname); } if ( test !lp_file_list_changed() ) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 28ffc08..8c1cf09 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5318,9 +5318,9 @@ static char *lp_string(const char *s) char fn_name(const struct share_params *p) {return(LP_SNUM_OK(p-service)? ServicePtrs[(p-service)]-val : sDefault.val);} FN_GLOBAL_STRING(lp_smb_ports, Globals.smb_ports) -FN_GLOBAL_STRING(lp_dos_charset, Globals.dos_charset) -FN_GLOBAL_STRING(lp_unix_charset, Globals.unix_charset) -FN_GLOBAL_STRING(lp_display_charset, Globals.display_charset) +FN_GLOBAL_CONST_STRING(lp_dos_charset, Globals.dos_charset) +FN_GLOBAL_CONST_STRING(lp_unix_charset, Globals.unix_charset)
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via bc4a2c1 s3: Fix uninitialized memory read in talloc_free() from d853bc0 Fix bug #8970 - Possible memory leaks in the samba master process. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit bc4a2c143b531f9362acb8f3d6e099cbac070840 Author: Volker Lendecke v...@samba.org Date: Mon Jun 4 12:22:21 2012 -0700 s3: Fix uninitialized memory read in talloc_free() Thanks to laurent gaffie laurent.gaf...@gmail.com for reporting this issue! --- Summary of changes: source3/libsmb/clispnego.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 36d21d0..3322529 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -161,6 +161,9 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, for (i=0; asn1_tag_remaining(data) 0 i ASN1_MAX_OIDS-1; i++) { const char *oid_str = NULL; asn1_read_OID(data,talloc_autofree_context(),oid_str); + if (data-has_error) { + break; + } OIDs[i] = CONST_DISCARD(char *, oid_str); } OIDs[i] = NULL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 529 s3-winbindd: call dump_core_setup after command line option has been parsed from bc4a2c1 s3: Fix uninitialized memory read in talloc_free() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 52922fb373ad23a0ce9034bf9630cdb17765 Author: Matthieu Patou m...@matws.net Date: Fri Jun 1 15:33:04 2012 -0700 s3-winbindd: call dump_core_setup after command line option has been parsed Without this fix in some situations winbindd can't coredump. Such cases append when samba is compiled in a custom prefix (ie. /home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or basename(lp_logfile) before the configuration file and the command line is parsed will be something like /home/build/mat/prod/1/var which might not exists on the host where you run it (where it's most probably more normal directories). Specifying --log-basename didn't help as dump_core_setup is called before the command line and the config file is read so it didn't help getting a correct value in dump_core_setup. We fix this issue by calling dump_core_setup() also after the command line has been read and also after the configfile has been parsed so that the final location for the coredump is coherent with the final logile location. Fix bug #8975 (winbindd can't coredump). (cherry picked from commit 4cf3fb815610c6f0939f8b142296cd836faac7e6) --- Summary of changes: source3/winbindd/winbindd.c | 14 ++ 1 files changed, 14 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 0550da8..ca5a53b 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1073,6 +1073,15 @@ int main(int argc, char **argv, char **envp) } } + /* We call dump_core_setup one more time because the command line can +* set the log file or the log-basename and this will influence where +* cores are stored. Without this call get_dyn_LOGFILEBASE will be +* the default value derived from build's prefix. For EOM this value +* is often not related to the path where winbindd is actually run +* in production. +*/ + dump_core_setup(winbindd); + if (is_daemon interactive) { d_fprintf(stderr,\nERROR: Option -i|--interactive is not allowed together with -D|--daemon\n\n); @@ -1107,6 +1116,11 @@ int main(int argc, char **argv, char **envp) DEBUG(0, (error opening config file\n)); exit(1); } + /* After parsing the configuration file we setup the core path one more time +* as the log file might have been set in the configuration and cores's +* path is by default basename(lp_logfile()). +*/ + dump_core_setup(winbindd); /* Initialise messaging system */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via fe7d9d8 Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled from 529 s3-winbindd: call dump_core_setup after command line option has been parsed http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit fe7d9d85102613346a1365929f4545e43f412ab8 Author: Jeremy Allison j...@samba.org Date: Wed Jun 13 10:48:32 2012 -0700 Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled We can't manipulate file_attributes if it's a posix call. (cherry picked from commit bb750d7232bd266c06a14ac3ea577aeecfb81b14) --- Summary of changes: source3/smbd/open.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ded07a1..dfa45ef 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2296,8 +2296,10 @@ static NTSTATUS open_directory(connection_struct *conn, SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname)); - /* Ensure we have a directory attribute. */ - file_attributes |= FILE_ATTRIBUTE_DIRECTORY; + if (!(file_attributes FILE_FLAG_POSIX_SEMANTICS)) { + /* Ensure we have a directory attribute. */ + file_attributes |= FILE_ATTRIBUTE_DIRECTORY; + } DEBUG(5,(open_directory: opening directory %s, access_mask = 0x%x, share_access = 0x%x create_options = 0x%x, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c615d8e Fix bug #8994 - winbind normalize names. from fe7d9d8 Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c615d8e8e037996a9dd8d5a1982cf49d7c19a831 Author: Jeremy Allison j...@samba.org Date: Thu Jul 29 13:47:27 2010 -0700 Fix bug #8994 - winbind normalize names. We should be using the winbindd separator in this case, not hardcoding a \\ value. Jeremy. (cherry picked from commit b7f029016a6a3fb98652c65f27ae80ad78048396) Signed-off-by: Andreas Schneider a...@samba.org --- Summary of changes: source3/winbindd/winbindd_pam.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index b0b8e40..c8910d6 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1558,7 +1558,9 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, parse_domain_user(mapped_user, name_domain, name_user); if ( mapped_user != state-request-data.auth.user ) { - fstr_sprintf( domain_user, %s\\%s, name_domain, name_user ); + fstr_sprintf( domain_user, %s%c%s, name_domain, + *lp_winbind_separator(), + name_user ); safe_strcpy( state-request-data.auth.user, domain_user, sizeof(state-request-data.auth.user)-1 ); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 76c570f s3-utils: Use ads_do_search_retry in net ads search via 8572ce0 s3-libads: Use a reducing page size to try and cope with a slow LDAP server via 5daa8d2 s3-winbindd: Always map the LDAP error code to an NTSTATUS via d113c69 s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT from b9d3f82 Fix the loop unrolling inside resolve_ads(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 76c570fe6be4d6b5b254ec3264a97cb13864a6df Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 22:02:57 2012 +1000 s3-utils: Use ads_do_search_retry in net ads search This makes it possible to search against a slow server, as will fallback from 1000 to (eventually) 125 users at a time. Andrew Bartlett The last 4 patches addres bug #8943 (Slow but responsive DC can lock up winbindd for 10 minutes at a time). commit 8572ce0e5ff17bfe0df2823078119be9182a0378 Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 22:01:14 2012 +1000 s3-libads: Use a reducing page size to try and cope with a slow LDAP server If we cannot get 1000 users downloaded in 15seconds, try with 500, 250 and then 125 users at a time. Andrew Bartlett commit 5daa8d2f7fa7d15ac6d6b0238e299f69c70be024 Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 17:40:59 2012 +1000 s3-winbindd: Always map the LDAP error code to an NTSTATUS We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which has special handling in winbindd_cache.c Andrew Bartlett commit d113c69edb57c7a3d72e3ab122cec44858a5313e Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 17:38:48 2012 +1000 s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT This allows Samba to then handle this error in the same way it would for RPC connections Andrew Bartlett --- Summary of changes: source3/include/ads.h |1 + source3/libads/ads_status.c |3 +++ source3/libads/ads_struct.c |4 source3/libads/ldap.c |4 ++-- source3/libads/ldap_utils.c |7 +++ source3/utils/net_ads.c |2 +- source3/winbindd/winbindd_ads.c | 28 ++-- 7 files changed, 40 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/ads.h b/source3/include/ads.h index 62d51ce..ff3dc12 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -108,6 +108,7 @@ typedef struct ads_struct { time_t current_time; char *schema_path; char *config_path; + int ldap_page_size; } config; /* info about the current LDAP connection */ diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index 6680766..392e82f 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -79,6 +79,9 @@ NTSTATUS ads_ntstatus(ADS_STATUS status) if (status.err.rc == LDAP_SUCCESS) { return NT_STATUS_OK; } + if (status.err.rc == LDAP_TIMELIMIT_EXCEEDED) { + return NT_STATUS_IO_TIMEOUT; + } return NT_STATUS_LDAP(status.err.rc); #endif #ifdef HAVE_KRB5 diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index aef35ad..2d9ea17 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -148,6 +148,10 @@ ADS_STRUCT *ads_init(const char *realm, ads-auth.flags = wrap_flags; + /* Start with a page size of 1000 when the connection is new, +* we will drop it by half we get a timeout. */ + ads-config.ldap_page_size = 1000; + return ads; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f18ded1..99ec2e4 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -924,11 +924,11 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, cookie_be = ber_alloc_t(LBER_USE_DER); if (*cookie) { - ber_printf(cookie_be, {iO}, (ber_int_t) 1000, *cookie); + ber_printf(cookie_be, {iO}, (ber_int_t) ads-config.ldap_page_size, *cookie); ber_bvfree(*cookie); /* don't need it from last time */ *cookie = NULL; } else { - ber_printf(cookie_be, {io}, (ber_int_t) 1000, , 0); + ber_printf(cookie_be, {io}, (ber_int_t) ads-config.ldap_page_size, , 0); } ber_flatten(cookie_be, cookie_bv); PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID); diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index 871449a..dee3c03
