[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via d5f9deb VERSION: Bump version up to 4.0.27... via 58dd8c8 WHATSNEW: Add release notes for Samba 4.0.26. from 92e4c21 s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit d5f9deb8836d3252332bfdcbfbaa8b54f01728bf Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 21:04:57 2015 +0200 VERSION: Bump version up to 4.0.27... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 58dd8c8a56a628f51c1c329b3381192834e9eadf Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 21:02:54 2015 +0200 WHATSNEW: Add release notes for Samba 4.0.26. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION | 4 +-- WHATSNEW.txt | 82 ++-- 2 files changed, 82 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index db42d5f..1c7ab8c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=26 +SAMBA_VERSION_RELEASE=27 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 80d9c95..88d1cfe 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,82 @@ == + Release Notes for Samba 4.0.26 +May 6, 2015 + == + + +This is the last bug-fix release of the Samba 4.1 release series. +There will be security releases only starting from now. + + +Changes since 4.0.25: +- + +o Jeremy Allison j...@samba.org +* BUG 10982: s3: smbd: Fix *allocate* calls to follow POSIX error return + convention. +* BUG 11094: s3: smbclient: Allinfo leaves the file handle open. + + +o Christian Ambach a...@samba.org +* BUG 9629: Fix 'profiles' tool. + + +o Ira Cooper i...@samba.org +* BUG 5: smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. + + +o David Disseldorp dd...@samba.org +* BUG 10808: printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD. +* BUG 11059: libsmb: Provide authinfo domain for encrypted session + referrals. + + +o Volker Lendecke v...@samba.org +* BUG 11041: smbd: Fix CID 1063259 Uninitialized scalar variable. +* BUG 11051: net: Fix 'net sam addgroupmem'. + + +o Stefan Metzmacher me...@samba.org +* BUG 9299: nsswitch: Fix soname of linux nss_*.so.2 modules. +* BUG 9702: s3:smb2_server: Protect against integer wrap with smb2 max + credits = 65535. +* BUG 10949: s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM + control. +* BUG 10958: libcli/smb: Nnly force signing of smb2 session setups when + binding a new session. +* BUG 11144: Fix memory leak in SMB2 notify handling. +* BUG 11164: s4:auth/gensec_gssapi: Let gensec_gssapi_update() return + NT_STATUS_LOGON_FAILURE for unknown errors. + + +o Christof Schmitt c...@samba.org +* BUG 11034: winbind: Retry after SESSION_EXPIRED error in ping-dc. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.0.25
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 92e4c21 s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors from 786cbeb s3:configure: require external talloc = 2.1.2 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 92e4c218156fd99627b1b8dc3696c6820affbb2f Author: Stefan Metzmacher me...@samba.org Date: Fri Mar 13 14:39:10 2015 +0100 s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors The 'nt_status' variable is set to NT_STATUS_OK before. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11164 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 09b3e42e70b35bfa1985e70780a67085644b9914) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Apr 9 22:54:29 CEST 2015 on sn-devel-104 --- Summary of changes: source4/auth/gensec/gensec_gssapi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 2b09665..b9e5c37 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -643,14 +643,14 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, gensec_security-gensec_role == GENSEC_CLIENT ? client : server, gensec_gssapi_state-gss_exchange_count, gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state-gss_oid))); - return nt_status; + return NT_STATUS_LOGON_FAILURE; } } else { DEBUG(1, (GSS %s Update(%d) failed: %s\n, gensec_security-gensec_role == GENSEC_CLIENT ? client : server, gensec_gssapi_state-gss_exchange_count, gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state-gss_oid))); - return nt_status; + return NT_STATUS_LOGON_FAILURE; } break; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 786cbeb s3:configure: require external talloc = 2.1.2 via 28e014b talloc: version 2.1.2 via 79f15e0 talloc: fix _talloc_total_limit_size prototype via 3cbf66c lib: talloc: Test suite for the new destructor reparent logic. via 1b584cf lib: talloc: Allow destructors to reparent the object they're called on. via 8194d06 lib: talloc: Fix bug when calling a destructor. via 6640cfa talloc:build: improve detection of srcdir via 8eb3271 talloc: version 2.1.1 via 509dd16 talloc/tests: avoid some unused variable warnings via 243be7a talloc: fix compiler warning via f2396a6 talloc: check for TALLOC_GET_TYPE_ABORT_NOOP via 51cc876 talloc: avoid a function call in TALLOC_FREE() if possible. via 61e6848 talloc: inline talloc_get_name() via 0886602 talloc: inline more static functions via 4419cad talloc: Tune talloc_vasprintf via d9e00c6 talloc: Update flags in pytalloc-util pkgconfig file via 6e5df36 Add a basic guide on pytalloc. via 2d30bcb talloc: Add a warning to talloc_reference() documentation. via 2c3ca8f talloc: Test the pooled object via eb093c2 talloc: Add talloc_pooled_object via fb91890 talloc: Allow nested pools. via 040a3e1 talloc: Add a separate pool size via e5ff3e1 talloc: Put pool-specific data before the chunk via aa2a731 talloc: Introduce __talloc_with_prefix via 164fb45 talloc: Decouple the dual use of chunk-pool via 61c0ed7 Fix valgrind errors with memmove and talloc pools. via 571ac8c Add simple limited pool tests to test_memlimit(). via 18e14d6 Remove talloc_memlimit_update(). No longer used. via cf58b43 Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free. via e9f3ce8 Don't call talloc_memlimit_update() inside _talloc_realloc() when we're just manipulating pool members. via 2435334 Fix a conditional check. (size - tc-size 0) is always true if size and tc-size are unsigned. via 378363f In _talloc_steal_internal(), correctly decrement the memory limit in the source, and increment in the destination. via e17b670 Inside _talloc_free_internal(), always call talloc_memlimit_update_on_free() before we free the real memory. via 0aa59ad Update memory limits when we call free() on a pool. via 681728a Change __talloc() to only call talloc_memlimit_check()/talloc_memlimit_grow() on actual malloc allocation. via a49237c Change _talloc_total_mem_internal() to ignore memory allocated from a pool when calculating limit size. via ddde41c Remove magic TC_HDR_SIZE handling inside talloc_memlimit_check(). via 079a5e6 Start to fix talloc memlimits with talloc pools. via 6afc7bc talloc: Fix a typo via e762b71 talloc: only provide the --enable-talloc-compat1 in standalone build via 9935376 talloc: Simplify _talloc_free_poolmem a bit via 1828505 talloc: Do an early return via 5c2eade talloc: Avoid some else by doing early returns via 61150fb talloc: Fix nonblank line endings via 856220d talloc: Convert error cecking macros into fns via 07ca908 Add tests for talloc_memlimit via 1460f36 Add memory limiting capability to talloc from 594e911 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 786cbeb335a687d1d2d5028e4c51fcca7d22c7da Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 10 10:51:11 2015 +0100 s3:configure: require external talloc = 2.1.2 Signed-off-by: Stefan Metzmacher me...@samba.org BUG: https://bugzilla.samba.org/show_bug.cgi?id=11144 Memory leak in SMB2 notify handling. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Mar 16 00:22:31 CET 2015 on sn-devel-104 commit 28e014b37db0f1bfc8204f71be6a72e321bf5847 Author: Stefan Metzmacher me...@samba.org Date: Mon Mar 9 09:07:24 2015 +0100 talloc: version 2.1.2 Changes: - Allow destructors to reparent the object - Allow destructors to remove itself - Build improvements Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Günther Deschner g...@samba.org (cherry picked from commit 7bef5e4f0e5ff4a4187f3d63e51a1725ff32b771) commit 79f15e0f58bdb2e3ac9bbf3ae61c696abfdefd4a Author: Stefan Metzmacher me...@samba.org Date: Tue Jan 27 13:07:34 2015 +0100 talloc: fix _talloc_total_limit_size prototype Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Ralph Boehme s...@samba.org (cherry picked from commit 3929abfc6b5a3ae8a27da57d4dbee9524e3585e3) commit 3cbf66c06770c33c1fe2ba4135eabc8c6ba95f9f Author:
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 594e911 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. from 2722ad6 Merge tag 'samba-4.0.25' into v4-0-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 594e911269c81b4c810864ee69dc9cc6eee2f32b Author: Ira Cooper i...@samba.org Date: Thu Jan 15 11:41:50 2015 -0500 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. This sequencing is causing problems for vfs_ceph, and likely other vfs modules. Signed-off-by: Ira Cooper i...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Jan 16 00:13:17 CET 2015 on sn-devel-104 (cherry picked from commit 81464daea71e5fa3067ec7d5f5c69c890c0f7949) BUG: https://bugzilla.samba.org/show_bug.cgi?id=5 S3: vfs_Chdir() is called after SMB_VFS_DISCONNECT in source3/smbd/service.c::close_cnum(). Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Mar 2 23:25:27 CET 2015 on sn-devel-104 --- Summary of changes: source3/smbd/service.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 19c02d6..6d31338 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1128,12 +1128,12 @@ void close_cnum(connection_struct *conn, uint64_t vuid) talloc_tos()), lp_servicename(talloc_tos(), SNUM(conn; - /* Call VFS disconnect hook */ - SMB_VFS_DISCONNECT(conn); - /* make sure we leave the directory available for unmount */ vfs_ChDir(conn, /); + /* Call VFS disconnect hook */ + SMB_VFS_DISCONNECT(conn); + /* execute any postexec = line */ if (*lp_postexec(talloc_tos(), SNUM(conn)) change_to_user(conn, vuid)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 2722ad6 Merge tag 'samba-4.0.25' into v4-0-test via 4395552 VERSION: Disable git snapshots for the 3.0.25 release. via 28babc0 WHATSNEW: Add release notes for Samba 3.0.25. via 5b833f0 auth: Make sure that creds_out is initialized with NULL. via 1981e7a s3-netlogon: Make sure we do not deference a NULL pointer. via 6ae0a8a CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. via 4060da4 VERSION: Re-enable git snapshots. via 3865c60 VERSION: Bump version up to 4.0.25. from 1a13242 VERSION: Bump version up to 4.0.26. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 2722ad6ccbba52d0ea0a556017eba09a719797ff Merge: 1a13242 4395552 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 26 11:18:38 2015 +0100 Merge tag 'samba-4.0.25' into v4-0-test samba: tag release samba-4.0.25 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1a13242 VERSION: Bump version up to 4.0.26. via 31b74e8 VERSION: Disable git snapshots for the 3.0.25 release. via bad8f6d WHATSNEW: Add release notes for Samba 3.0.25. via 1d573da auth: Make sure that creds_out is initialized with NULL. via 9d5417d s3-netlogon: Make sure we do not deference a NULL pointer. via 43feed1 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. from 0d5069f s3: smbclient: Allinfo leaves the file handle open. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1a13242bc488dad82b0ae5a232933df4936ecff2 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 23 14:39:52 2015 +0100 VERSION: Bump version up to 4.0.26. Signed-off-by: Karolin Seeger ksee...@samba.org commit 31b74e8602b1d80b56425bf7d6ab94cf2dd316a3 Author: Karolin Seeger ksee...@samba.org Date: Sun Feb 22 14:24:55 2015 +0100 VERSION: Disable git snapshots for the 3.0.25 release. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger ksee...@samba.org commit bad8f6dc6fa6a8c597c92f77e08a7e77b30fdb23 Author: Karolin Seeger ksee...@samba.org Date: Sat Feb 21 21:29:36 2015 +0100 WHATSNEW: Add release notes for Samba 3.0.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger ksee...@samba.org commit 1d573daf6c9811d963c8c0b832ffa134a175fddc Author: Andreas Schneider a...@samba.org Date: Mon Feb 16 10:56:03 2015 +0100 auth: Make sure that creds_out is initialized with NULL. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam ob...@samba.org Pair-Programmed-With: Andreas Schneider a...@samba.org Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 9d5417d09fb9fcbc0f0f86a00b728d88781dd3a4 Author: Andreas Schneider a...@samba.org Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam ob...@samba.org Pair-Programmed-With: Andreas Schneider a...@samba.org Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org commit 43feed106993cbe28b38a101332934b35820a506 Author: Jeremy Allison j...@samba.org Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: VERSION | 4 +- WHATSNEW.txt| 60 - libcli/auth/schannel_state_tdb.c| 4 ++ source3/rpc_server/netlogon/srv_netlog_nt.c | 13 ++- 4 files changed, 75 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 705c416..db42d5f 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=25 +SAMBA_VERSION_RELEASE=26 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 777997f..80d9c95 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ == + Release Notes for Samba 4.0.25 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0d5069f s3: smbclient: Allinfo leaves the file handle open. from 40b9149 printing/cups: pack requested-attributes with IPP_TAG_KEYWORD https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0d5069f9c1fddc48019a773bd34708307dd1e401 Author: Jeremy Allison j...@samba.org Date: Tue Feb 10 09:32:11 2015 -0800 s3: smbclient: Allinfo leaves the file handle open. https://bugzilla.samba.org/show_bug.cgi?id=11094 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Tue Feb 10 23:28:46 CET 2015 on sn-devel-104 (cherry picked from commit 080ec0f7d9735b27138deb5f91a397935f089f02) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Feb 16 23:13:45 CET 2015 on sn-devel-104 --- Summary of changes: source3/client/client.c | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index a3a1d0a..842b3b6 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1812,6 +1812,7 @@ static int do_allinfo(const char *name) } TALLOC_FREE(snapshots); + cli_close(cli, fnum); return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 40b9149 printing/cups: pack requested-attributes with IPP_TAG_KEYWORD from 9f56abb s3:smb2_server: protect against integer wrap with smb2 max credits = 65535 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 40b914955f6b6ee7eac2a77327d686cb81dc13e3 Author: David Disseldorp dd...