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 0529cf9 Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set. from 76c570f s3-utils: Use ads_do_search_retry in net ads search http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 0529cf9d039d0ae449f4b167952b42b2039238be Author: Jeremy Allison j...@samba.org Date: Mon Apr 23 16:19:50 2012 -0700 Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user is set. When doing a force user we need to remember what the sanitized_username was from the original connect. --- Summary of changes: source3/smbd/service.c |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/service.c b/source3/smbd/service.c index bc2cdaf..2de9384 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -746,6 +746,14 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, return NULL; } + /* We don't want to replace the original sanitized_username + as it is the original user given in the connect attempt. + This is used in '%U' substitutions. */ + TALLOC_FREE(forced_serverinfo-sanitized_username); + forced_serverinfo-sanitized_username = + talloc_move(forced_serverinfo, + conn-server_info-sanitized_username); + TALLOC_FREE(conn-server_info); conn-server_info = forced_serverinfo; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 991f83f Fix bug #8957 - Typo in pam_winbindd code MUST fix. (cherry picked from commit ee4ef9a535a2d9db11bd94987fb96ae8f8771e79) from 19fc7d6 s3-pam_winbind: Fix the build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 991f83fed8f49fe4c6b4f47bd63b8064d57d811f Author: Jeremy Allison j...@samba.org Date: Fri May 25 17:19:29 2012 -0700 Fix bug #8957 - Typo in pam_winbindd code MUST fix. (cherry picked from commit ee4ef9a535a2d9db11bd94987fb96ae8f8771e79) --- Summary of changes: nsswitch/pam_winbind.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index caae589..81055c9 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -2290,7 +2290,7 @@ static const char *get_conf_item_string(struct pwb_context *ctx, goto out; } - parm_opt = iniparser_getstring,(ctx-dict, key, NULL); + parm_opt = iniparser_getstring(ctx-dict, key, NULL); TALLOC_FREE(key); _pam_log_debug(ctx, LOG_INFO, CONFIG file: %s '%s'\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b9d3f82 Fix the loop unrolling inside resolve_ads(). via 6d5aae1 Protect all of the name resolution methods from returning null addrs. Ensure all returns go through remove_duplicate_addrs2(). via 3226be5 Fix convert_ss2service() to filter out zero addresses. via 8e9db61 Fix remove_duplicate_addrs2 to do exactly what it says. Previously it could leave zero addresses in the list. from 991f83f Fix bug #8957 - Typo in pam_winbindd code MUST fix. (cherry picked from commit ee4ef9a535a2d9db11bd94987fb96ae8f8771e79) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b9d3f8258396873d6ec8b6ea9ad066e2f1f8e973 Author: Jeremy Allison j...@samba.org Date: Mon Apr 30 16:32:51 2012 -0700 Fix the loop unrolling inside resolve_ads(). If we don't get an IP list don't use interpret_string_addr(), as this only returns one address, use interpret_string_addr_internal() instead. The last 4 patches address bug #8910 (resolve_ads() code can return zero addresses and miss valid DC IP addresses). commit 6d5aae1d9680657c7021af2974db9b0dc2336f13 Author: Jeremy Allison j...@samba.org Date: Mon Apr 30 16:29:19 2012 -0700 Protect all of the name resolution methods from returning null addrs. Ensure all returns go through remove_duplicate_addrs2(). commit 3226be5b5ab771c8cdf98588c40713d36eae4702 Author: Jeremy Allison j...@samba.org Date: Mon Apr 30 16:24:27 2012 -0700 Fix convert_ss2service() to filter out zero addresses. commit 8e9db61b447d22bad84a8c9ae450a71d9c3e6d58 Author: Jeremy Allison j...@samba.org Date: Mon Apr 30 16:16:39 2012 -0700 Fix remove_duplicate_addrs2 to do exactly what it says. Previously it could leave zero addresses in the list. --- Summary of changes: source3/libsmb/namequery.c | 189 +--- 1 files changed, 126 insertions(+), 63 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 858330d..af76f3f 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -571,7 +571,7 @@ static int remove_duplicate_addrs2(struct ip_service *iplist, int count ) DEBUG(10,(remove_duplicate_addrs2: looking for duplicate address/port pairs\n)); - /* one loop to remove duplicates */ + /* One loop to set duplicates to a zero addr. */ for ( i=0; icount; i++ ) { if ( is_zero_addr((struct sockaddr *)iplist[i].ss)) { continue; @@ -585,18 +585,17 @@ static int remove_duplicate_addrs2(struct ip_service *iplist, int count ) } } - /* one loop to clean up any holes we left */ - /* first ip should never be a zero_ip() */ - for (i = 0; icount; ) { - if (is_zero_addr((struct sockaddr *)iplist[i].ss) ) { - if (i != count-1) { - memmove(iplist[i], iplist[i+1], - (count - i - 1)*sizeof(iplist[i])); + /* Now remove any addresses set to zero above. */ + for (i = 0; i count; i++) { + while (i count + is_zero_addr((struct sockaddr *)iplist[i].ss)) { + if (count-i-10) { + memmove(iplist[i], + iplist[i+1], + (count-i-1)*sizeof(struct ip_service)); } count--; - continue; } - i++; } return count; @@ -849,32 +848,53 @@ struct sockaddr_storage *name_query(int fd, } / - convert an array if struct sockaddr_storage to struct ip_service + Convert an array if struct sockaddr_storage to struct ip_service return false on failure. Port is set to PORT_NONE; + pcount is [in/out] - it is the length of ss_list on input, + and the length of return_iplist on output as we remove any + zero addresses from ss_list. */ static bool convert_ss2service(struct ip_service **return_iplist, const struct sockaddr_storage *ss_list, - int count) + int *pcount) { int i; + int orig_count = *pcount; + int real_count = 0; - if ( count==0 || !ss_list ) + if (orig_count==0 || !ss_list ) return False; + /* Filter out zero addrs. */ + for ( i=0; iorig_count; i++ ) { + if (is_zero_addr((struct sockaddr *)ss_list[i])) { + continue; + } +
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 19fc7d6 s3-pam_winbind: Fix the build. from 76dcbb8 Fix pam_winbind build against newer iniparser library. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 19fc7d6733a61417477dcc4b53a24a0c1bc40187 Author: Jeremy Allison j...@samba.org Date: Thu May 10 09:53:57 2012 +0200 s3-pam_winbind: Fix the build. Jeremy Part of a fix for bug #8915 (Samba fails to build with iniparser-3.0.0 and iniparser-3.1.0). (cherry picked from commit 00c901a5be83bfe4c70eccbe7fa2a35d3d2a368d) --- Summary of changes: nsswitch/pam_winbind.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index a344186..caae589 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -437,13 +437,13 @@ static int _pam_parse(const pam_handle_t *pamh, ctrl |= WINBIND_SILENT; } - if (iniparser_getstring(d, CONST_DISCARD(char *, global:krb5_ccache_type)) != NULL) { + if (iniparser_getstring(d, CONST_DISCARD(char *, global:krb5_ccache_type), NULL) != NULL) { ctrl |= WINBIND_KRB5_CCACHE_TYPE; } - if ((iniparser_getstring(d, CONST_DISCARD(char *, global:require-membership-of)) + if ((iniparser_getstring(d, CONST_DISCARD(char *, global:require-membership-of), NULL) != NULL) || - (iniparser_getstring(d, CONST_DISCARD(char *, global:require_membership_of)) + (iniparser_getstring(d, CONST_DISCARD(char *, global:require_membership_of), NULL) != NULL)) { ctrl |= WINBIND_REQUIRED_MEMBERSHIP; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f5d9428 s3-docs: Fix bug #7930. from ca9538b s3-VFS: Fix building out-of-tree modules. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f5d942840bd5e2d728cbf7e4ab4d9dae25cb3323 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 16:33:07 2012 +0200 s3-docs: Fix bug #7930. Add hint that setting profile acls = yes on normal shares can cause trouble. Karolin Autobuild-User: Karolin Seeger ksee...@samba.org Autobuild-Date: Tue May 8 18:47:59 CEST 2012 on sn-devel-104 (cherry picked from commit 4cc04a29247a0c4b3de9884890364a5712534073) (cherry picked from commit 5efc31595beae5ec661d0bf6d001bcfbf59bc446) --- Summary of changes: docs-xml/smbdotconf/protocol/profileacls.xml |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml index 1c6f0c9..be89753 100644 --- a/docs-xml/smbdotconf/protocol/profileacls.xml +++ b/docs-xml/smbdotconf/protocol/profileacls.xml @@ -25,7 +25,7 @@ every returned ACL. This will allow any Windows 2000 or XP workstation user to access the profile. /para - + para Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access @@ -35,6 +35,12 @@ workstation profile code and has an ACL restricting entry to the directory tree to the owning user. /para + + para + Note that this parameter should be set to yes on dedicated profile shares only. + On other shares, it might cause incorrect file ownerships. + /para + /description value type=defaultno/value -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 76dcbb8 Fix pam_winbind build against newer iniparser library. from f5d9428 s3-docs: Fix bug #7930. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 76dcbb84e3fa13959df5931d21051695327c29f4 Author: Simo Sorce i...@samba.org Date: Wed May 9 13:55:41 2012 +0200 Fix pam_winbind build against newer iniparser library. iniparser_getstr is deprecated and has been removed in newer libraries available in Fedora. Use iniparse_getstring instead. Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104 Based on commit adbace20a24b6ae4fbd6d17b7153833f4ac8c88d in master. (cherry picked from commit e295905f2840b5e814f88cd483b7f5f0fb3b4150) --- Summary of changes: nsswitch/pam_winbind.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index b802036..a344186 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -437,13 +437,13 @@ static int _pam_parse(const pam_handle_t *pamh, ctrl |= WINBIND_SILENT; } - if (iniparser_getstr(d, CONST_DISCARD(char *, global:krb5_ccache_type)) != NULL) { + if (iniparser_getstring(d, CONST_DISCARD(char *, global:krb5_ccache_type)) != NULL) { ctrl |= WINBIND_KRB5_CCACHE_TYPE; } - if ((iniparser_getstr(d, CONST_DISCARD(char *, global:require-membership-of)) + if ((iniparser_getstring(d, CONST_DISCARD(char *, global:require-membership-of)) != NULL) || - (iniparser_getstr(d, CONST_DISCARD(char *, global:require_membership_of)) + (iniparser_getstring(d, CONST_DISCARD(char *, global:require_membership_of)) != NULL)) { ctrl |= WINBIND_REQUIRED_MEMBERSHIP; } @@ -2290,7 +2290,7 @@ static const char *get_conf_item_string(struct pwb_context *ctx, goto out; } - parm_opt = iniparser_getstr(ctx-dict, key); + parm_opt = iniparser_getstring,(ctx-dict, key, NULL); TALLOC_FREE(key); _pam_log_debug(ctx, LOG_INFO, CONFIG file: %s '%s'\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 353d743 s3/ldap: remove outdated netscape ds 5 schema file from 6692bd5 Fix bug #8831 - Inconsistent (with manpage) command-line switch for help in smbtree http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 353d7436468247ad20c006480a134caaccf0228c Author: Björn Jacke b...@sernet.de Date: Tue May 8 14:23:33 2012 +0200 s3/ldap: remove outdated netscape ds 5 schema file remove outdated netscape ds 5 schema file and put a README there pointing to the FDS schema file instead. This fixes bug #8869 (commit b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master) (commit 9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c in v3-6-test) --- Summary of changes: examples/LDAP/samba-schema-netscapeds5.x| 67 --- examples/LDAP/samba-schema-netscapeds5.x.README |2 + 2 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 examples/LDAP/samba-schema-netscapeds5.x create mode 100644 examples/LDAP/samba-schema-netscapeds5.x.README Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x deleted file mode 100644 index 8125adc..000 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ /dev/null @@ -1,67 +0,0 @@ -## -## Darren Chew darren.chew at vicscouts dot asn dot au -## Andre Fiebach andre dot fiebach at stud dot uni-rostock dot de -## Thomas Mueller 12.04.2003, thomas.muel...@christ-wasser.de -## Richard Renard rren...@idealx.com 2005-01-28 -## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours -## TAKEDA Yasuma yas...@osstech.co.jp 2008-11-06 -## - added sambaTrustedDomainPassword objectClasses -## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif -## -## Samba 3.2 schema file for Netscape DS 5.x -## -## INSTALL-DIRECTORY/slapd-your_name/config/schema/samba-schema-netscapeds5.ldif - -# Sun One DS do not load the schema without this lines -# André Fiebach af...@uni-rostock.de -dn: cn=schema -objectClass: top -objectClass: ldapSubentry -objectClass: subschema -cn: schema -aci: (target=ldap:///cn=schema;)(targetattr !=aci)(version 3.0;acl anonymo - us, no acis; allow (read, search, compare) userdn = ldap:///anyone;;) -aci: (targetattr = *)(version 3.0; acl Configuration Administrator; allow - (all) userdn = ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, - o=NetscapeRoot;) -aci: (targetattr = *)(version 3.0; acl Local Directory Administrators Group - ; allow (all) groupdn = ldap:///cn=Directory Administrators, dc=samba,dc=org;) -aci: (targetattr = *)(version 3.0; acl SIE Group; allow (all)groupdn = ld - ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot;) - -objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8b266d1 s3-docs: overrided - overridden from 353d743 s3/ldap: remove outdated netscape ds 5 schema file http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8b266d110d77b2204a29c00f7f57e62fe801cbfc Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 11:05:37 2012 +0200 s3-docs: overrided - overridden Fix typo. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. (cherry picked from commit 6b4890246ddbd606484e7247bea86c238cc0a057) --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml index ea68594..a97ffbf 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -1380,7 +1380,7 @@ mystic:/home/hannibal rm filename Samba has to deal with the complicated matter of handling the challenge of the Windows ACL that implements emphasisinheritance/emphasis, a concept not anticipated by POSIX ACLs as implemented in UNIX file systems. Samba provides support for emphasismasks/emphasis - that permit normal ugo and ACLs functionality to be overrided. This further complicates + that permit normal ugo and ACLs functionality to be overridden. This further complicates the way in which Windows ACLs must be implemented. /para -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ca9538b s3-VFS: Fix building out-of-tree modules. from 8b266d1 s3-docs: overrided - overridden http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ca9538bcd8ac153ab7d9bc21dab01d702d13c554 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue May 8 14:53:10 2012 +0200 s3-VFS: Fix building out-of-tree modules. Fix bug #8822 (VFS module init function name has to be manually changed depending on build environment). (cherry picked from commit d2f4164e3db2c341ff3a1b35a68f691848c9a859) --- Summary of changes: examples/VFS/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index 8fe414a..98d259f 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -36,7 +36,7 @@ default: $(patsubst %.c,%.$(SHLIBEXT),$(wildcard *.c)) %.$(OBJEXT): %.c @echo Compiling $ - @$(CC) $(FLAGS) -c $ + @$(CC) $(FLAGS) -c $ -D$*_init=init_samba_module install: default -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via cf39e01 Fix bug #8897 - winbind_krb5_locator only returns one IP address. from d9377cc WHATSNEW: Start release notes for 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit cf39e013930d29574826f6ad3a259fe47203c000 Author: Jeremy Allison j...@samba.org Date: Wed Apr 25 15:17:09 2012 -0700 Fix bug #8897 - winbind_krb5_locator only returns one IP address. Reported by dina_f...@dell.com. Don't ask the DC for an IP list when locating kdc's. Ask for the name and use getaddrinfo to get all possible addresses instead. (cherry picked from commit 56b0ec0e91f9af0eb6c109fc1cc300ad5fee3fe6) --- Summary of changes: nsswitch/winbind_krb5_locator.c | 35 +++ 1 files changed, 19 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/winbind_krb5_locator.c index e921cae..385a156 100644 --- a/nsswitch/winbind_krb5_locator.c +++ b/nsswitch/winbind_krb5_locator.c @@ -182,7 +182,8 @@ static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name, void *cbdata) { struct addrinfo *out = NULL; - int ret; + int ret = 0; + struct addrinfo *res = NULL; int count = 3; while (count) { @@ -206,16 +207,25 @@ static krb5_error_code smb_krb5_locator_call_cbfunc(const char *name, return KRB5_PLUGIN_NO_HANDLE; } - ret = cbfunc(cbdata, out-ai_socktype, out-ai_addr); + for (res = out; res; res = res-ai_next) { + if (!res-ai_addr || res-ai_addrlen == 0) { + continue; + } + + ret = cbfunc(cbdata, res-ai_socktype, res-ai_addr); + if (ret) { #ifdef DEBUG_KRB5 - if (ret) { - fprintf(stderr, [%5u]: smb_krb5_locator_lookup: - failed to call callback: %s (%d)\n, - (unsigned int)getpid(), error_message(ret), ret); - } + fprintf(stderr, [%5u]: smb_krb5_locator_lookup: + failed to call callback: %s (%d)\n, + (unsigned int)getpid(), error_message(ret), ret); #endif + break; + } + } - freeaddrinfo(out); + if (out) { + freeaddrinfo(out); + } return ret; } @@ -257,8 +267,7 @@ static bool ask_winbind(const char *realm, char **dcname) flags = WBC_LOOKUP_DC_KDC_REQUIRED | WBC_LOOKUP_DC_IS_DNS_NAME | - WBC_LOOKUP_DC_RETURN_DNS_NAME | - WBC_LOOKUP_DC_IP_REQUIRED; + WBC_LOOKUP_DC_RETURN_DNS_NAME; wbc_status = wbcLookupDomainControllerEx(realm, NULL, NULL, flags, dc_info); @@ -270,12 +279,6 @@ static bool ask_winbind(const char *realm, char **dcname) return false; } - if (dc_info-dc_address) { - dc = dc_info-dc_address; - if (dc[0] == '\\') dc++; - if (dc[0] == '\\') dc++; - } - if (!dc dc_info-dc_unc) { dc = dc_info-dc_unc; if (dc[0] == '\\') dc++; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6692bd5 Fix bug #8831 - Inconsistent (with manpage) command-line switch for help in smbtree from cf39e01 Fix bug #8897 - winbind_krb5_locator only returns one IP address. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6692bd5944bcc060453a8ae3424cef71b47d37f4 Author: Jeremy Allison j...@samba.org Date: Fri Mar 30 12:23:07 2012 -0700 Fix bug #8831 - Inconsistent (with manpage) command-line switch for help in smbtree Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Mar 30 22:59:53 CEST 2012 on sn-devel-104 (cherry picked from commit efd94d159883cb0841d8ac83223a1e63098a8d72) (cherry picked from commit 815ba9db6f9ae405c6e8a590ee96a31cf30ba481) --- Summary of changes: docs-xml/build/DTD/samba.entities |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities index d204156..f5d8cd2 100644 --- a/docs-xml/build/DTD/samba.entities +++ b/docs-xml/build/DTD/samba.entities @@ -440,7 +440,7 @@ Try to use the credentials cached by winbind. !ENTITY stdarg.help ' varlistentry -term-h|--help/term +term-?|--help/term listitemparaPrint a summary of command line options. /para/listitem /varlistentry' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via d9377cc WHATSNEW: Start release notes for 3.5.16. via 5c95d26 VERSION: Bump version number up to 3.5.16. via 3c89d62 Fix self granting privileges in security=ads. via c7a6c29 WHASNEW: Release notes for 3.5.15. from 5118001 docs-xml: fix default name resolve order (fix bug #7564) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit d9377cc6fd0db9fa00ffd6b47cb48036779221ae Author: Karolin Seeger ksee...@samba.org Date: Mon Apr 30 20:48:52 2012 +0200 WHATSNEW: Start release notes for 3.5.16. Karolin (cherry picked from commit f28fea98458e0b3c3510f02b98177e8c46c12d3c) commit 5c95d266b596536adf674f5f40b63e3cc29fd236 Author: Karolin Seeger ksee...@samba.org Date: Mon Apr 30 20:46:52 2012 +0200 VERSION: Bump version number up to 3.5.16. Karolin (cherry picked from commit 452e5d110fa64f0e10cbce19bac0efbd5f0931e0) commit 3c89d625a1c1d29b60b390f59cca887f16984db7 Author: Jeremy Allison j...@samba.org Date: Tue Apr 17 11:49:55 2012 -0700 Fix self granting privileges in security=ads. CVE-2012-2111 (cherry picked from commit b1061ab00f59fdf4ebab622ab7a9c29a3aa51eee) commit c7a6c295747c89005e9f278bdc6c952295b139cc Author: Karolin Seeger ksee...@samba.org Date: Fri Apr 27 21:09:56 2012 +0200 WHASNEW: Release notes for 3.5.15. Karolin (cherry picked from commit 0b278804b1aa020e03c89e9276408dd7097bb4d2) --- Summary of changes: WHATSNEW.txt| 58 +++--- source3/VERSION |2 +- source3/rpc_server/srv_lsa_nt.c | 20 + 3 files changed, 68 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 712748f..3e8711d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,20 @@ == - Release Notes for Samba 3.5.15 + Release Notes for Samba 3.5.16 , 2012 == This is the latest stable release of Samba 3.5. -Major enhancements in Samba 3.5.15 include: +Major enhancements in Samba 3.5.16 include: -o +o -Changes since 3.5.14: +Changes since 3.5.15: - -o Stefan Metzmacher me...@samba.org +o Jeremy Allison j...@samba.org ## @@ -41,6 +41,54 @@ Release notes for older releases follow: == + Release Notes for Samba 3.5.15 + April 30, 2012 + == + + +This is a security release in order to address +CVE-2012-2111 (Incorrect permission checks when granting/removing +privileges can compromise file server security). + +o CVE-2012-2111: + Samba 3.4.x to 3.6.4 are affected by a + vulnerability that allows arbitrary users + to modify privileges on a file server. + + +Changes since 3.5.14: +- + + +o Jeremy Allison j...@samba.org +* Fix incorrect permission checks when granting/removing + privileges (CVE-2012-2111). + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +-- + + + == Release Notes for Samba 3.5.14 April 10, 2012 == diff --git a/source3/VERSION b/source3/VERSION index efb2c88..53fad4d 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=15 +SAMBA_VERSION_RELEASE=16 # Bug fix releases use a letter for the patch revision # diff --git
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via bbec0c2 WHATSNEW: Start release notes for Samba 3.5.15. via c2e6603 VERSION: Bump version up to 3.5.15. via 1216283 rerun 'make samba3-idl' via 225bbba pidl/NDR/Parser: also do range checks on the array size via b0621c6 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via 37e0886 pidl/NDR/Parser: use helper variables for array size and length via 6944011 pidl/NDR/Parser: remember if we already know the array length via 5aabf5c pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via 2c182a6 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via a7f9c33 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 7b6fa63 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via cd002a9 pidl:NDR/Parser: fix range() for arrays via 22d4a37 WHATSNEW: Prepare release notes for 3.5.14. from c352832 Fix bug 8314] - smbd crash with unknown user. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit bbec0c29c072c818646f0225ddd9918b2b890c1d Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:26:01 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.15. Karolin (cherry picked from commit 1cc0306c14624784a4efb3d224415279b0e49d3e) commit c2e6603db7fafe411cd615618948905a5568cffc Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:24:15 2012 +0200 VERSION: Bump version up to 3.5.15. Karolin (cherry picked from commit f6f954a821ff57b186895b057b3def9aa40c6e39) commit 12162837d40b123e19fb92e3ac46d3e3d07ae6e1 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 18:46:44 2012 +0100 rerun 'make samba3-idl' metze The last 10 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). (cherry picked from commit 566295fa13ff4a848fea517d41bc08aee87966ac) commit 225bbba09101ebf65dbe97efcf494684b0bdcde6 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze (cherry picked from commit 50be4262f6001f91ade4580c2d67b38c12730d77) commit b0621c6f4f24ec99a6d8b2f41da1a1fe8ce1c5ac Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze (cherry picked from commit 3b837d94e649e8cbc24ee3ea24a9bced60f9dda8) commit 37e08868044d29f79205dbe20608f370d362bb3c Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze (cherry picked from commit a87211b32bfea3595627882a52c2e90bdcd3e9e8) commit 6944011a503e981d8f3fec8c970480f699ddeff3 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze (cherry picked from commit 748615f74486076a023b498c723c0ebeff8a23bb) commit 5aabf5cbb35769ac53febbe13953dc822a5d0bad Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze (cherry picked from commit 459c5b271a18a25873c1965b11642aa65ea2d220) commit 2c182a6b89d79aa9ef9e0660a27e8389645424d2 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze (cherry picked from commit a67afd3489669afc711cf77a22740f8e1e91779e) commit a7f9c3331c688116474aac5060df7ca2c2f49358 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze (cherry picked from commit a74a8ed48f3a89d8f33ad1b1fca6533cc69aabf4) commit 7b6fa638bd1121794af4ca12069329ca1399cd9d Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze (cherry picked from commit 31d668651edc6fca45d024283e211533a49c2c4e) commit cd002a90231673518a257cac67630376559907a7 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 05:41:37 2010 +0200 pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) (cherry picked from