@samba.org Date: Tue Feb 3 19:26:42 2015 +0100 printing/cups: pack requested-attributes with IPP_TAG_KEYWORD The CUPS IPP_GET_JOBS requested-attributes array indicates which job attributes the caller would like in the cupsd response. Until now, Samba has packed these attributes with a IPP_TAG_NAME format tag. In recent versions of CUPS, this results in the IPP_GET_JOBS response only including the job-id and job-printer-uri fields, even with JobPrivateValues=none configured. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10808 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Feb 10 01:38:58 CET 2015 on sn-devel-104 (cherry picked from commit 2f4998113e539ea4ba6fb0a72ba6ac25c9d74bd6) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Feb 10 23:14:19 CET 2015 on sn-devel-104 --- Summary of changes: source3/printing/print_cups.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 9a47843..766e35e 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -1155,7 +1155,7 @@ static int cups_queue_get(const char *sharename, ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, attributes-natural-language, NULL, language-language); -ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_NAME, +ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, requested-attributes, (sizeof(jattrs) / sizeof(jattrs[0])), NULL, jattrs); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1f9586f dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable via f69bee5 Revert dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable via 19e184e libsmb: provide authinfo domain for encrypted session referrals via 371d159 libsmb: provide authinfo domain for DFS referral auth via 2856b64 libsmb: reuse connections derived from DFS referrals from f9693a1 VERSION: Bump version up to 4.0.25. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1f9586f12afb432f469f0dbfab9a2727a9db454a Author: Garming Sam garm...@catalyst.net.nz Date: Thu Dec 4 11:53:12 2014 +1300 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable This includes additional tests based directly on the docs, rather than simply testing our internal implementation in client and server contexts, that create a user and groups. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022 Pair-programmed-with: Garming Sam garm...@catalyst.net.nz Signed-off-by: Garming-Sam garm...@catalyst.net.nz Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104 (similar to commit e4213512d0a967e87a74a1ae816c903fb38dd8b9) Change-Id: Ia98bf5a62bb69e15ae6420b34e09a65c1f3e79dd Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Jan 29 23:19:43 CET 2015 on sn-devel-104 commit f69bee506c2a309340aefaa17522d82ea1003543 Author: Stefan Metzmacher me...@samba.org Date: Mon Jan 26 23:48:01 2015 +0100 Revert dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable This reverts commit 017ff207a6883a50705de985e8653e2a05f3b024. commit 19e184e63db2ca5cf81941911d28c681bdbc0dc0 Author: David Disseldorp dd...@samba.org Date: Mon Jan 19 13:39:35 2015 +0100 libsmb: provide authinfo domain for encrypted session referrals 6c9de0cd056afc0b478c02f1bdb0e06532388037 requires this extra change. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Jan 21 04:29:06 CET 2015 on sn-devel-104 (cherry picked from commit 6da86012a2ca521efe0cf1bf05fcd04c3099b190) commit 371d159e2db2679d7346475b625a870dda4a5852 Author: David Disseldorp dd...@samba.org Date: Fri Jan 16 16:21:23 2015 +0100 libsmb: provide authinfo domain for DFS referral auth libsmbclient uses the smbc_init-smbc_get_auth_data_fn() provided workgroup/domain in initial connections, but then switches to the default smb.conf workgroup/domain when handling DFS referrals. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 6c9de0cd056afc0b478c02f1bdb0e06532388037) [dd...@samba.org: 4.0 rebase with cli_init_creds() call] commit 2856b641f321ecfd430fef24cd1158c0e2a1dd01 Author: David Disseldorp dd...@samba.org Date: Fri Jan 16 16:21:22 2015 +0100 libsmb: reuse connections derived from DFS referrals [MS-DFSC] 3.2.1.1 and 3.2.1.2 states that DFS targets with the same site location or relative cost are placed in random order in a DFS referral response. libsmbclient currently resolves DFS referrals on every API call, always using the first entry in the referral response. With random ordering, libsmbclient may open a new server connection, rather than reuse an existing (cached) connection established in a previous DFS referred API call. This change sees libsmbclient check the connection cache for any of the DFS referral response entries before creating a new connection. This change is based on a patch by Har Gagan Sahai sharga...@novell.com. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10123 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 7b7d4f740fe5017107d3100041cc8c7982f0eac7) [dd...@samba.org: 4.0 rebase without smbXcli_tcon context] --- Summary of changes: source3/libsmb/clidfs.c | 118 +++ source4/dsdb/tests/python/token_group.py | 4 +- 2 files changed, 92 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clidfs.c
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f9693a1 VERSION: Bump version up to 4.0.25. via 9b14925 Merge tag 'samba-4.0.24' into v4-0-test via 654b1d1 smbd: Fix CID 1063259 Uninitialized scalar variable via 03299a2 net: Fix sam addgroupmem via 017ff20 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable via 3be3266 VERSION: Disable git snapshots for the 4.0.24 release. via 65a088d WHATSNEW: Add release notes for Samba 4.0.24. via 3d221ef CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 01a4bd7 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via 5acd6c0 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 392523a CVE-2014-8143:auth: Force talloc type of session_info pointer to match via 003ae6a VERSION: Bump version up to 4.0.24... from 4f6075e nsswitch: fix soname of linux nss_*.so.2 modules https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f9693a1766b88ce068bb04c88f1a41ce3330e2cc Author: Karolin Seeger ksee...@samba.org Date: Thu Jan 15 12:12:10 2015 +0100 VERSION: Bump version up to 4.0.25. Signed-off-by: Karolin Seeger ksee...@samba.org commit 9b14925b20aac0f2f8aac60d7e63f50c128bffd1 Merge: 654b1d1 3be3266 Author: Karolin Seeger ksee...@samba.org Date: Thu Jan 15 12:11:57 2015 +0100 Merge tag 'samba-4.0.24' into v4-0-test samba: tag release samba-4.0.24 commit 654b1d119cd7127d0d60f36b8bec1efb20032431 Author: Volker Lendecke v...@samba.org Date: Sun Aug 18 20:35:32 2013 + smbd: Fix CID 1063259 Uninitialized scalar variable Signed-off-by: Volker Lendecke v...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=11041 Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30) Reviewed-by: David Disseldorp dd...@samba.org commit 03299a23d82f653917a6df31e8bb786c26f5eb1b Author: Volker Lendecke v...@samba.org Date: Tue Jan 13 12:51:13 2015 +0100 net: Fix sam addgroupmem Domain local groups come across as SID_TYPE_ALIAS and are sent to us in the PAC/Info3 struct. We should allow this in net sam addgroupmem. Volker Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Guenther Deschner g...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=11051 Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Tue Jan 13 15:28:16 CET 2015 on sn-devel-104 commit 017ff207a6883a50705de985e8653e2a05f3b024 Author: Garming Sam garm...@catalyst.net.nz Date: Thu Dec 4 11:53:12 2014 +1300 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable This includes additional tests based directly on the docs, rather than simply testing our internal implementation in client and server contexts, that create a user and groups. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022 Pair-programmed-with: Garming Sam garm...@catalyst.net.nz Signed-off-by: Garming-Sam garm...@catalyst.net.nz Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104 (similar to commit e4213512d0a967e87a74a1ae816c903fb38dd8b9) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 53 +++- librpc/idl/security.idl | 13 +- source3/smbd/process.c | 1 + source3/utils/net_sam.c | 8 +- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c| 1 + source4/dsdb/samdb/ldb_modules/operational.c | 66 - source4/dsdb/samdb/ldb_modules/samldb.c | 192 ++- source4/dsdb/samdb/samdb.h | 6 + source4/dsdb/tests/python/token_group.py | 347 ++- source4/rpc_server/lsa/dcesrv_lsa.c | 15 +- source4/setup/schema_samba4.ldif | 1 + 14 files changed, 686 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a0ec102..705c416 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=24 +SAMBA_VERSION_RELEASE=25 # If a official release has a serious
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4f6075e nsswitch: fix soname of linux nss_*.so.2 modules via 53f27f1 selftest: use shared/libnss_wrapper_winbind.so.2 via 61c1e5a wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY() via ae18bda winbind: Retry after SESSION_EXPIRED error in ping-dc via db79019 winbind: Retry LogonControl RPC in ping-dc after session expiration from eb3ed91 libcli/smb: only force signing of smb2 session setups when binding a new session https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4f6075e4ccc8d42c530477e1458db3a2d32f0f5e Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 18 10:33:34 2014 +0100 nsswitch: fix soname of linux nss_*.so.2 modules Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (similar to commit 575b093dac3c509b1bfaab0b4ad29b9b4214e487) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Jan 11 16:10:35 CET 2015 on sn-devel-104 commit 53f27f12fe6e1c172adf4ae7d0195152a1bcfe6b Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 18 20:13:44 2014 +0100 selftest: use shared/libnss_wrapper_winbind.so.2 This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (similar to commit 4eb24fa545234be506eb1330ccbbfd5c2b9e0d82) commit 61c1e5af41e34da96973eb7e5856c276710b1118 Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 18 10:21:30 2014 +0100 wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY() Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (similar to commit 82e583b04b04e560c121163850d70c52d2fce78d) commit ae18bda975dee2351b9af59120fe8b8de1dc56b3 Author: Christof Schmitt c...@samba.org Date: Fri Dec 19 12:24:53 2014 -0700 winbind: Retry after SESSION_EXPIRED error in ping-dc Trying to establish a netlogon connection when the service ticket expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The underlying client code already marks the session as invalid, so retry the netlogon connect in this case. Signed-off-by: Christof Schmit c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jan 6 02:58:57 CET 2015 on sn-devel-104 (cherry picked from commit a2670f15dea27c10e3827216adf572f9c3894f85) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034 commit db7901981d3518bb8db7578bcb03f3787b3b080b Author: Christof Schmitt c...@samba.org Date: Mon Dec 22 15:19:47 2014 -0800 winbind: Retry LogonControl RPC in ping-dc after session expiration When the underlying session expires, the LogonControl RPC call used in ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case, instead of returning the error to the caller. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104 (cherry picked from commit 2fdc55160309cec89aeb88243cb18d058c67e918) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11034 --- Summary of changes: buildtools/wafsamba/wafsamba.py | 6 +- nsswitch/wscript_build | 24 ++-- selftest/target/Samba.pm | 2 +- source3/winbindd/winbindd_dual_srv.c | 18 ++ source3/wscript_build| 7 --- source4/selftest/tests.py| 2 +- 6 files changed, 43 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index d26b7b5..ba8b40b 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -109,6 +109,7 @@ def SAMBA_LIBRARY(bld, libname, source, ldflags='', external_library=False, realname=None, + keep_underscore=False, autoproto=None, autoproto_extra_source='', group='libraries', @@ -209,7 +210,10 @@ def SAMBA_LIBRARY(bld, libname, source,
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via eb3ed91 libcli/smb: only force signing of smb2 session setups when binding a new session via f27d938 s3:smb2_server: allow reauthentication without signing via a7bee71 s3:smb2_server: use the global signing key to check if signing is required via cc66e97 testprogs/test_ldb: check rootdse search with extended-dn control via cc5599e s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control via 759e3fd s3:utils/profiles fix a use after free via 997f6a9 s3:registry/regfio fix some valgrind warnings via e71772e s3:registry/regfio read SD from the correct location via de99f7e s3: modules: Fix *allocate* calls to follow POSIX error return convention. via 0ad2013 s3: smbd: Fix *allocate* calls to follow POSIX error return convention. via 339bac8 s3: smbd: Fix *allocate* calls to follow POSIX error return convention. from b1adeee VERSION: Bump version up to 4.0.24... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit eb3ed9164ece272653b5cdc9a5ea3188cdb91dd5 Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 12 13:55:38 2014 + libcli/smb: only force signing of smb2 session setups when binding a new session Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104 (cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Dec 18 23:32:50 CET 2014 on sn-devel-104 commit f27d938a674308e8d0a4b6b24f67af596f1bf8f9 Author: Stefan Metzmacher me...@samba.org Date: Fri Dec 12 09:22:15 2014 +0100 s3:smb2_server: allow reauthentication without signing If signing is not required we should not require it for reauthentication. Windows clients would otherwise fail to reauthenticate. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72) commit a7bee718e69db2b0dbfa24ad3ba705ce59cb77de Author: Stefan Metzmacher me...@samba.org Date: Thu Jun 12 15:10:11 2014 +0200 s3:smb2_server: use the global signing key to check if signing is required If we have a channel session key, we also always have a global session key. For multi-channel it's possible that the channel session key is not in place yet, in that case the global session key needs to be used. In both cases (reauth or session bind) we session setup requests need to be signed. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14) commit cc66e97d14116995ecc6a862de6fe91c8f89a83f Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 21 14:11:54 2014 +0100 testprogs/test_ldb: check rootdse search with extended-dn control Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Guenther Deschner g...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104 (cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2) commit cc5599e81e262ca0d3a21ae37e7f00fc62541a90 Author: Stefan Metzmacher me...@samba.org Date: Thu Nov 20 14:21:06 2014 +0100 s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control Otherwise we can't find the GUID of the 'serverName' attribute as ANONYMOUS. This results in root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName search error - LDAP error 1 LDAP_OPERATIONS_ERROR - 2020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567 While it works as system: root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName # record 1 dn: serverName: GUID=348c35e1-04e3-4988-a32c-32478d584551;CN=UB1204-161,CN=Serve rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base # returned 1 records # 1 entries # 0 referrals Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Guenther Deschner g...@samba.org (cherry picked from commit