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 5118001 docs-xml: fix default name resolve order (fix bug #7564) from bbec0c2 WHATSNEW: Start release notes for Samba 3.5.15. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 5118001d493061a4a3ec757332f0bff5c1e056d4 Author: Björn Baumbach b...@sernet.de Date: Wed Apr 4 16:58:24 2012 +0200 docs-xml: fix default name resolve order (fix bug #7564) Autobuild-User: Volker Lendecke v...@samba.org Autobuild-Date: Fri Apr 6 09:54:37 CEST 2012 on sn-devel-104 (cherry picked from commit 189b3d9b24bf553ff7096397c389f20ba99e0dfa) (cherry picked from commit ad6d51892597336aa162452f3944393fa5afa7c4) --- Summary of changes: docs-xml/smbdotconf/protocol/nameresolveorder.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml index 9b1ad07..662c3fb 100644 --- a/docs-xml/smbdotconf/protocol/nameresolveorder.xml +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -65,6 +65,6 @@ /description -value type=defaultlmhosts host wins bcast/value +value type=defaultlmhosts wins host bcast/value value type=examplelmhosts bcast host/value /samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c352832 Fix bug 8314] - smbd crash with unknown user. from 4898de8 WHATSNEW: Start release notes for 3.5.14. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c352832e2fadf1207cadef525bf21068f1d1ee1b Author: Jeremy Allison j...@samba.org Date: Fri Jul 22 16:40:54 2011 -0700 Fix bug 8314] - smbd crash with unknown user. All other auth modules code with being called with auth_method-private_data being NULL, make the auth_server module cope with this too. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Jul 23 02:55:01 CEST 2011 on sn-devel-104 (cherry picked from commit 1832c9591099be941ef3afe7b0381c4af61f4728) --- Summary of changes: source3/auth/auth_server.c | 15 --- 1 files changed, 12 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 287b50b..bc38041 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -273,14 +273,23 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { - struct server_security_state *state = talloc_get_type_abort( - my_private_data, struct server_security_state); - struct cli_state *cli; + struct server_security_state *state = NULL; + struct cli_state *cli = NULL; static bool tested_password_server = False; static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; bool locally_made_cli = False; + DEBUG(10, (check_smbserver_security: Check auth for: [%s]\n, + user_info-smb_name)); + + if (my_private_data == NULL) { + DEBUG(10,(check_smbserver_security: + password server is not connected\n)); + return NT_STATUS_LOGON_FAILURE; + } + + state = talloc_get_type_abort(my_private_data, struct server_security_state); cli = state-cli; if (cli) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4898de8 WHATSNEW: Start release notes for 3.5.14. via 33d3329 VERSION: Bump version up to 3.5.14. via c119cd8 s3-winbindd Only use SamLogonEx when we can get unencrypted session keys from 81703ab v3-6-test: Further fix for bug 8338 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4898de8a5e2f715c4672c75fa44408e756724627 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 20 21:27:17 2012 +0100 WHATSNEW: Start release notes for 3.5.14. Karolin commit 33d332960fa266a08ff0ee72945101051fa4d71e Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 20 21:24:51 2012 +0100 VERSION: Bump version up to 3.5.14. Karolin commit c119cd8868fc7e2eb08b09f7092519007fd83bf6 Author: Andrew Bartlett abart...@samba.org Date: Thu Dec 15 09:57:56 2011 +1100 s3-winbindd Only use SamLogonEx when we can get unencrypted session keys This ensures that we have some check on the session keys being returned as the RC4 cipher is not checksumed. The check comes from the fact that the credentials chain is tied to the netlgon session key, and so if the credentials check passes then the netlogon session key will be correct, and so the user session key will be correctly decrypted. Andrew Bartlett Signed-off-by: Matthieu Patou m...@matws.net s3: If we can't do validation 6 or sam_logon_ex use sam_logon only --- Summary of changes: WHATSNEW.txt| 48 -- source3/VERSION |2 +- source3/winbindd/winbindd_pam.c |4 +- 3 files changed, 48 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d90d69c..391af0b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,46 @@ == + Release Notes for Samba 3.5.14 + , 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.14 include: + +o + +Changes since 3.5.13: +- + + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.13 March 12, 2012 == @@ -69,7 +111,7 @@ o Volker Lendecke v...@samba.org causing uninitialized memory read. -o Stefan Metzmacher me...@samba.org +o Stefan Metzmacher me...@samba.org * BUG 5326: Fix cli_write_and_x() against OS/2 print shares. * BUG 8562: Fix double free error (talloc). * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram(). @@ -121,8 +163,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.12 diff --git a/source3/VERSION b/source3/VERSION index c58d08c..700054e 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=13 +SAMBA_VERSION_RELEASE=14 # Bug fix releases use a letter for the patch revision # diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 26fdc5a..b0b8e40 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1365,7 +1365,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 81703ab v3-6-test: Further fix for bug 8338 from 38bfe91 WHATSNEW: Update 3.5.13 release notes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 81703ab7528055bbae8306d2c9a8314316107f85 Author: Volker Lendecke v...@samba.org Date: Tue Sep 20 22:45:52 2011 +0200 v3-6-test: Further fix for bug 8338 OS/X can not deal with a 10-vwv read on normal files. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Sep 21 00:51:08 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/clireadwrite.c | 13 + 1 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 724c846..b80151e 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -88,7 +88,6 @@ struct tevent_req *cli_read_andx_create(TALLOC_CTX *mem_ctx, { struct tevent_req *req, *subreq; struct cli_read_andx_state *state; - bool bigoffset = False; uint8_t wct = 10; if (size cli_read_max_bufsize(cli)) { @@ -115,11 +114,17 @@ struct tevent_req *cli_read_andx_create(TALLOC_CTX *mem_ctx, SSVAL(state-vwv + 8, 0, 0); SSVAL(state-vwv + 9, 0, 0); - if ((uint64_t)offset 32) { - bigoffset = true; + if (cli-capabilities CAP_LARGE_FILES) { SIVAL(state-vwv + 10, 0, (((uint64_t)offset)32) 0x); - wct += 2; + wct = 12; + } else { + if uint64_t)offset) 0xLL) != 0) { + DEBUG(10, (cli_read_andx_send got large offset where + the server does not support it\n)); + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } } subreq = cli_smb_req_create(state, ev, cli, SMBreadX, 0, wct, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 38bfe91 WHATSNEW: Update 3.5.13 release notes. from abb2dcd WHATSNEW: Start to add changes since 3.5.12. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 38bfe91ea3bad2e516320f9a0fef5cce42835e83 Author: Karolin Seeger ksee...@samba.org Date: Fri Mar 9 21:18:11 2012 +0100 WHATSNEW: Update 3.5.13 release notes. Karolin --- Summary of changes: WHATSNEW.txt | 49 - 1 files changed, 48 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3cef783..d90d69c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,19 +8,50 @@ This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.13 include: -o +o Fix a crash bug in cldap_socket_recv_dgram() (bug #8593). +o Fully observe password change settings (bug #8561). +o Fix NT ACL issue (bug #8673). +o Fix segfault in Winbind if we can't map the last user (bug #8678). + Changes since 3.5.12: +o Michael Adam ob...@samba.org +* BUG 8327: Fix config reload to reload shares from registry. + + o Jeremy Allison j...@samba.org +* BUG 8139: Ignore SMBecho errors. +* BUG 8521: Fix Winbind cache timeout expiry test. * BUG 8561: Fully observe password change settings. * BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL. +* BUG 8636: When returning an ACL without SECINFO_DACL requested, we still + set SEC_DESC_DACL_PRESENT in the type field. +* BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add + inheritable entries on a directory with no stored ACL. +* BUG 8663: Fix deleting a symlink if the symlink target is outside of the +* share. +* BUG 8664: Fix renaming a symlink if the symlink target is outside of the + share. +* BUG 8673: Fix NT ACL issue. +* BUG 8679: Make sure that recvfile code path using splice() on Linux + does not leave data in the pipe on short write. +* BUG 8687: Fix typo in 'net memberships' usage. + + +o Christian Ambach christian.amb...@de.ibm.com +* BUG 8658: Add timeouts to Winbind cache. + + +o Andrew Bartlett abart...@samba.org +* BUG 8727: Do not limit read replies to NBT packet sizes. o Günther Deschner g...@samba.org * BUG 8176: Fix perl path. +* BUG 8692: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(). o Björn Jacke b...@sernet.de @@ -34,16 +65,32 @@ o Jeff Layton jlay...@redhat.com o Volker Lendecke v...@samba.org * BUG 8639: Fix the vfs_commit module. +* BUG 8686: Packet validation checks can be done before length validation + causing uninitialized memory read. o Stefan Metzmacher me...@samba.org * BUG 5326: Fix cli_write_and_x() against OS/2 print shares. * BUG 8562: Fix double free error (talloc). +* BUG 8593: Fix a crash bug in cldap_socket_recv_dgram(). +* BUG 8684: Try ctdbd_init_connection() as root. + + +o Masafumi Nakayama mas...@jp.ibm.com +* BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines. + + +o Matthieu Patou m...@matws.net +* BUG 8599: Make WINBINDD_PAM_AUTH_CRAP return valid user session key. +* BUG 8771: Make Winbind change faster from DC1 to DC2. o Andreas Schneider a...@samba.org * BUG 8608: Don't fail on users without a uid (Winbind). +* BUG 8628: Don't duplicate Kerberos service tickets. * BUG 8645: Add missing prefixpath options for mount.cifs manpage. +* BUG 8658: Add an update function for Winbind cache. +* BUG 8678: Fix segfault in Winbind if we can't map the last user. o Karolin Seeger ksee...@samba.org -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via abb2dcd WHATSNEW: Start to add changes since 3.5.12. from 8e141d6 s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit abb2dcde786b1656c4df1e3bbe09757d640c6549 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 5 21:18:13 2012 +0100 WHATSNEW: Start to add changes since 3.5.12. To be continued... Karolin --- Summary of changes: WHATSNEW.txt | 40 +++- 1 files changed, 39 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 224f13d..3cef783 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,6 +1,6 @@ == Release Notes for Samba 3.5.13 - , 2011 + March 12, 2012 == @@ -14,6 +14,44 @@ Changes since 3.5.12: +o Jeremy Allison j...@samba.org +* BUG 8561: Fully observe password change settings. +* BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL. + + +o Günther Deschner g...@samba.org +* BUG 8176: Fix perl path. + + +o Björn Jacke b...@sernet.de +* BUG 8652: Document the ignore system acls option of vfs_acl_xattr and + vfs_acl_tdb. + + +o Jeff Layton jlay...@redhat.com +* BUG 8648: Document more undocumented mount.cifs options. + + +o Volker Lendecke v...@samba.org +* BUG 8639: Fix the vfs_commit module. + + +o Stefan Metzmacher me...@samba.org +* BUG 5326: Fix cli_write_and_x() against OS/2 print shares. +* BUG 8562: Fix double free error (talloc). + + +o Andreas Schneider a...@samba.org +* BUG 8608: Don't fail on users without a uid (Winbind). +* BUG 8645: Add missing prefixpath options for mount.cifs manpage. + + +o Karolin Seeger ksee...@samba.org +* BUG 7705: Fix rpm build issues on RHEL4. + + +o Richard Sharpe realrichardsha...@gmail.com +* BUG 8607: Simplify building modules outside the Samba source tree. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8e141d6 s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path from 6c1501a s3-winbindd: set the can_do_validation6 also for trusted domain http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8e141d666c3fc835001249753b6ea9b508256d73 Author: Matthieu Patou m...@matws.net Date: Fri Feb 24 14:06:02 2012 -0800 s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and in the meantime to respond NT_STATUS_IO_TIMEOUT). --- Summary of changes: source3/winbindd/winbindd_pam.c |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 5c56b87..26fdc5a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2101,6 +2101,15 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, done: + if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { + DEBUG(3,(winbindd_dual_pam_auth_crap: sam_network_logon(ex) + returned NT_STATUS_IO_TIMEOUT after the retry. + We didn't know what's going on killing + connections to domain %s\n, + name_domain)); + invalidate_cm_connection(contact_domain-conn); + } + /* give us a more useful (more correct?) error code */ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6c1501a s3-winbindd: set the can_do_validation6 also for trusted domain from 12b60f9 s3:loadparm: fix the reload of the configuration: also reload activated registry shares http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6c1501a8efd49efb7b9f5c75963c2f1124e7e258 Author: Matthieu Patou m...@matws.net Date: Fri Feb 10 11:45:21 2012 -0800 s3-winbindd: set the can_do_validation6 also for trusted domain The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly. (cherry picked from commit 05036fab0a9847219c73c0abd931a39fba0bccfd) Address bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session key). (cherry picked from commit 01747a5554839f21992b8845328c4b08c3dd8ff8) --- Summary of changes: source3/winbindd/winbindd_cm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index cc3e3ed..a63c3f5 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1766,6 +1766,8 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain ) running active directory.\n, domain-name, domain-active_directory ? : NOT )); + domain-can_do_ncacn_ip_tcp = domain-active_directory; + domain-can_do_validation6 = domain-active_directory; domain-initialized = True; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 461adc6 s3:client: ignore SMBecho errors (the server may not support it) (bug #8139) Signed-off-by: Jeremy Allison j...@samba.org (cherry picked from commit bb28a9387d3c76f6f8c7f79ec61d37a499d6c8f6) from 3394bbf s3-libsmb Do not limit read replies to NBT packet sizes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 461adc665aaadc730d7705b3785d45f787f98425 Author: Stefan Metzmacher me...@samba.org Date: Tue Jan 31 10:02:18 2012 -0800 s3:client: ignore SMBecho errors (the server may not support it) (bug #8139) Signed-off-by: Jeremy Allison j...@samba.org (cherry picked from commit bb28a9387d3c76f6f8c7f79ec61d37a499d6c8f6) --- Summary of changes: source3/client/client.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index cf43171..189b632 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4482,9 +4482,13 @@ static void readline_callback(void) memset(garbage, 0xf0, sizeof(garbage)); status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage))); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (SMBecho failed. Maybe server has closed - the connection\n)); + if (NT_STATUS_IS_OK(status)) { + return; + } + + if (!cli_state_is_connected(cli)) { + DEBUG(0, (SMBecho failed (%s). The connection is + disconnected now\n, nt_errstr(status))); finished = true; smb_readline_done(); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 12b60f9 s3:loadparm: fix the reload of the configuration: also reload activated registry shares via bc5a7f2 s3:loadparm: add reload_registry_shares() - reload only those shares already loaded (cherry picked from commit ec113a58a4dc4e4f3ea03f7818eb312325f69482) from 461adc6 s3:client: ignore SMBecho errors (the server may not support it) (bug #8139) Signed-off-by: Jeremy Allison j...@samba.org (cherry picked from commit bb28a9387d3c76f6f8c7f79ec61d37a499d6c8f6) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 12b60f9688cb64fbfce729b3555ab75a71fbb949 Author: Michael Adam ob...@samba.org Date: Fri Jul 22 10:11:52 2011 +0200 s3:loadparm: fix the reload of the configuration: also reload activated registry shares Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Fri Jul 22 16:53:49 CEST 2011 on sn-devel-104 (cherry picked from commit efbe1602bd014eada4811f336bdccbf4692d3807) The last 2 patches address bug 8327 (config reload fails to reload shares from registry). commit bc5a7f23e1e909a2196a1038da20c3391c922614 Author: Michael Adam ob...@samba.org Date: Fri Jul 22 10:10:43 2011 +0200 s3:loadparm: add reload_registry_shares() - reload only those shares already loaded (cherry picked from commit ec113a58a4dc4e4f3ea03f7818eb312325f69482) --- Summary of changes: source3/param/loadparm.c | 37 +++-- 1 files changed, 35 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 08b6532..28ffc08 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -7058,6 +7058,35 @@ done: return ret; } +/** + * reload those shares from registry that are already + * activated in the services array. + */ +static bool reload_registry_shares(void) +{ + int i; + bool ret = true; + + for (i = 0; i iNumServices; i++) { + if (!VALID(i)) { + continue; + } + + if (ServicePtrs[i]-usershare == USERSHARE_VALID) { + continue; + } + + ret = process_registry_service(ServicePtrs[i]-szService); + if (!ret) { + goto done; + } + } + +done: + return ret; +} + + #define MAX_INCLUDE_DEPTH 100 static uint8_t include_depth; @@ -9246,8 +9275,12 @@ bool lp_load_ex(const char *pszFname, bRetval = false; } - if (bRetval lp_registry_shares() allow_registry_shares) { - bRetval = process_registry_shares(); + if (bRetval lp_registry_shares()) { + if (allow_registry_shares) { + bRetval = process_registry_shares(); + } else { + bRetval = reload_registry_shares(); + } } lp_add_auto_services(lp_auto_services()); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 3394bbf s3-libsmb Do not limit read replies to NBT packet sizes from f0c4e96 Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 3394bbf45dd219dc0293809fe2c50ad3ab7cede6 Author: Andrew Bartlett abart...@samba.org Date: Fri Jan 27 13:53:34 2012 +1100 s3-libsmb Do not limit read replies to NBT packet sizes With the posix extensions, we can read 16MB at a time, so we need to check the full size of the packet, not the size rounded down to the old NBT limit. Andrew Bartlett Fix bug #8727 (smbclient fails with posix large reads). --- Summary of changes: source3/libsmb/clireadwrite.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 53ecacc..724c846 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -199,7 +199,7 @@ static void cli_read_andx_done(struct tevent_req *subreq) inbuf = cli_smb_inbuf(subreq); state-buf = (uint8_t *)smb_base(inbuf) + SVAL(vwv+6, 0); - if (trans_oob(smb_len(inbuf), SVAL(vwv+6, 0), state-received) + if (trans_oob(smb_len_large(inbuf), SVAL(vwv+6, 0), state-received) || ((state-received != 0) (state-buf bytes))) { DEBUG(5, (server returned invalid readx data offset\n)); tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f0c4e96 Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. from a509cda Second part of fix for bug #8673 - NT ACL issue. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f0c4e96cb4419015a9082e05ffc65bb370aede48 Author: Jeremy Allison j...@samba.org Date: Fri Jan 20 16:37:50 2012 -0800 Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. --- Summary of changes: source3/modules/vfs_acl_common.c |8 ++-- source3/smbd/nttrans.c |2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 17e1874..3ca0384 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -408,9 +408,11 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, psd-group_sid = NULL; } if (!(security_info DACL_SECURITY_INFORMATION)) { + psd-type = ~SEC_DESC_DACL_PRESENT; psd-dacl = NULL; } if (!(security_info SACL_SECURITY_INFORMATION)) { + psd-type = ~SEC_DESC_SACL_PRESENT; psd-sacl = NULL; } @@ -532,7 +534,8 @@ static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle, parent_name, (SECINFO_OWNER | SECINFO_GROUP | -SECINFO_DACL), +SECINFO_DACL | +SECINFO_SACL), pp_parent_desc); if (!NT_STATUS_IS_OK(status)) { @@ -615,7 +618,8 @@ static int open_acl_common(vfs_handle_struct *handle, fname, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | -DACL_SECURITY_INFORMATION), +DACL_SECURITY_INFORMATION | +SACL_SECURITY_INFORMATION), pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index decb07c..6fbbed9 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1883,9 +1883,11 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, psd-group_sid = NULL; } if (!(security_info_wanted SECINFO_DACL)) { + psd-type = ~SEC_DESC_DACL_PRESENT; psd-dacl = NULL; } if (!(security_info_wanted SECINFO_SACL)) { + psd-type = ~SEC_DESC_SACL_PRESENT; psd-sacl = NULL; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 42bcd6a Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. via f352486 Second part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. via 4ceba7f First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. from 33fd999 Fix bug #8664 - Renaming a symlink fails if the symlink target is outside of the share. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 42bcd6abe3797e0d22c8404db5edd2b96fccac47 Author: Jeremy Allison j...