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via b1adeee VERSION: Bump version up to 4.0.24... via 21764ef VERSION: Disable git snapshots for the 4.0.23 release. via 7771dd9 WHATSNEW: Add release notes for Samba 4.0.23. from fa1312b Revert buildtools: Rename perl vendorarch configure option. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit b1adeee4aed02f3066f9a96f20daeb3dce43b68c Author: Karolin Seeger ksee...@samba.org Date: Sun Dec 7 21:47:37 2014 +0100 VERSION: Bump version up to 4.0.24... ...and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 21764ef2249447cf480044486d6537ffbca6063d Author: Karolin Seeger ksee...@samba.org Date: Sun Dec 7 21:46:20 2014 +0100 VERSION: Disable git snapshots for the 4.0.23 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit 7771dd9b947b4a4a7b1206b6a7ebc542f768ea13 Author: Karolin Seeger ksee...@samba.org Date: Sun Dec 7 21:44:58 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.23. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 98 ++-- 2 files changed, 97 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 58717fc..a0ec102 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=23 +SAMBA_VERSION_RELEASE=24 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2ef83ad..c74580b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,98 @@ == + Release Notes for Samba 4.0.23 + December 08, 2014 + == + + +This is the latest stable release of Samba 4.0. + + +Changes since 4.0.22: +- + +o Michael Adam ob...@samba.org +* BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream + state. + + +o Jeremy Allison j...@samba.org +* BUG 10711: s3:daemons: Ensure nmbd and winbindd are consistent in + command line processing by adding POPT_COMMON_DYNCONFIG. +* BUG 10779: pthreadpool: Slightly serialize jobs. +* BUG 10830: s3:nmbd: Ensure the main nmbd process doesn't create zombies. +* BUG 10831: SIGCLD Signal handler not correctly reinstalled on old library + code use - smbrun etc. +* BUG 10848: s3:smb2cli: Query info return length check was reversed. +* BUG 10896: s3:nmbd: Fix netbios name truncation. + + +o Günther Deschner g...@samba.org +* BUG 9984: s3-libnet: Make sure we do not overwrite precreated SPNs. + + +o David Disseldorp dd...@samba.org +* BUG 10898: spoolss: Fix handling of bad EnumJobs levels. +* BUG 10905: spoolss: Fix print job enumeration. + + +o Björn Jacke b...@sernet.de +* BUG docs: Mention incompatibility between kernel oplocks and + streams_xattr. + + +o Volker Lendecke v...@samba.org +* BUG 10860: registry: Don't leave dangling transactions. +* BUG 10932: pdb_tdb: Fix a TALLOC/SAFE_FREE mixup. + + +o Stefan Metzmacher me...@samba.org +* BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream + state. +* BUG 10921: s3:smbd: Fix file corruption using write cache size != 0. + + +o Christof Schmitt c...@samba.org +* BUG 10838: s3-winbindd: Do not use domain SID from LookupSids for +* Sids2UnixIDs call. + + +o Andreas Schneider a...@samba.org +* BUG 9984: s3-libnet: Add libnet_join_get_machine_spns(). +* BUG 9985: s3-libads: Add all machine account principals to the keytab. +* BUG 10472: wafsamba: If perl can't provide defaults, define them. +* BUG 10824: nsswitch: Skip groups we were not able to map. +* BUG 10829: s3-libads: Improve service principle guessing. + + +o Richard Sharpe realrichardsha...@gmail.com +* BUG: source3/smbd/process.c::srv_send_smb() returns true on the error + path. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via fa1312b Revert buildtools: Rename perl vendorarch configure option. via c0b2e50 Revert buildtools: Add perl vendorlib configure option. via f5b9478 Revert wafsamba: If perl can't provide defaults, define them. via 350b5a9 Revert wafsamba: Fail with error message if perl doesn't provide valid dirs. via 31259de3 pidl/wscript: remove --with-perl-* options via 24cefe9 Revert autobuild: Set perl vendorlib direcotry. via cba45a0 Revert script/autobuild: make use of --with-perl-{arch,lib}-install-dir via 8909e3a pidl: remove superfluous use lib via 9a05421 pidl: fix the perl module search path (use lib ...) when installing pidl. via 6d80bf2 wafsamba: add perl_fixup parameter to INSTALL_FILES via c32733c s3:build: don't detect perl in source3/wscript again. via c4206a4 pidl/wscript: don't check for perl again. via 23d6857 build: do full SAMBA_CHECK_PERL() check in configure via 0a7eb79 wafsamba: add samba_perl.py with SAMBA_CHECK_PERL() higher level check. via 8e22d02 dynconfig: implement PERL_ARCH_INSTALL_DIR via b93425a dynconfig: implement PERL_LIB_INSTALL_DIR. via f96620b lib/ldb/wscript: pass dep_vars=['LDB_VERSION'] to SAMBA_GENERATOR() via 6efcb38 docs-xml/wscript_build: pass dep_vars=bld.dynconfig_varnames() to SAMBA_GENERATOR() via 9568232 dynconfig/wscript: add dynconfig_varnames() via 8f14452 wafsamba: let SAMBA_BLDOPTIONS() use dep_vars=['defines'] instead of always=True via 456fff6 wafsamba: fix dependencies on environment variables for python_fixup via 3fa0be6 wafsamba: allow an optional dep_vars list to be passed to SAMBA_GENERATOR() via b0e06ec wafsamba: fix dependency for SAMBA_GENERATOR() when passing vars!=None via 569dc70 wafsamba: fix dependency calculation for SAMBA_GENERATOR() via e6c47c7 wafsamba: improve wording in a comment via ddde1a3 wafsamba: remove unused variable from copy_and_fix_python_path via 34fd427 docs: Always declare rule to build parameters.all.xml and do it first via ec40d2d docs: define and include entities for the docs via 39da7d0 docs: remove the file prefix from included path names via 899e891 docs: update XInclude year to conform with current standard via eacacbf pdb_tdb: Fix a TALLOC/SAFE_FREE mixup via 5632bd1 spoolss: remove unused fill_job_info3() via d36d541 spoolss: fix jobid in level 3 EnumJobs response via 89e112d spoolss: fix jobid in level 2 GetJob and EnumJobs responses via 8812feb spoolss: fix jobid in level 1 GetJob and EnumJobs responses via 0b1a54b spoolss: fix GetJob jobid lookups via 136f4d0 printing: add jobid_to_sysjob helper function from 7e486b9 s3:smbd: fix file corruption using write cache size != 0 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fa1312b49a4976307108ead6d904fb27120148f2 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:48 2014 +0200 Revert buildtools: Rename perl vendorarch configure option. This reverts commit 04685ff4eed9535769d6a5feee7353f1796a4389. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 9 03:07:20 CEST 2014 on sn-devel-104 (cherry picked from commit 1f878b9986523ce9e35dd74ae3c201f4e55f66f3) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Nov 18 23:11:44 CET 2014 on sn-devel-104 commit c0b2e50b2488b68ad9de1af4da94d2525451ef49 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:40 2014 +0200 Revert buildtools: Add perl vendorlib configure option. This reverts commit 48f0183dbeddd7bdf333a40fe0d3e1c7e7fe00f2. We are reverting buildtools/wafadmin/Tools/perl.py back to upstream state. Everything special is now in buildtools/wafsamba/samba_perl.py. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 0b91f7d806b9d18881edb8df981a9eeb057580e5) commit f5b94786745f274d60de7abb7d67cbed3f10a786 Author: Michael Adam ob...@samba.org Date: Thu Sep 4 12:45:32 2014 +0200 Revert wafsamba: If perl can't provide defaults, define them. This reverts commit 0ba276ebad57d75a769e22414f94acbe8c177d97. We are reverting
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 7e486b9 s3:smbd: fix file corruption using write cache size != 0 from 1b0da1d spoolss: fix handling of bad EnumJobs levels https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7e486b942c7e5cd923bb9ced6b7bc9649bc7100e Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 7 15:57:40 2014 -0800 s3:smbd: fix file corruption using write cache size != 0 A client can: - open a handle (h1) - write some data to h1. - open a 2nd handle h2 (downgrades both handles to level II) - try to read the data on h2 (this gets old data) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10921 Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Nov 9 22:51:19 CET 2014 on sn-devel-104 --- Summary of changes: source3/smbd/oplock.c | 3 +++ 1 file changed, 3 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 95d88ef..045fd469 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -151,6 +151,9 @@ static void downgrade_file_oplock(files_struct *fsp) sconn-oplocks.level_II_open++; fsp-sent_oplock_break = NO_BREAK_SENT; + flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH); + delete_write_cache(fsp); + TALLOC_FREE(fsp-oplock_timeout); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1b0da1d spoolss: fix handling of bad EnumJobs levels via 76ff1da s3-nmbd: Fix netbios name truncation. via e158ed9 There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false. via 2ec015b s3: daemons - ensure nmbd and winbindd are consistent in command line processing by adding POPT_COMMON_DYNCONFIG. from 5b9d192 s3: nmbd: Ensure the main nmbd process doesn't create zombies. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1b0da1d8bac7e8dfb52e723a7753b75ce8053a9c Author: David Disseldorp dd...@samba.org Date: Mon Oct 27 20:13:59 2014 +0100 spoolss: fix handling of bad EnumJobs levels Currently Samba is inconsistent when returning WERR_UNKNOWN_LEVEL errors for spoolss EnumJobs requests - if no print jobs are present, then WERR_OK will be returned, regardless of whether the EnumJobs level is supported or not. This change fixes this behaviour, by catching invalid or unsupported levels prior to the no-jobs response fast-path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10898 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Oct 28 03:05:35 CET 2014 on sn-devel-104 (cherry picked from commit d4f233a746d89e13aae78008b499c71b695ff882) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Oct 29 23:28:50 CET 2014 on sn-devel-104 commit 76ff1da55d36677a809c2c93761e713b6c2fae1c Author: Jeremy Allison j...@samba.org Date: Tue Oct 28 11:55:30 2014 -0700 s3-nmbd: Fix netbios name truncation. Try and cope with truncation more intelligently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10896 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 6adcc7bffd5e1474ecba04d2328955c0b208cabc) Signed-off-by: Andreas Schneider a...@samba.org commit e158ed9d56c1d125deab00b46f325c5147045801 Author: Richard Sharpe realrichardsha...@gmail.com Date: Mon Jul 22 16:04:43 2013 -0700 There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false. Even if the write to the socket/fd fails, we never return false and will keep reading stuff off of the input buffer until it is exhausted and then we will exit. Signed-off-by: Richard Sharpe rsha...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Sat Aug 3 17:41:22 CEST 2013 on sn-devel-104 (cherry picked from commit 852c9ac34dbef66d0b2619554c611157c2fab771) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10880 S3: source3/smbd/process.c::srv_send_smb() returns true on the error path. commit 2ec015ba04ae821b99d99201bd8d80f09c7fe4e8 Author: Jeremy Allison j...@samba.org Date: Mon Jul 14 16:13:24 2014 -0700 s3: daemons - ensure nmbd and winbindd are consistent in command line processing by adding POPT_COMMON_DYNCONFIG. Bug #10711 - nmbd fails to accept --piddir option. https://bugzilla.samba.org/show_bug.cgi?id=10711 Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/nmbd/nmbd.c |3 +- source3/nmbd/nmbd_nameregister.c| 76 --- source3/rpc_server/spoolss/srv_spoolss_nt.c |7 ++- source3/smbd/process.c |2 +- source3/winbindd/winbindd.c |1 + 5 files changed, 78 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index c924dd4..6990ae7 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -798,7 +798,8 @@ static bool open_sockets(bool isdaemon, int port) {hosts, 'H', POPT_ARG_STRING, p_lmhosts, 0, Load a netbios hosts file}, {port, 'p', POPT_ARG_INT, global_nmb_port, 0, Listen on the specified port }, POPT_COMMON_SAMBA - { NULL } + POPT_COMMON_DYNCONFIG + POPT_TABLEEND }; TALLOC_CTX *frame; NTSTATUS status; diff --git a/source3/nmbd/nmbd_nameregister.c b/source3/nmbd/nmbd_nameregister.c index 71c4751..8b078e6 100644 --- a/source3/nmbd/nmbd_nameregister.c +++ b/source3/nmbd/nmbd_nameregister.c @@ -482,17 +482,77 @@ void register_name(struct subnet_record *subrec, { struct nmb_name nmbname; nstring nname; + size_t converted_size; errno = 0; - push_ascii_nstring(nname, name); -if (errno == E2BIG) { -