@samba.org Date: Fri Dec 16 15:43:21 2011 -0800 Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. can_access_file_acl() - we can always delete a symlink. can_delete_file_in_directory() - We don't need to do another STAT call here, we know smb_fname-st is in a valid state. smbd_check_open_rights() - we can always delete a symlink. commit f352486f9649f5b2a24851d942a5f9c5f6b6e7cc Author: Jeremy Allison j...@samba.org Date: Fri Dec 16 11:56:01 2011 -0800 Second part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. Ensure we use UCF_UNIX_NAME_LOOKUP flags on filename_convert() when doing a restricted set of infolevels in trans2setfilepathinfo(). commit 4ceba7f93f530302f3edb23be4e44e3366bcc768 Author: Jeremy Allison j...@samba.org Date: Thu Dec 15 15:50:23 2011 -0800 First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. Remove two unneeded check_name() calls. They have already been done in order to get here. --- Summary of changes: source3/smbd/file_access.c | 23 +++ source3/smbd/open.c| 22 ++ source3/smbd/trans2.c | 10 +- 3 files changed, 30 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 8b669fe..69f89b8 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -40,6 +40,13 @@ bool can_access_file_acl(struct connection_struct *conn, return true; } + if (access_mask == DELETE_ACCESS + VALID_STAT(smb_fname-st) + S_ISLNK(smb_fname-st.st_ex_mode)) { + /* We can always delete a symlink. */ + return true; + } + status = SMB_VFS_GET_NT_ACL(conn, smb_fname-base_name, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | @@ -115,18 +122,10 @@ bool can_delete_file_in_directory(connection_struct *conn, /* sticky bit means delete only by owner of file or by root or * by owner of directory. */ if (smb_fname_parent-st.st_ex_mode S_ISVTX) { - if(SMB_VFS_STAT(conn, smb_fname) != 0) { - if (errno == ENOENT) { - /* If the file doesn't already exist then -* yes we'll be able to delete it. */ - ret = true; - goto out; - } - DEBUG(10,(can_delete_file_in_directory: can't - stat file %s (%s), - smb_fname_str_dbg(smb_fname), - strerror(errno) )); - ret = false; + if (!VALID_STAT(smb_fname-st)) { + /* If the file doesn't already exist then +* yes we'll be able to delete it. */ + ret = true; goto out; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 70e6b4f..ded07a1 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -96,6 +96,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, return NT_STATUS_OK; } + if (access_mask == DELETE_ACCESS + VALID_STAT(smb_fname-st) + S_ISLNK(smb_fname-st.st_ex_mode)) { + /* We can always delete a symlink. */ + DEBUG(10,(smbd_check_open_rights: not checking ACL + on DELETE_ACCESS on symlink %s.\n, + smb_fname_str_dbg(smb_fname) )); + return NT_STATUS_OK; + } + status = SMB_VFS_GET_NT_ACL(conn, smb_fname-base_name, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | @@ -1431,11
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a509cda Second part of fix for bug #8673 - NT ACL issue. via c333e7a First part of fix for bug #8673 - NT ACL issue. from 42bcd6a Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a509cda3794e8b3ba49d0e86d4aee962b3bd9309 Author: Jeremy Allison j...@samba.org Date: Tue Jan 10 14:43:04 2012 -0800 Second part of fix for bug #8673 - NT ACL issue. Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. commit c333e7ad01fb63c9682526799b2571cac251b76e Author: Jeremy Allison j...@samba.org Date: Tue Jan 10 13:41:55 2012 -0800 First part of fix for bug #8673 - NT ACL issue. Simplify the logic in the unlink/rmdir calls - makes it readable (and correct). Add some debug. --- Summary of changes: source3/lib/util_seaccess.c |7 +++-- source3/modules/vfs_acl_common.c | 52 - 2 files changed, 38 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 058bf32..9f8d3fa 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -158,6 +158,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, { int i; uint32_t bits_remaining; + uint32_t explicitly_denied_bits = 0; *access_granted = access_desired; bits_remaining = access_desired; @@ -223,15 +224,15 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, break; case SEC_ACE_TYPE_ACCESS_DENIED: case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: - if (bits_remaining ace-access_mask) { - return NT_STATUS_ACCESS_DENIED; - } + explicitly_denied_bits |= (bits_remaining ace-access_mask); break; default:/* Other ACE types not handled/supported */ break; } } + bits_remaining |= explicitly_denied_bits; + done: if (bits_remaining != 0) { *access_granted = bits_remaining; diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index e8c79e6..17e1874 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -626,8 +626,11 @@ static int open_acl_common(vfs_handle_struct *handle, access_granted); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,(open_acl_xattr: %s open + for access 0x%x (0x%x) refused with error %s\n, fsp_str_dbg(fsp), + (unsigned int)fsp-access_mask, + (unsigned int)access_granted, nt_errstr(status) )); goto err; } @@ -911,17 +914,23 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal rmdir first. */ ret = SMB_VFS_NEXT_RMDIR(handle, path); - if (!(ret == -1 (errno == EACCES || errno == EPERM))) { - DEBUG(10,(rmdir_acl_common: unlink of %s failed %s\n, - path, - strerror(errno) )); - return ret; + if (ret == 0) { + return 0; + } + if (errno == EACCES || errno == EPERM) { + /* Failed due to access denied, + see if we need to root override. */ + return acl_common_remove_object(handle, + path, + true); } - return acl_common_remove_object(handle, - path, - true); + DEBUG(10,(rmdir_acl_common: unlink of %s failed %s\n, + path, + strerror(errno) )); + return -1; } static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle, @@ -1039,21 +1048,28 @@ static int unlink_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal unlink first. */ ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname); - if (!(ret == -1
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 33fd999 Fix bug #8664 - Renaming a symlink fails if the symlink target is outside of the share. from aa217fb s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 33fd99946178e3c2649b289580b1ae1285c46d23 Author: Jeremy Allison j...@samba.org Date: Fri Dec 16 12:13:52 2011 -0800 Fix bug #8664 - Renaming a symlink fails if the symlink target is outside of the share. --- Summary of changes: source3/smbd/reply.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 12d20ff..9138aa6 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -6278,6 +6278,8 @@ void reply_mv(struct smb_request *req) TALLOC_CTX *ctx = talloc_tos(); struct smb_filename *smb_fname_src = NULL; struct smb_filename *smb_fname_dst = NULL; + uint32_t src_ucf_flags = lp_posix_pathnames() ? UCF_UNIX_NAME_LOOKUP : UCF_COND_ALLOW_WCARD_LCOMP; + uint32_t dst_ucf_flags = UCF_SAVE_LCOMP | (lp_posix_pathnames() ? 0 : UCF_COND_ALLOW_WCARD_LCOMP); START_PROFILE(SMBmv); @@ -6307,7 +6309,7 @@ void reply_mv(struct smb_request *req) conn, req-flags2 FLAGS2_DFS_PATHNAMES, name, - UCF_COND_ALLOW_WCARD_LCOMP, + src_ucf_flags, src_has_wcard, smb_fname_src); @@ -6325,7 +6327,7 @@ void reply_mv(struct smb_request *req) conn, req-flags2 FLAGS2_DFS_PATHNAMES, newname, - UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP, + dst_ucf_flags, dest_has_wcard, smb_fname_dst); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 93c76f9 Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read. (cherry picked from commit 24ac26ddfd9ee8841d1984e710a4dfe535b9abcf) from 4e6955a Fix bug #8687 - net memberships usage info is wrong http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 93c76f96b82ec27be97c390cd1ef5d965766e273 Author: Volker Lendecke volker.lende...@sernet.de Date: Wed Jan 4 11:09:54 2012 -0800 Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read. (cherry picked from commit 24ac26ddfd9ee8841d1984e710a4dfe535b9abcf) --- Summary of changes: source3/smbd/process.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 634af00..cb8600a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1273,8 +1273,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in /* Make sure this is an SMB packet. smb_size contains NetBIOS header * so subtract 4 from it. */ - if (!valid_smb_header(req-inbuf) - || (size (smb_size - 4))) { + if ((size (smb_size - 4)) || + !valid_smb_header(req-inbuf)) { DEBUG(2,(Non-SMB packet of length %d. Terminating server\n, smb_len(req-inbuf))); exit_server_cleanly(Non-SMB packet); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1d61fe6 s3:lib/ctdbd_conn: try ctdbd_init_connection() as root (bug #8684) from 93c76f9 Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read. (cherry picked from commit 24ac26ddfd9ee8841d1984e710a4dfe535b9abcf) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1d61fe68230dc307c107b9eabf9583f8571f5d61 Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 23 14:45:45 2011 +0100 s3:lib/ctdbd_conn: try ctdbd_init_connection() as root (bug #8684) ctdbd_traverse is only called if the main db_context is already open. So if we could get to information via dbwrap_fetch, we should also be able to traverse. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Dec 23 18:19:14 CET 2011 on sn-devel-104 (cherry picked from commit 4a1895eb9921ad533910d08823c2814c470875fd) --- Summary of changes: source3/lib/ctdbd_conn.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 6b50009..9ae8f9f 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -1131,7 +1131,9 @@ NTSTATUS ctdbd_traverse(uint32 db_id, int cstatus; struct ctdbd_traverse_state state; + become_root(); status = ctdbd_init_connection(NULL, conn); + unbecome_root(); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (ctdbd_init_connection failed: %s\n, nt_errstr(status))); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via d2aa10c libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) from 1d61fe6 s3:lib/ctdbd_conn: try ctdbd_init_connection() as root (bug #8684) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit d2aa10c255932b2d3060fcfc5cea19caef213724 Author: Stefan Metzmacher me...@samba.org Date: Thu Nov 10 14:43:55 2011 +0100 libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) After a calling any wrapper of tevent_req_notify_callback(), e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(), a function has to return immediately otherwise it is very likely to crash. metze (similar to commit 17f1a97a614db4ed8292544988cb6a6cf56621d8) --- Summary of changes: libcli/cldap/cldap.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c index 191d0ee..a01cbf8 100644 --- a/libcli/cldap/cldap.c +++ b/libcli/cldap/cldap.c @@ -278,6 +278,7 @@ nomem: error: status = map_nt_error_from_unix(in-recv_errno); nterror: + TALLOC_FREE(in); /* in connected mode the first pending search gets the error */ if (!c-connected) { /* otherwise we just ignore the error */ @@ -288,7 +289,7 @@ nterror: } tevent_req_nterror(c-searches.list-req, status); done: - talloc_free(in); + TALLOC_FREE(in); } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via aa217fb s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket(). from d2aa10c libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit aa217fb42c124800c0e1327768a45b4b07f63e6e Author: Günther Deschner g...@samba.org Date: Fri Jan 6 16:10:55 2012 +0100 s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket(). Guenther Fix big #8692 (ads_keytab_verify_ticket mixes talloc allocation with malloc free). (cherry picked from commit 6da7abe87db15d260db807643a25a96fc05e5ad9) --- Summary of changes: source3/libads/kerberos_verify.