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5b9d192 s3: nmbd: Ensure the main nmbd process doesn't create zombies. via 7432a08 pthreadpool: Slightly serialize jobs via a163255 s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers. via 1dda86f lib: util: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler. from 6642684 s3: smb2cli: query info return length check was reversed. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5b9d192548eeb1ab87d2490a2437b1f268b10538 Author: Jeremy Allison j...@samba.org Date: Tue Sep 23 13:32:37 2014 -0700 s3: nmbd: Ensure the main nmbd process doesn't create zombies. Use the same mechanism as setup for smbd and winbindd. Fixes bug #10830 - nmbd can leave unreaped zombies. https://bugzilla.samba.org/show_bug.cgi?id=10830 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Oct 13 23:31:07 CEST 2014 on sn-devel-104 commit 7432a08575a48ed7f6bac5147d650660e991812d Author: Jeremy Allison j...@samba.org Date: Mon Aug 25 12:27:54 2014 -0700 pthreadpool: Slightly serialize jobs Using the new msg_source program with 1.500 instances against a single msg_sink I found the msg_source process to spawn two worker threads for synchronously sending the data towards the receiving socket. This should not happen: Per destination node we only create one queue. We strictly only add pthreadpool jobs one after the other, so a single helper thread should be perfectly sufficient. It turned out that under heavy overload the main sending thread was scheduled before the thread that just had finished its send() job. So the helper thread was not able to increment the pool-num_idle variable indicating that we don't have to create a new thread when the new job is added. This patch moves the signalling write under the mutex. This means that indicating readiness via the pipe and the pool-num_idle variable happen both under the same mutex lock and thus are atomic. No superfluous threads anymore. Back port of commit 1c4284c7395f23cefa61a407db74cf5067aee2aa that went into master. https://bugzilla.samba.org/show_bug.cgi?id=10779 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit a16325505a43b06044520bcc0307a3af10a0a768 Author: Jeremy Allison j...@samba.org Date: Tue Sep 23 14:51:18 2014 -0700 s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers. Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc. https://bugzilla.samba.org/show_bug.cgi?id=10831 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net commit 1dda86f32c9f1ad5c906a85596d062149693235e Author: Jeremy Allison j...@samba.org Date: Thu Oct 9 13:41:05 2014 -0700 lib: util: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler. Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc. https://bugzilla.samba.org/show_bug.cgi?id=10831 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net --- Summary of changes: lib/util/samba_util.h|4 ++-- lib/util/signal.c|8 source3/lib/pthreadpool/pthreadpool.c|6 +++--- source3/lib/smbrun.c | 18 ++ source3/nmbd/nmbd.c |3 +++ source3/rpc_server/samr/srv_samr_chgpasswd.c |9 + 6 files changed, 27 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h index c061721..3c1874f 100644 --- a/lib/util/samba_util.h +++ b/lib/util/samba_util.h @@ -104,12 +104,12 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int); /** Ignore SIGCLD via whatever means is necessary for this OS. **/ -void CatchChild(void); +void (*CatchChild(void))(int); /** Catch SIGCLD but leave the child around so it's status can be reaped. **/ -void CatchChildLeaveStatus(void); +void (*CatchChildLeaveStatus(void))(int); struct sockaddr; diff --git a/lib/util/signal.c b/lib/util/signal.c index ead947e..33a9900 100644 --- a/lib/util/signal.c +++ b/lib/util/signal.c @@ -129,16 +129,16 @@ void (*CatchSignal(int signum,void
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 6642684 s3: smb2cli: query info return length check was reversed. via c6493fc s3-libads: Add all machine account principals to the keytab. via bbf24d3 registry: Don't leave dangling transactions via f88c106 s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call via f42f4d0 s3: Move init_lsa_ref_domain_list to lib via 372f228 s3-libnet: Make sure we do not overwrite precreated SPNs. via f0b99bc s3-libnet: Add libnet_join_get_machine_spns(). via 4e2e567 s3-libads: Add function to search for an element in an array. via 1d16c07 s3-libads: Add a function to retrieve the SPNs of a computer account. from 29f42cb s3-libads: Improve service principle guessing. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 6642684cc01545e59613ee0845c1ee2dfffee478 Author: Jeremy Allison j...@samba.org Date: Wed Oct 1 14:20:10 2014 -0700 s3: smb2cli: query info return length check was reversed. Make it identical to the check in libcli/smb/smb2cli_ioctl.c https://bugzilla.samba.org/show_bug.cgi?id=10848 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan (metze) Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@suse.de Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Oct 2 04:42:26 CEST 2014 on sn-devel-104 (cherry picked from commit 6c05cd3e895831be7d9a68a51de2048d04c188a0) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Oct 9 23:25:47 CEST 2014 on sn-devel-104 commit c6493fcfb5a5d3a91f4b1b0134fef9e0f2754470 Author: Andreas Schneider a...@samba.org Date: Wed Sep 24 10:51:33 2014 +0200 s3-libads: Add all machine account principals to the keytab. This adds all SPNs defined in the DC for the computer account to the keytab using 'net ads keytab create -P'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Guenther Deschner g...@samba.org (cherry picked from commit 5d58b92f8fcbc509f4fe2bd3617bcaeada1806b6) commit bbf24d39b4c0ba81767bcdb67d5cd7c01604b16c Author: Volker Lendecke v...@samba.org Date: Wed Oct 8 15:39:28 2014 +0200 registry: Don't leave dangling transactions When a createkey fails due to access denied, we need to do a transaction_cancel. Otherwise the lock on the db will stay around. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Guenther Deschner g...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=10860 commit f88c10665e628eed0b03bcabef3216b32e1bc05b Author: Christof Schmitt c...@samba.org Date: Thu Sep 11 16:39:21 2014 -0700 s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call Create a new lsa_RefDomainList and populate it with the domain SID from the original query. That avoids the problem that for migrated objects, LookupSids returns the SID of the new domain, and combining that with the RID from the input results in an invalid SID. A better fix would be querying the RID of the user in the new domain, but the approach here at least avoids id mappings entries for invalid SIDs. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Sep 29 13:15:18 CEST 2014 on sn-devel-104 (cherry picked from commit 9c9216410faf707edc4ba05f2b715d45f7f51ca4) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10838 Invalid id mappings for users/groups migrated from another domain commit f42f4d0a197f73050fdabd663a6472d396a74b80 Author: Christof Schmitt c...@samba.org Date: Thu Sep 11 16:11:06 2014 -0700 s3: Move init_lsa_ref_domain_list to lib This will be used in the next patch in winbind. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 16594e7fc0a46249a48d0d0635de0c1050ecd340) commit 372f22891a654b7d99d9e98083b05955d5bc89be Author: Günther Deschner g...@samba.org Date: Fri Sep 26 03:35:43 2014 +0200 s3-libnet: Make sure we do not overwrite precreated SPNs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104 (cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e) commit f0b99bc57240bb8c65fcc6974353eed6cd740773 Author: Andreas Schneider a...@samba.org
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 29f42cb s3-libads: Improve service principle guessing. from cdc4cc3 nsswitch: Skip groups we were not able to map. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 29f42cbe6f2975bf2ba568e38a18b2256c59e218 Author: Andreas Schneider a...@samba.org Date: Tue Sep 23 14:09:41 2014 +0200 s3-libads: Improve service principle guessing. If the name passed to the net command with the -S options is the long hostname of the domaincontroller and not the 15 char NetBIOS name we should construct a FQDN with the realm to get a Kerberos ticket. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Guenther Deschner g...@samba.org (cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Sep 30 22:44:58 CEST 2014 on sn-devel-104 --- Summary of changes: source3/libads/sasl.c | 124 ++--- 1 files changed, 66 insertions(+), 58 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 33f4e24..1450ff1 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p) static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, char **returned_principal) { + ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY); char *princ = NULL; + TALLOC_CTX *frame; + char *server = NULL; + char *realm = NULL; + int rc; - if (ads-server.realm ads-server.ldap_server) { - char *server, *server_realm; - - server = SMB_STRDUP(ads-server.ldap_server); - server_realm = SMB_STRDUP(ads-server.realm); - - if (!server || !server_realm) { - SAFE_FREE(server); - SAFE_FREE(server_realm); - return ADS_ERROR(LDAP_NO_MEMORY); - } + frame = talloc_stackframe(); + if (frame == NULL) { + return ADS_ERROR(LDAP_NO_MEMORY); + } - if (!strlower_m(server)) { - SAFE_FREE(server); - SAFE_FREE(server_realm); - return ADS_ERROR(LDAP_NO_MEMORY); + if (ads-server.realm ads-server.ldap_server) { + server = strlower_talloc(frame, ads-server.ldap_server); + if (server == NULL) { + goto out; } - if (!strupper_m(server_realm)) { - SAFE_FREE(server); - SAFE_FREE(server_realm); - return ADS_ERROR(LDAP_NO_MEMORY); + realm = strupper_talloc(frame, ads-server.realm); + if (realm == NULL) { + goto out; } - if (asprintf(princ, ldap/%s@%s, server, server_realm) == -1) { - SAFE_FREE(server); - SAFE_FREE(server_realm); - return ADS_ERROR(LDAP_NO_MEMORY); - } + /* +* If we got a name which is bigger than a NetBIOS name, +* but isn't a FQDN, create one. +*/ + if (strlen(server) 15 strstr(server, .) == NULL) { + char *dnsdomain; - SAFE_FREE(server); - SAFE_FREE(server_realm); + dnsdomain = strlower_talloc(frame, ads-server.realm); + if (dnsdomain == NULL) { + goto out; + } - if (!princ) { - return ADS_ERROR(LDAP_NO_MEMORY); + server = talloc_asprintf(frame, +%s.%s, +server, dnsdomain); + if (server == NULL) { + goto out; + } } } else if (ads-config.realm ads-config.ldap_server_name) { - char *server, *server_realm; - - server = SMB_STRDUP(ads-config.ldap_server_name); - server_realm = SMB_STRDUP(ads-config.realm); - - if (!server || !server_realm) { - SAFE_FREE(server); - SAFE_FREE(server_realm); - return ADS_ERROR(LDAP_NO_MEMORY); + server = strlower_talloc(frame, ads-config.ldap_server_name); +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via cdc4cc3 nsswitch: Skip groups we were not able to map. from 42cc79d docs: mention incompatibility between kernel oplocks and streams_xattr http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit cdc4cc329af427f0e921a826c9a3b8162d13550d Author: Andreas Schneider a...@samba.org Date: Fri Sep 19 13:33:10 2014 +0200 nsswitch: Skip groups we were not able to map. If we have configured the idmap_ad backend it is possible that the user is in a group without a gid set. This will result in (uid_t)-1 as the gid. We return this invalid gid to NSS which is wrong. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104 (cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e) Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 29 22:07:06 CEST 2014 on sn-devel-104 --- Summary of changes: nsswitch/winbind_nss_linux.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index 8d66a74..70ede3e 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, continue; } + /* Skip groups without a mapping */ + if (gid_list[i] == (uid_t)-1) { + continue; + } + /* Filled buffer ? If so, resize. */ if (*start == *size) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 7dbddb7 VERSION: Bump version number up to 4.0.23... via f6fd102 VERSION: Disable git snapshots for the 4.0.22 release. via 5abb3ca WHATSNEW: Add release notes for Samba 4.0.22. from a48e472 selftest: Fix selftest where pid is used uninitialized. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7dbddb7652a18c888b2cda88cd398ea4bb05ffe4 Author: Karolin Seeger ksee...@samba.org Date: Sat Sep 13 15:48:43 2014 +0200 VERSION: Bump version number up to 4.0.23... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit f6fd10202cc6d67e0c1324c858cea23372a6cacd Author: Karolin Seeger ksee...@samba.org Date: Sat Sep 13 15:48:07 2014 +0200 VERSION: Disable git snapshots for the 4.0.22 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit 5abb3cab6965a6e63e186401a9db4337df4fc15d Author: Karolin Seeger ksee...@samba.org Date: Sat Sep 13 15:47:13 2014 +0200 WHATSNEW: Add release notes for Samba 4.0.22. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 115 +- 2 files changed, 114 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9299b98..58717fc 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=22 +SAMBA_VERSION_RELEASE=23 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 58e3986..9201406 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,115 @@ == + Release Notes for Samba 4.0.22 + September 15, 2014 + == + + +This is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.22 include: + +o New parameter winbind request timeout has been added (bug #3204). Please + see smb.conf man page for details. + + +Changes since 4.1.21: +- + +o Michael Adam ob...@samba.org +* BUG 10369: build: Fix configure to honour '--without-dmapi'. + + +o Jeremy Allison j...@samba.org +* BUG 3204: s3: winbindd: On new client connect, prune idle or hung + connections older than winbind request timeout. Add new parameter + winbind request timeout. +* BUG 10640: lib: tevent: make TEVENT_SIG_INCREMENT atomic. +* BUG 10650: Make case sensitive = True option working with + max protocol = SMB2 or higher in large directories. +* BUG 10728: 'net time': Fix usage and core dump. +* BUG 10773: s3: smbd: POSIX ACLs. Remove incorrect check for + SECINFO_PROTECTED_DACL in incoming security_information flags in + posix_get_nt_acl_common(). +* BUG 10794: vfs_dirsort: Fix an off-by-one error that can + cause uninitialized memory read. + + +o Björn Baumbach b...@sernet.de +* BUG 10543: s3: Enforce a positive allocation_file_size for non-empty + files. + + +o David Disseldorp dd...@samba.org +* BUG 10652: Samba 4 consuming a lot of CPU when re-reading printcap info. +* BUG 10787: dosmode: Fix FSCTL_SET_SPARSE request validation. + + +o Amitay Isaacs ami...@gmail.com +* BUG 10742: s4-rpc: dnsserver: Allow . to be specified for @ record. + + +o Daniel Kobras d.kob...@science-computing.de +* BUG 10731: sys_poll_intr: Fix timeout arithmetic. + + +o Ross Lagerwall rosslagerw...@gmail.com +* BUG 10778: s3:libsmb: Set a max charge for SMB2 connections. + + +o Volker Lendecke v...@samba.org +* BUG 10758: lib: Remove unused nstrcpy. +* BUG 10782: smbd: Properly initialize mangle_hash. + + +o Stefan Metzmacher me...@samba.org +* BUG 10773: libcli/security: Add better detection of + SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(). + + +o Marc Muehlfeld mmuehlf...@samba.org +* BUG 10761: docs: Fix typos in smb.conf (inherit acls). + + +o Shirish Pargaonkar spargaon...@suse.com +* BUG 10755: samba: Retain case sensitivity of cifs client. + + +o Arvid Requate requ...@univention.de +* BUG 9570: passdb: Fix NT_STATUS_NO_SUCH_GROUP. + + +o Har Gagan Sahai sharga...@novell.com +* BUG 10759: Fix a memory leak in cli_set_mntpoint(). + + +o Roel van Meer r...@1afa.com +* BUG 10777: Don't discard result of checking grouptype. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a48e472 selftest: Fix selftest where pid is used uninitialized. via 836d1ec s3: smbd: vfs_dirsort module. from d14c83e s3: winbindd: On new client connect, prune idle or hung connections older than winbind request timeout http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a48e4729be5017a6c0f876f56ac9f0a7754abe83 Author: Andreas Schneider a...@samba.org Date: Thu Sep 4 12:55:53 2014 +0200 selftest: Fix selftest where pid is used uninitialized. On my system this gets evaluated to 0 so in the end we detect samba to be running cause $childpid is set to 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10793 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Sep 4 17:09:17 CEST 2014 on sn-devel-104 (cherry picked from commit 6d2f56dbaf84203b351f33179cc3feaf557e0683) Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Sep 11 22:02:42 CEST 2014 on sn-devel-104 commit 836d1eca08ae7e029586e5707640ff346c8e3934 Author: Jeremy Allison j...@samba.org Date: Wed Sep 3 07:54:51 2014 -0700 s3: smbd: vfs_dirsort module. Fix an off-by-one check that would cause seekdir to seek off the end of the cached array. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ronnie Sahlberg ronniesahlberg.gmail.com Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Sep 3 19:59:54 CEST 2014 on sn-devel-104 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10794 vfs_dirsort has an off-by-one error that can cause uninitialized memory read --- Summary of changes: selftest/target/Samba.pm |7 ++- source3/modules/vfs_dirsort.c |2 +- 2 files changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index d811053..5f18a47 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -186,7 +186,12 @@ sub get_interface($) sub cleanup_child($$) { my ($pid, $name) = @_; -my $childpid = waitpid($pid, WNOHANG); +my $childpid = -1; + +if (defined($pid)) { +$childpid = waitpid($pid, WNOHANG); +} + if ($childpid == 0) { } elsif ($childpid 0) { printf STDERR %s child process %d isn't here any more\n, diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c index 72b46c9..1d46e43 100644 --- a/source3/modules/vfs_dirsort.c +++ b/source3/modules/vfs_dirsort.c @@ -261,7 +261,7 @@ static void dirsort_seekdir(vfs_handle_struct *handle, DIR *dirp, if (data == NULL) { return; } - if (offset data-number_of_entries) { + if (offset = data-number_of_entries) { return; } data-pos = offset; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via d14c83e s3: winbindd: On new client connect, prune idle or hung connections older than winbind request timeout via 36f55df s3: winbindd: Add new parameter winbind request timeout set to 60 seconds with man page. via bd576b8 dosmode: fix FSCTL_SET_SPARSE request validation via 9a1a13a smbd: Properly initialize mangle_hash via 77e7db9 Don't discard result of checking grouptype via 691fe9a docs: Fix typos in smb.conf (inherit acls) via 851b93d samba: Retain case sensitivity of cifs client via 2eb6bbd printing: reload printer shares on OpenPrinter via 668127f smbd: split printer reload processing via 051cd1d server: remove duplicate snum_is_shared_printer() via 1a2a342 smbd: only reprocess printer_list.tdb if it changed via 918f7db printing: return last change time with pcap_cache_loaded() via a4b2289 printing: remove pcap_cache_add() via bad147d printing: reload printer_list.tdb from in memory list via a97c2db printing: only reload printer shares on client enum via c82338f printing: traverse_read the printer list for share updates via d3fb60a s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share. via 8a2f945 s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start. via 9977aa9 s3: enforce a positive allocation_file_size for non-empty files (bug #10543) via 7ff8102 passdb: fix NT_STATUS_NO_SUCH_GROUP via 8c97d9a s3:libsmb: Set a max charge for SMB2 connections via cad42ef s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(). via 9fadcf3 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info() via c0ddfc1 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS via 04916e0 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS via 6db4a91 Fixed a memory leak in cli_set_mntpoint(). via 624a52f lib: Remove unused nstrcpy via 796afb4 build: fix configure to honour --without-dmapi from 473ccb5 tests: dnsserver: Add a update test with name set to '.' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit d14c83e072045cd2f638c4e4484a9f2ea71b9460 Author: Jeremy Allison j...@samba.org Date: Fri Jul 25 12:46:46 2014 -0700 s3: winbindd: On new client connect, prune idle or hung connections older than winbind request timeout Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ira Cooper i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jul 29 23:31:14 CEST 2014 on sn-devel-104 (cherry picked from commit f9588675ea3cb2f1fabd07a4ea8b2138d65aee83) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Sep 2 22:45:38 CEST 2014 on sn-devel-104 commit 36f55df047e58e79b22ff46fcfcf2758ab58e9b6 Author: Jeremy Allison j...@samba.org Date: Tue Jul 29 14:53:11 2014 -0700 s3: winbindd: Add new parameter winbind request timeout set to 60 seconds with man page. This parameter specifies the number of seconds the winbindd daemon will wait before disconnecting either a client connection with no outstanding requests (idle) or a client connection with a request that has remained outstanding (hung) for longer than this number of seconds. Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ira Cooper i...@samba.org commit bd576b832248f07d66f5921d3d2eedef7602d856 Author: David Disseldorp dd...@samba.org Date: Wed Aug 27 15:42:00 2014 +0200 dosmode: fix FSCTL_SET_SPARSE request validation Check that FSCTL_SET_SPARSE requests does not refer to directories. Also reject such requests when issued over IPC or printer share connections. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10787 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Aug 28 04:22:37 CEST 2014 on sn-devel-104 (cherry picked from commit 0751495b1327d002b79482632b7c590cae6e3f9d) commit 9a1a13ab5712fa021fdbce75a12c2bc47af24568 Author: Volker Lendecke v...@samba.org Date: Tue Aug 19 14:32:15 2014 + smbd: Properly initialize
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 473ccb5 tests: dnsserver: Add a update test with name set to '.' via e61ee11 s4-rpc: dnsserver: Allow . to be specified for @ record via 8dbf363 s3: net time - fix usage and core dump. via 2cac0df s3: xml-docs. Ensure users of 'net time' know the remote server must be specified with -S. via fb49656 sys_poll_intr: fix timeout arithmetic via 6030045 lib: tevent: make TEVENT_SIG_INCREMENT atomic. from 03e9c64 VERSION: Bump version up to 4.0.22. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 473ccb5da6fd565292b66d0af9e1b2076b5400eb Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 28 18:09:37 2014 +1000 tests: dnsserver: Add a update test with name set to '.' Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jul 29 19:33:19 CEST 2014 on sn-devel-104 (cherry picked from commit 6d104182d9667e4f996439d24cfa052f34098ce4) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742 samba-tool dns add 172.31.9.161 s4xdom.base . NS mydns.org. = NO_MEMORY Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Aug 21 18:59:16 CEST 2014 on sn-devel-104 commit e61ee11fb5c1bc97d5da681bfb10582b9b3c504f Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 28 13:07:58 2014 +1000 s4-rpc: dnsserver: Allow . to be specified for @ record Windows allow both . and @ to be specified with modifying @ record. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742 Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 4b4e30b780345c74f9983ba77f04c616b3d034b7) commit 8dbf3636b54a70aac2c1de6cff14ed2c7471049d Author: Jeremy Allison j...@samba.org Date: Tue Jul 29 14:12:31 2014 -0700 s3: net time - fix usage and core dump. Bug 10728 - 'net time system' segfaults https://bugzilla.samba.org/show_bug.cgi?id=10728 Signed-off-by: Jeremy Allison j...@samba.org commit 2cac0df3c3e73d3d6a32e034f9e8e47d8c4561df Author: Jeremy Allison j...@samba.org Date: Tue Jul 29 12:29:37 2014 -0700 s3: xml-docs. Ensure users of 'net time' know the remote server must be specified with -S. Bug 10728 - 'net time system' segfaults https://bugzilla.samba.org/show_bug.cgi?id=10728 Signed-off-by: Jeremy Allison j...@samba.org commit fb496563b051757632bc2cb9bee8d08a93d3c903 Author: Daniel Kobras d.kob...@science-computing.de Date: Mon Jul 21 10:47:53 2014 +0200 sys_poll_intr: fix timeout arithmetic Callers of sys_poll_intr() assume timeout to be in milliseconds like poll(2) expects, but implementation used nanosecond units. Also make sure timeout doesn't become infinite by mistake during time arithmetic. Signed-off-by: Daniel Kobras d.kob...@science-computing.de Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=10731 Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jul 22 00:12:24 CEST 2014 on sn-devel-104 commit 60300459fe49a28bc151d9ae77c8fb1d388e25e1 Author: Jeremy Allison j...@samba.org Date: Wed Jul 30 09:58:47 2014 -0700 lib: tevent: make TEVENT_SIG_INCREMENT atomic. On arm platforms incrementing a variable is not an atomic operation, so may be interrupted by signal processing (if a signal interrupts another signal handler). Use compiler built-ins to make this atomic. __sync_fetch_and_add() works on gcc, llvm, IBM xlC on AIX, and Intel icc (10.1 and above). atomic_add_32() works on Oracle Solaris. Based on an inital patch from ka...@osstech.co.jp. Bug #10640 - smbd is not responding - tevent_common_signal_handler() increments non-atomic variables https://bugzilla.samba.org/show_bug.cgi?id=10640 Back-ported from master 536c799f00d7bdd6a574b6bdbc0e9c742eeef8b5 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de --- Summary of changes: docs-xml/manpages/net.8.xml | 15 ++-- lib/replace/replace.h |5 +++ lib/replace/wscript | 25 ++ lib/tevent/tevent_signal.c |6 +++ lib/util/select.c | 14 +++- python/samba/tests/dcerpc/dnsserver.py | 41 ++-
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 03e9c64 VERSION: Bump version up to 4.0.22. via 13ccfd2 Merge tag 'samba-4.0.21' into v4-0-test via 2ec2bd6 VERSION: Disable git snapshots for the 4.0.21 release. via 170540b WHATSNEW: Add release notes for Samba 4.0.21. via fb1d325 fix unstrcpy via 97fa00c VERSION: Bump version number up to 4.0.21... from 00fe8eb VERSION: Bump version number up to 4.0.21... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 03e9c64e219729cad41c7488aa08fbc9a26ce09c Author: Karolin Seeger ksee...@samba.org Date: Fri Aug 1 13:16:31 2014 +0200 VERSION: Bump version up to 4.0.22. Signed-off-by: Karolin Seeger ksee...@samba.org commit 13ccfd24ffb7db7e5f3405b2050378085ba59ab9 Merge: 00fe8eb4c86c4c1c4a2fbedb07e6813cb9002487 2ec2bd60863a80367be9c8b11e080ac718056796 Author: Karolin Seeger ksee...@samba.org Date: Fri Aug 1 13:14:43 2014 +0200 Merge tag 'samba-4.0.21' into v4-0-test samba: tag release samba-4.0.21 --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 53 ++- lib/util/string_wrappers.h |2 +- 3 files changed, 53 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 24882cb..9299b98 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=21 +SAMBA_VERSION_RELEASE=22 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 49640f6..58e3986 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ == + Release Notes for Samba 4.0.21 + August 1, 2014 + == + + +This is a security release in order to address +CVE-2014-3560 (Remote code execution in nmbd). + +o CVE-2014-3560: + Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on + unauthenticated nmbd NetBIOS name services. + + A malicious browser can send packets that may overwrite the heap of + the target nmbd NetBIOS name services daemon. It may be possible to + use this to generate a remote code execution vulnerability as the + superuser (root). + + +Changes since 4.1.20: +- + +o Volker Lendecke v...@samba.org +* BUG 10735: CVE-2014-3560: Fix unstrcpy macro length. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.0.20 July 30, 2014 == @@ -72,8 +121,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 4.0.19 diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h index 5f9d568..243fafc 100644 --- a/lib/util/string_wrappers.h +++ b/lib/util/string_wrappers.h @@ -51,7 +51,7 @@ do { \ #define unstrcpy(d,s) \ do { \ const char *_unstrcpy_src = (const char *)(s); \ - strlcpy((d),_unstrcpy_src ? _unstrcpy_src : ,sizeof(fstring)); \ + strlcpy((d),_unstrcpy_src ? _unstrcpy_src : ,sizeof(unstring)); \ } while (0) #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 00fe8eb VERSION: Bump version number up to 4.0.21... via 40001e9 VERSION: Disable git snapshots for the 4.0.20 release. via c0a48a5 WHATSNEW: Add release notes for Samba 4.0.20. from 00b7b14 ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 00fe8eb4c86c4c1c4a2fbedb07e6813cb9002487 Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 28 21:09:15 2014 +0200 VERSION: Bump version number up to 4.0.21... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 40001e9770453a219a5f5bf888cd3a205514d93b Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 28 21:08:21 2014 +0200 VERSION: Disable git snapshots for the 4.0.20 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit c0a48a5e522921de68cd927b90ed9d8d9b38504b Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 28 21:07:19 2014 +0200 WHATSNEW: Add release notes for Samba 4.0.20. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 81 - 2 files changed, 80 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index f734b46..24882cb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=20 +SAMBA_VERSION_RELEASE=21 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 813fca9..49640f6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,81 @@ == + Release Notes for Samba 4.0.20 + July 30, 2014 + == + + +This is the latest stable release of the Samba 4.0 release series. + + +Changes since 4.0.19: +- + +o Jeremy Allison j...@samba.org +* BUG 3124: s3: smb2: Fix 'xcopy /d' with samba shares. +* BUG 10653: Samba won't start on a machine configured with only IPv4. +* BUG 10673: s3: SMB2: Fix leak of blocking lock records in the database. +* BUG 10684: SMB1 blocking locks can fail notification on unlock, causing + client timeout. +* BUG 10685: s3: smbd: Locking, fix off-by one calculation in + brl_pending_overlap(). +* BUG 10692: wbcCredentialCache fails if challenge_blob is not first. + + +o Andrew Bartlett abart...@samba.org +* BUG 10627: rid_array used before status checked - segmentation fault due + to null pointer dereference. + + +o David Disseldorp dd...@samba.org +* BUG 10612: printing: Fix purge of all print jobs. + + +o Björn Jacke b...@sernet.de +* BUG 3263: net/doc: Make clear that net vampire is for NT4 domains only. +* BUG 10657: autobuild: Delete $NSS_MODULES in make clean. + + +o Volker Lendecke v...@samba.org +* BUG 10663: msg_channel: Fix a 100% CPU loop. +* BUG 10680: smbstatus: Fix an uninitialized variable. +* BUG 10687: 'RW2' smbtorture test fails when -N numprocs is set to 2 due + to the invalid status check in the second client. +* BUG 10699: smbd: Avoid double-free in get_print_db_byname. + + +o Stefan Metzmacher me...@samba.org +* BUG 10469: ldb-samba: fix a memory leak in + ldif_canonicalise_objectCategory(). +* BUG 10692: wbcCredentialCache fails if challenge_blob is not first. +* BUG 10696: Backport autobuild/selftest fixes from master. +* BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like + send_file_readX(). + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + ==
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 00b7b14 ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() via 690012e s3: SMB2 : Fix leak of blocking lock records in the database. via 0a7cda5 s3: smb2: Simplify logic in reprocess_blocked_smb2_lock(). via 4e3414d s3: smb2: Remove unused code from remove_pending_lock(). from 7ff37ef selftest: teardown the environments also on getting SIGPIPE http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 00b7b14ac5472c0d981ba9ab6118c02e30a2949c Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 16 16:17:56 2014 +0200 ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory() Searches for '(objectCategory=Person)' will leak a ldb_dn structure on the ldb_context. These searches are typically used by Zarafa. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10469 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jul 17 00:51:57 CEST 2014 on sn-devel-104 (cherry picked from commit 8d33cddcb001a5a78aca036161d6223268274211) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Jul 17 23:07:24 CEST 2014 on sn-devel-104 commit 690012edb6cd0098ae76ddf461dce3c85731ff09 Author: Jeremy Allison j...@samba.org Date: Thu Jun 26 12:08:46 2014 -0700 s3: SMB2 : Fix leak of blocking lock records in the database. Based on a fix from Hemanth Thummala hemanth.thumm...@gmail.com Bug #10673 - Increasing response times for byte range unlock requests. The previous refactoring makes it obvious we need to call remove_pending_lock() in all places where we are returning from the SMB2 blocking lock call. https://bugzilla.samba.org/show_bug.cgi?id=10673 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ira Cooper i...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Jun 30 14:59:16 CEST 2014 on sn-devel-104 (cherry picked from commit cee1531e551e5ccd5ccd4a55de226ad686919486) commit 0a7cda5e8c3698d348d30571f590d2fb039b16fe Author: Jeremy Allison j...@samba.org Date: Thu Jun 26 12:01:56 2014 -0700 s3: smb2: Simplify logic in reprocess_blocked_smb2_lock(). SMB2 blocking locks can only have one lock per request, so there can never be any other locks to wait for. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ira Cooper i...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 1a02a1e6aa15c028a848585d66cecbbdda8015b3) commit 4e3414d7e5d9f04875b6928857bc947a7b96e9dc Author: Jeremy Allison j...@samba.org Date: Wed Jun 25 17:10:45 2014 -0700 s3: smb2: Remove unused code from remove_pending_lock(). SMB2 blocking locks can only have one lock per request, so there can never be any previous locks to remove. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Ira Cooper i...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 508c09c6a019458bb0290fbf284e73c24feddb0e) --- Summary of changes: lib/ldb-samba/ldif_handlers.c |7 +++- source3/smbd/smb2_lock.c | 69 +++- 2 files changed, 32 insertions(+), 44 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index c7385f6..93cce29 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -483,8 +483,13 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in-data, in-length); sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName); if (sclass) { - struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, + struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb, sclass-defaultObjectCategory); + if (dn == NULL) { + talloc_free(tmp_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + *out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn)); talloc_free(tmp_ctx); diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c index 2ee7afa..52698f3 100644 --- a/source3/smbd/smb2_lock.c +++ b/source3/smbd/smb2_lock.c @@ -664,19 +664,6 @@ static void
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 7ff37ef selftest: teardown the environments also on getting SIGPIPE via fac9504 libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache() via f484138 s3: libwbclient: Don't break out of loop too soon - find all parameters. via 375c351 s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX() from cfbd1da torture4: Make raw.lock.multilock fail after 20 seconds http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7ff37efe2d268b6b1d438f80d0f5b73f437348ac Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 10 14:28:56 2014 +0200 selftest: teardown the environments also on getting SIGPIPE make test uses selftest.pl | subuntu-filter.py ... FAIL_IMMEDIATELY=1 lets subuntu-filter.py exit, which generates SIGPIPE in selftest.pl. We should handle this just like any other signal and teardown all environments. This should make the teardown process more reliable/verbose. Pair-Programmed-With: Michael Adam ob...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Michael Adam ob...@samba.org (cherry picked from commit b2803950fc439017680069813fc49255a3f0cbbf) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10696 backport autobuild/selftest fixes from master Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jul 15 14:34:31 CEST 2014 on sn-devel-104 commit fac95046b5eeebf740284dbf1c673ad3188df8d9 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 10 05:28:36 2014 +0200 libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit f484138ba90924e4e0ef24d201f903abaee709d1 Author: Jeremy Allison j...@samba.org Date: Tue Jul 8 16:36:30 2014 -0700 s3: libwbclient: Don't break out of loop too soon - find all parameters. Fix bug #10692: wbcCredentialCache fails if challenge_blob is not first https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Jeremy Allison j...@samba.org commit 375c351dbe1a89f804c55d003cc17d67afd62ba9 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 10 21:08:06 2014 +0200 s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX() We now pass the header to SMB_VFS_SENDFILE(), so we have to handle that also in the fallback code. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10706 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Jul 11 22:57:17 CEST 2014 on sn-devel-104 (cherry picked from commit 7c5ea400ad1f280f5c338c31a0a893154340fdb3) --- Summary of changes: nsswitch/libwbclient/wbc_pam.c | 30 +++-- selftest/selftest.pl | 25 +-- source3/smbd/smb2_read.c | 69 ++- 3 files changed, 87 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index f183cc6..ae70d67 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -1208,6 +1208,25 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, goto fail; } + for (i=0; iparams-num_blobs; i++) { + if (strcasecmp(params-blobs[i].name, initial_blob) == 0) { + if (initial_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + initial_blob = params-blobs[i]; + continue; + } + if (strcasecmp(params-blobs[i].name, challenge_blob) == 0) { + if (challenge_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + challenge_blob = params-blobs[i]; + continue; + } + } + if (params-domain_name != NULL) { status = wbcRequestResponse(WINBINDD_INFO, NULL, response); if (!WBC_ERROR_IS_OK(status)) { @@ -1225,17 +1244,6 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, } request.data.ccache_ntlm_auth.uid = getuid(); - for (i=0; iparams-num_blobs; i++) { - if
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via cfbd1da torture4: Make raw.lock.multilock fail after 20 seconds via d06fad8 torture4: Adapt comment to code via 90ca1fd s4: smbtorture: Add multi-lock test. Regression test for bug #10684. via 6207d7f s3: smbd: Locking - re-add pending lock records if we fail to acquire a lock (and the lock hasn't timed out). via b1be3eb s3: smbd: Locking - treat lock timeout the same as any other error. via 9df5a51 s3: smbd: Locking - add and use utility function lock_timed_out(). via 18fc716 s3: smbd: Locking - convert to using utility macro used elsewhere. via f0cf96d net/doc: make clear that net vampire is for NT4 domains only via 09e777f selftest/subunithelper.py: correctly pass testsuite-uxsuccess to end_testsuite() via c9a2f59 selftest/subunithelper.py: correctly handle fail_immediately in end_testsuite of FilterOps via eef4181 selftest/subunithelper.py: correctly handle unexpected success in FilterOps via 78b755d script/autobuild: use --force-rebase option from a064b7c torture3: Fix bug 10687 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit cfbd1da69faceb75eb67bca0398f4fa1fb97941c Author: Volker Lendecke v...@samba.org Date: Thu Jul 3 10:05:55 2014 + torture4: Make raw.lock.multilock fail after 20 seconds Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Jul 4 00:04:10 CEST 2014 on sn-devel-104 (cherry picked from commit 0c97b7eb5359b95c0d51a3b5524e82e34243d2d1) The last 7 patches address bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Jul 13 23:35:54 CEST 2014 on sn-devel-104 commit d06fad8bb8cd2e24eeb7cff48da2ed1c287bcafa Author: Volker Lendecke v...@samba.org Date: Thu Jul 3 10:05:39 2014 + torture4: Adapt comment to code Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 4205463ef1815d6e86e1d1f1f57651ca30407469) commit 90ca1fd13a3e1ee538502ffeac4a33033859d45b Author: Jeremy Allison j...@samba.org Date: Tue Jul 1 12:05:07 2014 -0700 s4: smbtorture: Add multi-lock test. Regression test for bug #10684. Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. https://bugzilla.samba.org/show_bug.cgi?id=10684 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de (cherry picked from commit 64346a134dac2bd023f7473202ca38d35ffd3c89) commit 6207d7f17c5d8d2c32e096d7383770f147d1776a Author: Jeremy Allison j...@samba.org Date: Wed Jul 2 20:51:24 2014 -0700 s3: smbd: Locking - re-add pending lock records if we fail to acquire a lock (and the lock hasn't timed out). Keep the blocking lock record and the pending lock records consistent if we are dealing with multiple blocking lock requests in one SMB1 LockingX request. Ensure we re-add the records under the record lock, to avoid race conditions. Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. https://bugzilla.samba.org/show_bug.cgi?id=10684 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de (cherry picked from commit 954401f8b2b16b3e2ef9655e8ce94d657becce36) commit b1be3eb040647e756eef4722d39e6d32e0f90c5f Author: Jeremy Allison j...@samba.org Date: Wed Jul 2 20:40:49 2014 -0700 s3: smbd: Locking - treat lock timeout the same as any other error. Allows the special case in process_blocking_lock_queue() that talks back to the client to be removed. Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. https://bugzilla.samba.org/show_bug.cgi?id=10684 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de (cherry picked from commit cc9de6eb091159a84228b988c49261c46c301233) commit 9df5a516d3f11da70506695c4a50b57e92824328 Author: Jeremy Allison j...@samba.org Date: Wed Jul 2 20:18:42 2014 -0700 s3: smbd: Locking - add and use utility function lock_timed_out(). Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout. https://bugzilla.samba.org/show_bug.cgi?id=10684 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke volker.lende...@sernet.de (cherry picked from commit 12be57ef3b2d1b670be7a83f29cd580938030015)
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a064b7c torture3: Fix bug 10687 via 4448c2e smbd: Avoid double-free in get_print_db_byname via a4622ad s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(). via 2d1dd83 smbstatus: Fix an uninitialized variable from 039297d s3:winbindd - fix bad bugfix for bug #10280 - winbind panic if AD server is down. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a064b7c732f502a60e1db598238a82aef44817ee Author: Volker Lendecke v...@samba.org Date: Wed Jul 2 14:27:52 2014 + torture3: Fix bug 10687 'RW2' smbtorture test fails when -N numprocs is set to 2 due to the invalid status check in the second client. Signed-off-by: Volker Lendecke v...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jul 11 12:02:38 CEST 2014 on sn-devel-104 commit 4448c2efb4149b94ccf0a21a6dd7bd5482f7ff18 Author: Volker Lendecke v...@samba.org Date: Tue Jul 8 14:30:54 2014 +0200 smbd: Avoid double-free in get_print_db_byname Signed-off-by: Volker Lendecke v...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=10699 commit a4622adc5caeb80a91580d4c1193385cf2f33943 Author: Jeremy Allison j...@samba.org Date: Tue Jul 1 13:30:50 2014 -0700 s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(). Consider: lock = start=110,size=10 pend_lock = 100, size=10 Should not overlap. However, (lock-start = pend_lock-start + pend_lock-size) 110 10010 is true, so it returns true (overlap). lock-start = pend_lock-start + pend_lock-size should be: lock-start pend_lock-start + pend_lock-size https://bugzilla.samba.org/show_bug.cgi?id=10685 Signed-off-by: Jeremy Allison j...@samba.org commit 2d1dd83e9ec4333f6d68a471850079a8da8a90d5 Author: Volker Lendecke v...@samba.org Date: Sun Jun 29 08:56:03 2014 + smbstatus: Fix an uninitialized variable We only print valid share mode entries, stale ones don't count. In traverse, let the callback decide about staleness. https://bugzilla.samba.org/show_bug.cgi?id=10680 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 9f2e90754bcb7bf5f7159d07f0bc5fe754e71bf5) --- Summary of changes: source3/locking/brlock.c |2 +- source3/locking/share_mode_lock.c |1 + source3/printing/printing_db.c|4 ++-- source3/torture/torture.c |2 +- 4 files changed, 5 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index 1a912c7..c73b7c2 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -229,7 +229,7 @@ static bool brl_pending_overlap(const struct lock_struct *lock, const struct loc { if ((lock-start = pend_lock-start) (lock-start + lock-size pend_lock-start)) return True; - if ((lock-start = pend_lock-start) (lock-start = pend_lock-start + pend_lock-size)) + if ((lock-start = pend_lock-start) (lock-start pend_lock-start + pend_lock-size)) return True; return False; } diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c index 6782f59..d9076db 100644 --- a/source3/locking/share_mode_lock.c +++ b/source3/locking/share_mode_lock.c @@ -487,6 +487,7 @@ static int traverse_fn(struct db_record *rec, void *_state) return 0; } for (i=0; id-num_share_modes; i++) { + d-share_modes[i].stale = false; /* [skip] in idl */ state-fn(d-share_modes[i], d-servicepath, d-base_name, state-private_data); diff --git a/source3/printing/printing_db.c b/source3/printing/printing_db.c index ecb8ff6..b721317 100644 --- a/source3/printing/printing_db.c +++ b/source3/printing/printing_db.c @@ -65,9 +65,9 @@ struct tdb_print_db *get_print_db_byname(const char *printername) if (p-ref_count) continue; if (p-tdb) { - if (tdb_close(print_db_head-tdb)) { + if (tdb_close(p-tdb)) { DEBUG(0,(get_print_db: Failed to close tdb for printer %s\n, - print_db_head-printer_name )); + p-printer_name )); return NULL; }