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 68ba73c..b4c574a 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -268,7 +268,7 @@ static bool ads_keytab_verify_ticket(krb5_context context, } } - SAFE_FREE(entry_princ_s); + TALLOC_FREE(entry_princ_s); { krb5_keytab_entry zero_kt_entry; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4e6955a Fix bug #8687 - net memberships usage info is wrong from 70bbd7a s3-libsmb: Don't duplicate kerberos service tickets. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4e6955a05a1813c7a452ad83652ff96b43e21f06 Author: Jeremy Allison j...@samba.org Date: Thu Jan 5 13:54:29 2012 -0800 Fix bug #8687 - net memberships usage info is wrong Typo in usage. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Jan 6 00:30:20 CET 2012 on sn-devel-104 (cherry picked from commit 0453544900ef2ebff7a3c677d4048ef530713b64) --- Summary of changes: source3/utils/net_groupmap.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index 0d4cddd..44b024e 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -823,7 +823,7 @@ static int net_groupmap_memberships(struct net_context *c, int argc, const char !string_to_sid(member, argv[0]) ) { d_printf(%s\n%s, _(Usage:), -_(net groupmap memberof sid\n)); +_(net groupmap memberships sid\n)); return -1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c4e0462 Fix bug #8644 - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL. from 1854e6a s3-winbind: Add an update function for winbind cache. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c4e0462a9edfee64cba6cf5db18a54cc3c51c4f1 Author: Jeremy Allison j...@samba.org Date: Fri Dec 2 10:55:40 2011 -0800 Fix bug #8644 - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL. If referring to an fsp sbuf can be left as an uninitialized variable, causing the 'is_directory' variable to be false when it should be true. (cherry picked from commit 16c0d52842386fc2ebf975166b57b888d36796c5) --- Summary of changes: source3/modules/vfs_acl_common.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index ecc889a..e8c79e6 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -373,7 +373,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, return map_nt_error_from_unix(errno); } } - is_directory = S_ISDIR(sbuf.st_ex_mode); + is_directory = S_ISDIR(psbuf-st_ex_mode); if (ignore_file_system_acl) { TALLOC_FREE(pdesc_next); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 76137cb s3-winbind: Move finding the domain to it's own function. via b16104d s3-winbind: Fix segfault if we can't map the last user. from c4e0462 Fix bug #8644 - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 76137cbcfa6f8ecae2417b034e3f08d43242f5fa Author: Andreas Schneider a...@samba.org Date: Tue Jan 3 16:54:39 2012 +0100 s3-winbind: Move finding the domain to it's own function. This the first part to fix bug #8678. (cherry picked from commit 5075e565684627dfbd23f715da344b4365351ccb) (cherry picked from commit 2fca06a63d47619f2b6902b1c8601021843c4b95) commit b16104ddf431d81f673bc3cf5e998c0f9421f2e9 Author: Andreas Schneider a...@samba.org Date: Tue Jan 3 16:55:25 2012 +0100 s3-winbind: Fix segfault if we can't map the last user. This fixes bug #8678. The issue is caused by bug #8608. Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104 (cherry picked from commit b9d208bdaa9da2a5ae534481865efc881b851b01) (cherry picked from commit 23db6e7cf65bdd3974a4857dda0be6ad7d758b9a) --- Summary of changes: source3/winbindd/wb_next_pwent.c | 50 + 1 files changed, 39 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/wb_next_pwent.c b/source3/winbindd/wb_next_pwent.c index e5b5e29..8a7b006 100644 --- a/source3/winbindd/wb_next_pwent.c +++ b/source3/winbindd/wb_next_pwent.c @@ -30,6 +30,26 @@ struct wb_next_pwent_state { static void wb_next_pwent_fetch_done(struct tevent_req *subreq); static void wb_next_pwent_fill_done(struct tevent_req *subreq); +static struct winbindd_domain *wb_next_find_domain(struct winbindd_domain *domain) +{ + if (domain == NULL) { + domain = domain_list(); + } else { + domain = domain-next; + } + + if ((domain != NULL) +sid_check_is_domain(domain-sid)) { + domain = domain-next; + } + + if (domain == NULL) { + return NULL; + } + + return domain; +} + struct tevent_req *wb_next_pwent_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct getpwent_state *gstate, @@ -49,17 +69,7 @@ struct tevent_req *wb_next_pwent_send(TALLOC_CTX *mem_ctx, if (state-gstate-next_user = state-gstate-num_users) { TALLOC_FREE(state-gstate-users); - if (state-gstate-domain == NULL) { - state-gstate-domain = domain_list(); - } else { - state-gstate-domain = state-gstate-domain-next; - } - - if ((state-gstate-domain != NULL) -sid_check_is_domain(state-gstate-domain-sid)) { - state-gstate-domain = state-gstate-domain-next; - } - + state-gstate-domain = wb_next_find_domain(state-gstate-domain); if (state-gstate-domain == NULL) { tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES); return tevent_req_post(req, ev); @@ -154,6 +164,24 @@ static void wb_next_pwent_fill_done(struct tevent_req *subreq) if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { state-gstate-next_user += 1; + if (state-gstate-next_user = state-gstate-num_users) { + TALLOC_FREE(state-gstate-users); + + state-gstate-domain = wb_next_find_domain(state-gstate-domain); + if (state-gstate-domain == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES); + return; + } + + subreq = wb_query_user_list_send(state, state-ev, + state-gstate-domain); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, wb_next_pwent_fetch_done, req); + return; + } + subreq = wb_fill_pwent_send(state, state-ev, state-gstate-users[state-gstate-next_user], -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b217fc3 s3-cli: fix bug 563, 8GB tar on BE machines from 76137cb s3-winbind: Move finding the domain to it's own function. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b217fc3ac18c04011861217eb5e0b596554ab88a Author: Masafumi Nakayama mas...@jp.ibm.com Date: Tue Jan 3 17:24:58 2012 -0800 s3-cli: fix bug 563, 8GB tar on BE machines Borrows on existing patches proposed by Craig Barratt and Brad Ellis. Signed-off-by: David Disseldorp dd...@suse.de Back-ported to 3.5.x by Jeremy Allison j...@samba.org --- Summary of changes: source3/client/clitar.c | 22 +- 1 files changed, 17 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/clitar.c b/source3/client/clitar.c index fc98fa8..8440a46 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -204,8 +204,10 @@ static void writetarheader(int f, const char *aname, uint64_t size, time_t mtime memset(hb.dbuf.size, 0, 4); hb.dbuf.size[0]=128; - for (i = 8, jp=(char*)size; i; i--) - hb.dbuf.size[i+3] = *(jp++); + for (i = 8; i; i--) { + hb.dbuf.size[i+3] = size 0xff; + size = 8; + } } oct_it((uint64_t) mtime, 13, hb.dbuf.mtime); memcpy(hb.dbuf.chksum, , sizeof(hb.dbuf.chksum)); @@ -307,7 +309,17 @@ of link other than a GNUtar Longlink - ignoring\n)); finfo-mtime_ts = finfo-ctime_ts = convert_time_t_to_timespec((time_t)strtol(hb-dbuf.mtime, NULL, 8)); finfo-atime_ts = convert_time_t_to_timespec(time(NULL)); - finfo-size = unoct(hb-dbuf.size, sizeof(hb-dbuf.size)); + if ((hb-dbuf.size[0] 0xff) == 0x80) { + /* This is a non-POSIX compatible extention to extract files + greater than 8GB. */ + finfo-size = 0; + for (i = 0; i 8; i++) { + finfo-size = 8; + finfo-size |= hb-dbuf.size[i+4] 0xff; + } + } else { + finfo-size = unoct(hb-dbuf.size, sizeof(hb-dbuf.size)); + } return True; } @@ -999,8 +1011,8 @@ static int skip_file(int skipsize) static int get_file(file_info2 finfo) { uint16_t fnum; - int pos = 0, dsize = 0, bpos = 0; - uint64_t rsize = 0; + int dsize = 0, bpos = 0; + uint64_t rsize = 0, pos = 0; DEBUG(5, (get_file: file: %s, size %.0f\n, finfo.name, (double)finfo.size)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 610053a Final part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. via b0bc8be Third part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. via 1076d0d Second part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. via e1cbc6b Fix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write from b217fc3 s3-cli: fix bug 563, 8GB tar on BE machines http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 610053a6dbe0fc109e3e73c1f7cb26ec8dc48c11 Author: Jeremy Allison j...@samba.org Date: Fri Dec 30 21:19:08 2011 -0800 Final part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. The code to set a DOS error on short writeX return is amazingly legacy code, and also breaks the reply as fixup_chain_error_packet() enforces a 2-byte wct on any reply where smb_rcls != 0. Found in testing by Andrew Bartlett. Thanks Andrew ! Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Dec 31 08:05:35 CET 2011 on sn-devel-104 (cherry picked from commit e39df67669f61056692736db9c8dc16fbf2c3624) (cherry picked from commit 627f57f0714f257c6082b21447d122935c6e92e2) commit b0bc8bec29bce808253adf2a95b7fdb7d36a176f Author: Jeremy Allison j...@samba.org Date: Fri Dec 30 20:45:10 2011 -0800 Third part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. Fix default_sys_recvfile() to correctly cope with short writes. Return the amount written. Return -1 and set errno if no data could be written. (cherry picked from commit 5e6263960aaf1a5f9993cb7bb5646d36ff92b9cc) (cherry picked from commit ec9b07e84e806705e22f0cf2eb527fed14efac55) commit 1076d0d0491ca9d988c8095514838975e6fce4ec Author: Jeremy Allison j...@samba.org Date: Fri Dec 30 20:23:00 2011 -0800 Second part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. Split out the functionality of drain_socket() into a separate function from default_sys_recvfile(). (cherry picked from commit a5715420e37b98038fe8f2c3028e4c6938400eed) (cherry picked from commit 7924e459b6677ba3500afff4b78f797e1e0ad83d) commit e1cbc6b4ac55d2cdb55bcfa4dbcd667cedf6ffb2 Author: Jeremy Allison j...@samba.org Date: Sat Dec 24 21:12:09 2011 -0800 Fix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write Bug found and fix suggested by Andrew Bartlett. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sun Dec 25 07:46:38 CET 2011 on sn-devel-104 (cherry picked from commit eb617374a673bb1189dd9b6bccbf3f1d9fb91010) (cherry picked from commit b3f344b5b52096715eb5670b146f477a67af8245) --- Summary of changes: source3/lib/recvfile.c | 75 source3/smbd/reply.c |5 --- 2 files changed, 50 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/recvfile.c b/source3/lib/recvfile.c index ea01596..cc69d42 100644 --- a/source3/lib/recvfile.c +++ b/source3/lib/recvfile.c @@ -29,16 +29,10 @@ * It's safe to make direct syscalls to lseek/write here * as we're below the Samba vfs layer. * - * If tofd is -1 we just drain the incoming socket of count - * bytes without writing to the outgoing fd. - * If a write fails we do the same (to cope with disk full) - * errors. - * * Returns -1 on short reads from fromfd (read error) * and sets errno. * * Returns number of bytes written to 'tofd' - * or thrown away if 'tofd == -1'. * return != count then sets errno. * Returns count if complete success. */ @@ -95,23 +89,26 @@ static ssize_t default_sys_recvfile(int fromfd, num_written = 0; - while (num_written read_ret) { + /* Don't write any more after a write error. */ + while (tofd != -1 (num_written read_ret)) { ssize_t write_ret; - if (tofd == -1) { - write_ret = read_ret; - } else { - /* Write to file - ignore EINTR. */ - write_ret = sys_write(tofd, - buffer + num_written, - read_ret - num_written); - - if (write_ret = 0) { - /* write
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 70bbd7a s3-libsmb: Don't duplicate kerberos service tickets. from 610053a Final part of fix for bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 70bbd7a208014be1cb7f0e58a830787920f1d54c Author: Andreas Schneider a...@samba.org Date: Mon Nov 21 18:19:43 2011 +0100 s3-libsmb: Don't duplicate kerberos service tickets. This fixes bug #8628. Each time we do a client connection. Each time we call to function to get the service ticket from the cache we duplicate it. So with each connection we end up with one or three duplicated tickets. Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104 (cherry picked from commit d0330c7dd64b320cd86e2341b31da6be81ba829b) (cherry picked from commit 60cb113d98d98200b1d8b279591c930e6b0d1857) --- Summary of changes: source3/libsmb/clikrb5.c |5 - 1 files changed, 0 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 7b5cd09..a15fc38 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -2088,11 +2088,6 @@ krb5_error_code smb_krb5_get_credentials(krb5_context context, goto done; } - ret = krb5_cc_store_cred(context, ccache, creds); - if (ret) { - goto done; - } - if (out_creds) { *out_creds = creds; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1854e6a s3-winbind: Add an update function for winbind cache. via b5215ca Fix bug #8521 - winbindd cache timeout expiry test was reversed via 6a761e8 s3:winbind add timeouts to winbind cache from a8037a5 s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1854e6a766e1a7bf55b175d7975d3b6235149c7d Author: Andreas Schneider a...@samba.org Date: Fri Dec 2 16:19:34 2011 -0800 s3-winbind: Add an update function for winbind cache. With 57b3d32 we changed the format for the winbind cache database and the code deleted the database for the upgrade. As this database holds also cached credentials, removing it is not an option. We need to update from version 1 to version 2. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104 (cherry picked from commit a3f600521122d1a6d74d16668bd1ea4447c5c867) The last 3 patches address bug #8658 (Negative / positive winbind cache won't expire till opposite type of query is made). commit b5215ca58c7501e093030c527f82078c8b315b88 Author: Jeremy Allison j...@samba.org Date: Wed Oct 12 09:43:18 2011 -0700 Fix bug #8521 - winbindd cache timeout expiry test was reversed Found and fix reported by Micha Lenk mi...@lenk.info. Thanks ! (cherry picked from commit 1e4761d05978b7a495d121acc1deaa7049f3911c) commit 6a761e873c34badd628a5460dd18830465ec484c Author: Christian Ambach christian.amb...@de.ibm.com Date: Thu Nov 4 17:10:25 2010 +0100 s3:winbind add timeouts to winbind cache This adds a timeout value to cache entries and the NDR records in the winbind cache. The previous approach of just comparing the sequence number has some issues, e.g. when retrying a wbinfo -n operation for a user in a not yet trusted domain was always failing even after the trusted domain was added. The new approach compares sequence number and timeout value to determine if a cache entry is still valid or not. I increased the cache version number so an old cache will be wiped automatically after upgrade. (cherry picked from commit 57b3d32c8d87c4273d30d73fe2bfd3de0178945d) --- Summary of changes: source3/winbindd/winbindd_cache.c | 165 + 1 files changed, 150 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 64a4a1c..ff4eeaa 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -32,7 +32,10 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -#define WINBINDD_CACHE_VERSION 1 +#define WINBINDD_CACHE_VER1 1 /* initial db version */ +#define WINBINDD_CACHE_VER2 2 /* second version with timeouts for NDR entries */ + +#define WINBINDD_CACHE_VERSION WINBINDD_CACHE_VER2 #define WINBINDD_CACHE_VERSION_KEYSTR WINBINDD_CACHE_VERSION extern struct winbindd_methods reconnect_methods; @@ -92,6 +95,7 @@ struct winbind_cache { struct cache_entry { NTSTATUS status; uint32 sequence_number; + uint64 timeout; uint8 *data; uint32 len, ofs; }; @@ -223,6 +227,21 @@ static bool centry_check_bytes(struct cache_entry *centry, size_t nbytes) } /* + pull a uint64 from a cache entry +*/ +static uint64 centry_uint64(struct cache_entry *centry) +{ + uint64 ret; + + if (!centry_check_bytes(centry, 8)) { + smb_panic_fn(centry_uint64); + } + ret = BVAL(centry-data, centry-ofs); + centry-ofs += 8; + return ret; +} + +/* pull a uint32 from a cache entry */ static uint32 centry_uint32(struct cache_entry *centry) @@ -614,9 +633,10 @@ static bool centry_expired(struct winbindd_domain *domain, const char *keystr, s } /* if the server is down or the cache entry is not older than the - current sequence number then it is OK */ - if (wcache_server_down(domain) || - centry-sequence_number == domain-sequence_number) { + current sequence number or it did not timeout then it is OK */ + if (wcache_server_down(domain) + || (centry-sequence_number == domain-sequence_number +centry-timeout time(NULL))) { DEBUG(10,(centry_expired: Key %s for domain %s is good.\n, keystr, domain-name )); return false; @@ -647,15 +667,17 @@ static struct cache_entry *wcache_fetch_raw(char *kstr) centry-len = data.dsize; centry-ofs = 0; - if (centry-len 8) { + if (centry-len 16) { /* huh? corrupt cache? */ -
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a8037a5 s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb from 407c3fa manpage: add more undocumented options to mount.cifs manpage http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a8037a582795ce5bbd9361bf6d000b6110c6eb9b Author: Björn Jacke b...@sernet.de Date: Sat Dec 10 13:53:42 2011 +0100 s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Sat Dec 10 15:30:46 CET 2011 on sn-devel-104 (cherry picked from commit f452add2231906742c9fd119371cd4fd81a1bdd6) Fix bug #8652 (vfs_acl man pages miss ignore system acls option). (cherry picked from commit ceeab5c66cef2c5aa7931329a9976c8173f44467) --- Summary of changes: docs-xml/manpages-3/vfs_acl_tdb.8.xml | 23 --- docs-xml/manpages-3/vfs_acl_xattr.8.xml | 23 --- 2 files changed, 40 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_acl_tdb.8.xml b/docs-xml/manpages-3/vfs_acl_tdb.8.xml index 6f3d84b..a6a05a5 100644 --- a/docs-xml/manpages-3/vfs_acl_tdb.8.xml +++ b/docs-xml/manpages-3/vfs_acl_tdb.8.xml @@ -45,9 +45,26 @@ refsect1 titleOPTIONS/title - para - There are no options for commandvfs_acl_tdb/command. - /para + + variablelist + !-- please keep in sync with the other acl vfs modules that provide the same options -- + varlistentry + termacl_tdb:ignore system acls = [yes|no]/term + listitem + para + When set to emphasisyes/emphasis, a best effort mapping + from/to the POSIX ACL layer will emphasisnot/emphasis be + done by this module. The default is emphasisno/emphasis, + which means that Samba keeps setting and evaluating both the + system ACLs and the NT ACLs. This is better if you need your + system ACLs be set for local or NFS file access, too. If you only + access the data via Samba you might set this to yes to achieve + better NT ACL compatibility. + /para + /listitem + /varlistentry + /variablelist + /refsect1 refsect1 diff --git a/docs-xml/manpages-3/vfs_acl_xattr.8.xml b/docs-xml/manpages-3/vfs_acl_xattr.8.xml index 7e751ad..b4a6363 100644 --- a/docs-xml/manpages-3/vfs_acl_xattr.8.xml +++ b/docs-xml/manpages-3/vfs_acl_xattr.8.xml @@ -49,9 +49,26 @@ refsect1 titleOPTIONS/title - para - There are no options for commandvfs_acl_xattr/command. - /para + + variablelist + !-- please keep in sync with the other acl vfs modules that provide the same options -- + varlistentry + termacl_xattr:ignore system acls = [yes|no]/term + listitem + para + When set to emphasisyes/emphasis, a best effort mapping + from/to the POSIX ACL layer will emphasisnot/emphasis be + done by this module. The default is emphasisno/emphasis, + which means that Samba keeps setting and evaluating both the + system ACLs and the NT ACLs. This is better if you need your + system ACLs be set for local or NFS file access, too. If you only + access the data via Samba you might set this to yes to achieve + better NT ACL compatibility. + /para + /listitem + /varlistentry + /variablelist + /refsect1 refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 407c3fa manpage: add more undocumented options to mount.cifs manpage from d682960 docs: Add missing prefixpath options for mount.cifs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 407c3facf1061616d6dc9a814bab2217ea343040 Author: Jeff Layton jlay...@redhat.com Date: Tue Dec 6 09:32:18 2011 -0500 manpage: add more undocumented options to mount.cifs manpage Signed-off-by: Jeff Layton jlay...@redhat.com Fix bug #8648 (document more undocumented mount.cifs options). --- Summary of changes: docs-xml/manpages-3/mount.cifs.8.xml | 52 +- 1 files changed, 51 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/mount.cifs.8.xml b/docs-xml/manpages-3/mount.cifs.8.xml index 21c7f60..d58859b 100644 --- a/docs-xml/manpages-3/mount.cifs.8.xml +++ b/docs-xml/manpages-3/mount.cifs.8.xml @@ -159,6 +159,17 @@ information. /para /varlistentry varlistentry + termcifsacl/term + listitem + para + This option is used to map CIFS/NTFS ACLs to/from Linux permission + bits, map SIDs to/from UIDs and GIDs, and get and set Security + Descriptors. + /para + /listitem +/varlistentry + +varlistentry termforceuid/term listitem parainstructs the client to ignore any uid provided by @@ -202,7 +213,7 @@ port 445 is tried and if no response then port 139 is tried. /varlistentry varlistentry -termservern=replaceablearg/replaceable/term +termservernetbiosname=replaceablearg/replaceable/term listitempara Specify the server netbios name (RFC1001 name) to use @@ -216,6 +227,13 @@ port 445 is tried and if no response then port 139 is tried. /para/listitem /varlistentry +varlistentry + termservern=replaceablearg/replaceable/term + listitem + parasynonym for emphasisservernetbiosname=/emphasis/para + /listitem +/varlistentry + varlistentry termnetbiosname=replaceablearg/replaceable/term @@ -415,6 +433,15 @@ permissions in memory that can't be stored on the server. This information can d /listitem /varlistentry +varlistentry + termignorecase/term + listitem + para + Synonym for emphasisnocase/emphasis + /para + /listitem +/varlistentry + varlistentry termsec=/term listitem @@ -547,6 +574,29 @@ permissions in memory that can't be stored on the server. This information can d maximum wsize currently allowed by CIFS is 57344 (fourteen 4096 byte pages)/para/listitem /varlistentry + +varlistentry + termnoposixpaths/term + listitem + para + If unix extensions are enabled on a share, then the client will + typically allow filenames to include any character besides '/' in a + pathname component, and will use forward slashes as a pathname + delimiter. This option prevents the client from attempting to + negotiate the use of posix-style pathnames to the server. + /para + /listitem +/varlistentry + +varlistentry + termposixpaths/term + listitem + para + Inverse of emphasisnoposixpaths/emphasis + /para + /listitem +/varlistentry + varlistentry term--verbose/term listitemparaPrint additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:/paraparamount -t cifs //server/share /mnt --verbose -o user=username/para/listitem -- Samba Shared Repository