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 039297d s3:winbindd - fix bad bugfix for bug #10280 - winbind panic if AD server is down. from 34e7133 s3/s4: smbd, rpc, ldap, cldap, kdc services. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 039297dad9724cf5924d83a43cd8b4661cdf8a8b Author: Jeremy Allison j...@samba.org Date: Tue Jul 1 20:27:11 2014 -0700 s3:winbindd - fix bad bugfix for bug #10280 - winbind panic if AD server is down. Previous bug fix reversed the sense of the test for out of memory. https://bugzilla.samba.org/show_bug.cgi?id=10280 Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Jul 7 12:37:48 CEST 2014 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_cache.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 860526b..050ec6c 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -2121,14 +2121,14 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, have_mapped = have_unmapped = false; *names = talloc_array(mem_ctx, char *, num_rids); - if (*names != NULL) { + if (*names == NULL) { result = NT_STATUS_NO_MEMORY; goto error; } *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids); - if (*types != NULL) { + if (*types == NULL) { result = NT_STATUS_NO_MEMORY; goto error; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 989e320 winbindd: Ensure we do not look at rid_array before checking if it was returned from cd90613 printing: fix purge of all print jobs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 989e320e23085f862571492933179726e9c5af1d Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 28 16:30:28 2014 +1300 winbindd: Ensure we do not look at rid_array before checking if it was returned We no longer return early if there are no members, we just return an empty array. Fixes bug #10627 - rid_array used before status checked - segmentation fault due to null pointer dereference https://bugzilla.samba.org/show_bug.cgi?id=10627 Change-Id: I7b0949e0c0b9277426a8007514a8658615f6c709 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jun 11 11:40:38 CEST 2014 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_rpc.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 0986d82..148683f 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -580,8 +580,6 @@ NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx, user_policy, rid_array, result); - num_groups = rid_array-count; - { NTSTATUS _result; dcerpc_samr_Close(b, mem_ctx, user_policy, _result); @@ -590,10 +588,12 @@ NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { return status; } - if (!NT_STATUS_IS_OK(result) || num_groups == 0) { + if (!NT_STATUS_IS_OK(result)) { return result; } + num_groups = rid_array-count; + user_grpsids = talloc_array(mem_ctx, struct dom_sid, num_groups); if (user_grpsids == NULL) { status = NT_STATUS_NO_MEMORY; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via cd90613 printing: fix purge of all print jobs via 74e6cd6 s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec. via 375d445 s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec. from 1f70ad9 VERSION: Bump version number up to 4.0.19... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit cd9061305bf110eb7da8557c982f95424014f81c Author: David Disseldorp dd...@samba.org Date: Wed May 21 21:55:58 2014 +0200 printing: fix purge of all print jobs The incorrect (system) jobid is currently passed to the job deletion function. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10612 Reported-by: Franz Pförtsch franz.pfoert...@brose.com Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit efb4684a3fc0b32a71eab013000f730e6b144a67) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jun 3 10:53:33 CEST 2014 on sn-devel-104 commit 74e6cd6462d05420c56c7d4ddce195b6a61197b0 Author: Jeremy Allison j...@samba.org Date: Wed May 21 11:57:16 2014 -0700 s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec. put_long_date_timespec() correctly calls round_timespec() on the time parameters, and is the correct function to use when writing *any* file-based NTTIME on the wire. Move from using NTTIME variables internally in the server to struct timespec variables, which is what all the other server code uses. Only map to NTTIME as the last step of marshalling the output data. The previous SMB2 create code missed the round_timespec() call before marshalling. Bug 3124 - xcopy /d with samba shares works not as aspected https://bugzilla.samba.org/show_bug.cgi?id=3124 which is a regression from a long-ago bug with SMB1. Signed-off-by: Jeremy Allison j...@samba.org commit 375d445b06e5fc9779819e482052db6192e49768 Author: Jeremy Allison j...@samba.org Date: Wed May 21 11:31:44 2014 -0700 s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec. put_long_date_timespec() correctly calls round_timespec() on the time parameters, and is the correct function to use when writing *any* file-based NTTIME on the wire. The smb2_close() code being modified already did this by hand, and so this doesn't change any of the functionality, only makes the SMB2 code match all of the other server code in Samba. Move from using NTTIME variables internally in the server to struct timespec variables, which is what all the other server code uses. Only map to NTTIME as the last step of marshalling the output data. Not following the put_long_date_timespec() convention in the SMB2 create code caused the round_timespec() step to have been missed in that code - thus bug: Bug 3124 - xcopy /d with samba shares works not as aspected https://bugzilla.samba.org/show_bug.cgi?id=3124 which is a regression from a long-ago bug with SMB1. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/printing/printing.c | 23 +++-- source3/smbd/smb2_close.c | 127 +++ source3/smbd/smb2_create.c | 85 +++-- 3 files changed, 119 insertions(+), 116 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 5a35ad0..9b382dc 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -3365,13 +3365,28 @@ WERROR print_queue_purge(const struct auth_session_info *server_info, if ( can_job_admin ) become_root(); - for (i=0;injobs;i++) { - bool owner = is_owner(server_info, lp_const_servicename(snum), - queue[i].sysjob); + for (i = 0; i njobs; i++) { + struct tdb_print_db *pdb; + int jobid; + bool owner; + pdb = get_print_db_byname(lp_const_servicename(snum)); + if (pdb == NULL) { + DEBUG(1, (failed to find printdb for %s\n, + lp_const_servicename(snum))); + continue; + } + jobid = sysjob_to_jobid_pdb(pdb, queue[i].sysjob); + if (jobid == (uint32_t)-1) { + DEBUG(2, (jobid for system job %d not found\n, + queue[i].sysjob)); +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1f70ad9 VERSION: Bump version number up to 4.0.19... via 98b4a34 VERSION: Disable git snapshots for the 4.0.18 release. via 8a0fcbc WHATSNEW: Add release notes for Samba 4.0.18. from 97a3274 bug #10609: CVE-2014-0239 Don't reply to replies http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1f70ad9d3ec2a4c3da4651b74834d5b807410ad4 Author: Karolin Seeger ksee...@samba.org Date: Tue May 27 19:18:37 2014 +0200 VERSION: Bump version number up to 4.0.19... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 98b4a3491bedad8ea96faa057459fb1dcabfab9c Author: Karolin Seeger ksee...@samba.org Date: Tue May 27 14:03:28 2014 +0200 VERSION: Disable git snapshots for the 4.0.18 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10549 CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 CVE-2014-0239: DOS in DNS server packet handling Signed-off-by: Karolin Seeger ksee...@samba.org commit 8a0fcbcbc6e183bfb4ca95f02d15ea7b33107e27 Author: Karolin Seeger ksee...@samba.org Date: Tue May 27 14:02:02 2014 +0200 WHATSNEW: Add release notes for Samba 4.0.18. CVE-2014-0239 Don't reply to replies CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 100 - 2 files changed, 99 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6e860f0..d89736a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=18 +SAMBA_VERSION_RELEASE=19 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8ae476c..0320288 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,100 @@ == + Release Notes for Samba 4.0.18 +May 27, 2014 + == + + +This is the latest stable release of Samba 4.0. + +Please note that this bug fix release also addresses two minor security issues +without being a dedicated security release: + + o CVE-2014-0239: dns: Don't reply to replies (bug #10609). + o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response +(bug #10549). + +For more details including security advisories and patches, please see + + http://www.samba.org/samba/history/security.html + + + Changes since 4.0.17: +- + +o Michael Adam ob...@samba.org +* BUG 10548: build: Fix ordering problems with lib-provided and internal + RPATHs. + + +o Jeremy Allison j...@samba.org +* BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open + retry queue. +* BUG 10564: Fix lock order violation and file lost. + + +o Björn Baumbach b...@sernet.de +* BUG 10239: s3-nmbd: Reset debug settings after reading config file. +* BUG 10544: s3-lib/util: set_namearray reads across end of namelist + string. +* BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers. + + +o Kai Blin k...@samba.org +* BUG 10609: CVE-2014-0239: dns: Don't reply to replies. + + +o David Disseldorp dd...@samba.org +* BUG 10590: byteorder: Do not assume PowerPC is big-endian. + + +o Stefan Metzmacher me...@samba.org +* BUG 10472: script/autobuild: Make use of + '--with-perl-{arch,lib}-install-dir'. + + +o Noel Power nopo...@suse.com +* BUG 10554: Fix read of deleted memory in reply_writeclose()'. + + +o Jose A. Rivera jar...@redhat.com +* BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with + Cross-answers command. +* BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup. + + +o Christof Schmitt christof.schm...@us.ibm.com +* BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS + response. + + +o Andreas Schneider a...@samba.org +* BUG 10472: wafsamba: Fix the installation on FreeBSD. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 97a3274 bug #10609: CVE-2014-0239 Don't reply to replies via d4b0b74 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR via d6043d6 script/autobuild: make use of --with-perl-{arch,lib}-install-dir via 0e430f8 wafsamba: Fail with error message if perl doesn't provide valid dirs. via 86830d9 wafsamba: If perl can't provide defaults, define them. from 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 97a32749b4c567890a92de97aaf8b85d5ec0134b Author: Kai Blin k...@samba.org Date: Tue May 13 08:13:29 2014 +0200 bug #10609: CVE-2014-0239 Don't reply to replies Due to insufficient input checking, the DNS server will reply to a packet that has the reply bit set. Over UDP, this allows to send a packet with a spoofed sender address and have two servers DOS each other with circular replies. This patch fixes bug #10609 and adds a test to make sure we don't regress. CVE-2014-2039 has been assigned to this issue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104 (cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon May 26 14:54:32 CEST 2014 on sn-devel-104 commit d4b0b741427e6d5ec9626f26eff4068399d8f771 Author: Stefan Metzmacher me...@samba.org Date: Fri May 9 11:49:10 2014 +0200 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat May 10 01:37:33 CEST 2014 on sn-devel-104 (cherry picked from commit cf75ef9f73f2cdbf2a039bbc9468f5da6a14834e) commit d6043d62521391cf9c1d5b0f7f11618c6c3b46fb Author: Stefan Metzmacher me...@samba.org Date: Fri May 9 11:48:26 2014 +0200 script/autobuild: make use of --with-perl-{arch,lib}-install-dir Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit d18ee9e4b6f4c9a24b555c111e08396012c1755a) commit 0e430f836f34a2dd7976bc46c37fbfe4d320395d Author: Stefan Metzmacher me...@samba.org Date: Fri May 9 09:42:23 2014 +0200 wafsamba: Fail with error message if perl doesn't provide valid dirs. We try harder to get valid directories, we now fallback like this: vendorarch = sitearch = archlib and vendorlib = sitelib = privlib The new options are --with-perl-arch-install-dir and --with-perl-lib-install-dir. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 2637890ef42a238093f0f3cbdda0d621d5f9b2e2) commit 86830d9c31a3bc0856fe12859bb13be56077db2b Author: Andreas Schneider a...@samba.org Date: Tue Apr 15 10:24:24 2014 +0200 wafsamba: If perl can't provide defaults, define them. This should fix the installation on FreeBSD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Alexander Bokovoy a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu May 8 13:55:50 CEST 2014 on sn-devel-104 (cherry picked from commit 0ba276ebad57d75a769e22414f94acbe8c177d97) --- Summary of changes: buildtools/wafadmin/Tools/perl.py | 52 +++- pidl/lib/wscript_build|4 +- python/samba/tests/dns.py | 29 script/autobuild.py |4 ++- source4/dns_server/dns_server.c |6 5 files changed, 79 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py index 8f13e28..0f34e79 100644 --- a/buildtools/wafadmin/Tools/perl.py +++ b/buildtools/wafadmin/Tools/perl.py @@ -98,27 +98,53 @@ def check_perl_ext_devel(conf): conf.env.EXTUTILS_TYPEMAP = read_out('print $Config{privlib}/ExtUtils/typemap') conf.env.perlext_PATTERN = '%s.' + read_out('print $Config{dlext}')[0] - if getattr(Options.options,
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via 101ae20 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 7d90c1b s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. via cc20cef s3: smbd: Remove open_file_fchmod(). via 9b62ae8 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). via d3b8149 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. via 25aacde s3 : smbd : Protect all possible code paths from fsp-op == NULL. via c412f62 byteorder: do not assume PowerPC is big-endian via 92f894d Fix an empty if statement. via a9a345f Minor typo fix in source3/wscript. from 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 39ae6a7f3a36a34e69b896a8248c54fcfe134941 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 (cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696) The last 2 patches address bug #10549 - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon May 19 14:29:18 CEST 2014 on sn-devel-104 commit 101ae20a2f6ef1d79012bae09b965ac7d43d1692 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347) commit 7d90c1b0c857614ea6be2685d1f62fa5a7de810f Author: Jeremy Allison j...@samba.org Date: Tue Apr 29 16:59:55 2014 -0700 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. This can break smbd if we end up leaving a SHARING_VIOLATION retry record on the queue. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #10577 - SMB1 wildcard unlink fail can leave a retry record on the open retry queue. commit cc20cef310ef60ea66d4a838d602eedbdcf9ffb4 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:11:20 2014 -0700 s3: smbd: Remove open_file_fchmod(). No longer used (hurrah!). Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104 commit 9b62ae8337aaf154c141e9eec016c8a98de0becf Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:07:44 2014 -0700 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). get_file_handle_for_metadata() is a new function that finds an existing open handle (fsp-fh-fd != -1) for a given dev/ino if there is one available, and uses INTERNAL_OPEN_ONLY with WRITE_DATA access if not. Allows open_file_fchmod() to be removed next. Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Volker Lendecke v...@samba.org commit d3b81495c68ae06291929a0f878e3dbe2545cc99 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:01:03 2014 -0700 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. This causes deadlocks which cause smbd to crash if the locking database has already been locked for a compound operation we need to be atomic (as in the file rename case). Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL. INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in the share mode database, so they can be detected by
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). via deadf70 lib-util: rename memdup to smb_memdup and fix all callers (bug #10556) via 3d6e3ac build: fix ordering problems with lib-provided and internal RPATHs via 0953816 Revert tevent: fix crash bug in tevent_queue_immediate_trigger() via f0d41fb s3-lib/util: fix logic inside set_namearray loops. via 9057b42 s3-lib/util: fix read across end of namelist string via 0583bf5 s3-nmbd: reset debug settings after reading config file (bug #10239) from 1559d43 VERSION: Bump version number up to 4.0.18... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4386827f919cf3679fde99e5f4e63ad81efa68de Author: Noel Power nopo...@suse.com Date: Thu Feb 27 12:07:11 2014 -0800 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). While running smbtorture test raw.write under valgrind an Invalid read was reported in methid reply_writeclose, it seems after closing a file sometime later we try to access it again. Signed-off-by: Noel Power noel.po...@suse.com Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Mar 3 20:42:40 CET 2014 on sn-devel-104 (cherry picked from commit 04e434661fa6b5f13776f925b0a7cbadb6b6d006) Fix bug #10554 - request backport for 'smb1 - fix read of deleted memory in reply_writeclose()'. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri May 2 15:39:19 CEST 2014 on sn-devel-104 commit deadf7095c3ad7f93e8d099052503b0a334b9eec Author: Björn Baumbach b...@sernet.de Date: Mon Apr 14 14:37:29 2014 +0200 lib-util: rename memdup to smb_memdup and fix all callers (bug #10556) Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit fae7e5d771d1c69bded1189b23335647023fa0f7) Conflicts: ctdb/lib/util/util.h Also renamed memdup() in source3/locking/brlock.c commit 3d6e3aceecf8893484f3fba73aef7d55c14d6b4a Author: Michael Adam ob...@samba.org Date: Wed Oct 16 15:17:18 2013 +0200 build: fix ordering problems with lib-provided and internal RPATHs When a library or system (like cups) provides an RPATH, e.g. with -Wl,-R or -Wl,-rpath, this was added by waf to the LINKFLAGS, wich was later prepended to our RPATH. But if the path by chance contains an older version of one of our internal libraries like talloc, this would lead to linking the too old talloc into our binaries. This has been observed on, e.g., FreeBSD, but it is a general problem. This patch fixes the problem by specially parsing the RPATH linker options from the pkg-config(, cups-config, ) output and putting the paths into the RPATH_lib container, which is then later correctly appended to our internal RPATH. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 64f5e24100a764ec198cab9a8d2c43fa86e7027c) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10548 commit 0953816ae9414ea7d32a64af62f2fecb1868a627 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 29 10:23:03 2014 +0200 Revert tevent: fix crash bug in tevent_queue_immediate_trigger() This reverts commit fc185a5f4cb34f4a2488eb336844c32812f930e7. See https://bugzilla.samba.org/show_bug.cgi?id=10344 for details. Stefan (metze) Metzmacher 2014-04-11 07:28:18 UTC Karolin, please revert fc185a5f4cb34f4a2488eb336844c32812f930e7 in v4-0-test, this somehow went in twice. 87a02403ee4fcc404dc3b887a851c421660cb4d8 is the first commit. It's not a real problem to have the same check twice, but it's a bit confusing and may generate problems with future backports. commit f0d41fbc7295de4e31229704b255ca1db7f761f8 Author: Jeremy Allison j...@samba.org Date: Tue Apr 8 10:38:33 2014 -0700 s3-lib/util: fix logic inside set_namearray loops. Additional fix for bug #10544 - s3-lib/util: set_namearray reads across end of namelist string. Not strictly needed as the initial fix addresses the problem, but corrects the internal logic inside the loops. https://bugzilla.samba.org/show_bug.cgi?id=10544 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Michael Adam ob...@samba.org (cherry picked from commit 4f59580331b934b183c3344da57f2002d88d4512) commit 9057b426d232638dcb1374724023aa95f4e86081 Author: Björn Baumbach b...@sernet.de Date: Mon Apr 7 13:46:42 2014 +0200 s3-lib/util:
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1559d43 VERSION: Bump version number up to 4.0.18... via 52eee62 WHATSNEW: Add release notes for Samba 4.0.17. from e6ff129 s3: messages: Implement cleanup of dead records. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1559d4348ded17488f7aadc0ba06e45eecc7be84 Author: Karolin Seeger ksee...@samba.org Date: Thu Apr 10 11:52:52 2014 +0200 VERSION: Bump version number up to 4.0.18... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 52eee62076402ebb00b9f3df170df1c79a27efb8 Author: Karolin Seeger ksee...@samba.org Date: Thu Apr 10 11:41:12 2014 +0200 WHATSNEW: Add release notes for Samba 4.0.17. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |4 +- WHATSNEW.txt | 118 +- 2 files changed, 118 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 8a57f26..6e860f0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=17 +SAMBA_VERSION_RELEASE=18 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 654a252..8ae476c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,118 @@ == + Release Notes for Samba 4.0.17 + April 15, 2014 + == + + +This is the latest stable release of Samba 4.0. + + +Changes since 4.0.16: +- + +o Jeremy Allison j...@samba.org +* BUG 9878: Make force user work as expected. +* BUG 9942: Fix problem with server taking too long to respond to a + MSG_PRINTER_DRVUPGRADE message. +* BUG 9993: s3-printing: Fix obvious memory leak in + printer_list_get_printer(). +* BUG 10344: SessionLogoff on a signed connection with an outstanding notify + request crashes smbd. +* BUG 10431: Fix STATUS_NO_MEMORY response from Query File Posix Lock request. +* BUG 10508: smbd: Correctly add remote users into local groups. +* BUG 10534: Cleanup messages.tdb record after unclean smbd shutdown. + + +o Christian Ambach a...@samba.org +* BUG 9911: Fix build on AIX with IBM XL C/C++ (gettext detection issues). +* BUG 10308: Fix String Conversion Errors with Samba 4.1.0 Build on AIX 7.1. + + +o Andrew Bartlett abart...@samba.org +* smbd: Split create_conn_struct into a fn that does not change the + working dir. + + +o Gregor Beck gb...@sernet.de +* BUG 10458: Fix 'wbinfo -i' with one-way trust. +* s3:rpc_server: Minor refactoring of process_request_pdu(). + + +o Kai Blin k...@samba.org +* BUG 10471: Don't respond with NXDOMAIN to records that exist with another + type. + + +o Alexander Bokovoy a...@samba.org +* BUG 10504: lsa.idl: Define lsa.ForestTrustCollisionInfo and + ForestTrustCollisionRecord as public structs. + + +o Günther Deschner g...@samba.org +* BUG 10439: Increase max netbios name components. + + +o David Disseldorp dd...@samba.org +* BUG 10188: doc: Add spoolss: architecture parameter usage. +* BUG 10484: Initial FSRVP rpcclient requests fail with + NT_STATUS_PIPE_NOT_AVAILABLE. + + +o Daniel Liberman danie...@gmail.com +* BUG 10387: 'net ads search' on high latency networks can return a partial + list with no error indication. + + +o Stefan Metzmacher me...@samba.org +* BUG 10344: SessionLogoff on a signed connection with an outstanding notify + request crashes smbd. +* BUG 10422: max xmit 64kb leads to segmentation fault. +* BUG 10444: smbd_server_connection_terminate(CTDB_SRVID_RELEASE_IP) + panics from within ctdbd_migrate() with invalid lock_order. +* BUG 10464: samba4 services not binding on IPv6 addresses causing + connection delays. +* tevent: Fix crash bug in tevent_queue_immediate_trigger(). + + +o Garming Sam garm...@catalyst.net.nz +* BUG 10378: dfs: Always call create_conn_struct with root privileges. + + +o Andreas Schneider a...@cryptomilk.org +* BUG 10472: pidl: waf should have
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e6ff129 s3: messages: Implement cleanup of dead records. via b649fdb s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT token. from fc185a5 tevent: fix crash bug in tevent_queue_immediate_trigger() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e6ff1291fa940294689d46bd2795281d45fbc07e Author: Jeremy Allison j...@samba.org Date: Wed Apr 2 16:45:25 2014 -0700 s3: messages: Implement cleanup of dead records. When a smbd process dies, pending messages.tdb records for this process might not get cleaned up. Implement a cleanup for dead records that is triggered after a smbd dies uncleanly; the records for that PID are deleted. Based on a patchset from Christof Schmitt c...@samba.org. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Christof Schmitt c...@samba.org (cherry picked from commit 837671f47670b16726aa96ba7a0902974a1037eb) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10534 Cleanup messages.tdb record after unclean smbd shutdown Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Apr 7 11:55:50 CEST 2014 on sn-devel-104 commit b649fdb8d63a5b14bb9dc567de1ddd640ae165f3 Author: Jeremy Allison j...@samba.org Date: Tue Mar 25 08:47:39 2014 -0700 s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT token. This has to be done in every code path that creates an NT token, as remote users may have been added to the local /etc/group database. Tokens created merely from the info3 structs (via the DC or via the krb5 PAC) won't have these local groups. This code needs to special-case the guest user, as this token can have the token_sid[0] set to the Guest SID, not the mapping of UNIX uid - SID. Other users that may have a well-known SID set in token_sid[0] (like SYSTEM) are usually not mappable to UNIX users and can be ignored when adding local groups from /etc/group. Combined back-port of fixes 6034ab521c47fc5f4732398652c9c6847ff92035 and a9fa09723bee3588db2168ac13f7ad0334452c11 from master. https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/auth/token_util.c| 101 ++ source3/include/messages.h |6 +++ source3/lib/messages.c | 17 +++ source3/lib/messages_local.c | 38 source3/smbd/server.c|7 +++ 5 files changed, 169 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 841bc52..09959f4 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -389,6 +389,100 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, return result; } +/*** + Merge in any groups from /etc/group. +***/ + +static NTSTATUS add_local_groups(struct security_token *result, +bool is_guest) +{ + gid_t *gids = NULL; + uint32_t getgroups_num_group_sids = 0; + struct passwd *pass = NULL; + TALLOC_CTX *tmp_ctx = talloc_stackframe(); + int i; + + if (is_guest) { + /* +* Guest is a special case. It's always +* a user that can be looked up, but +* result-sids[0] is set to DOMAIN\Guest. +* Lookup by account name instead. +*/ + pass = Get_Pwnam_alloc(tmp_ctx, lp_guestaccount()); + } else { + uid_t uid; + + /* For non-guest result-sids[0] is always the user sid. */ + if (!sid_to_uid(result-sids[0], uid)) { + /* +* Non-mappable SID like SYSTEM. +* Can't be in any /etc/group groups. +*/ + TALLOC_FREE(tmp_ctx); + return NT_STATUS_OK; + } + + pass = getpwuid_alloc(tmp_ctx, uid); + if (pass == NULL) { + DEBUG(1, (SID %s - getpwuid(%u) failed\n, + sid_string_dbg(result-sids[0]), + (unsigned int)uid)); + } + } + + if (!pass) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + /* +* Now we must get any groups this user has been +* added to in /etc/group and merge them in. +* This
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via fc185a5 tevent: fix crash bug in tevent_queue_immediate_trigger() via f9e8a9e lsa.idl: define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs via ecfe72f s3-rpc_server: Fix handling of fragmented rpc requests. via 2170b8c s3:rpc_server: minor refactoring of process_request_pdu() via eec2818 pidl-waf: Only install Yapp::Driver if it is not available. via f21b897 pidl-waf: Check for system perl(Parse::Yapp::Driver). via fb992a8 pidl-waf: Add a function to check for a system perl module. via 50567ff pidl-waf: Do not glob to install pidl modules. via 667a59c pidl-waf: Install pidl modules to the perl vendorlib directory. via 10573dd pidl-waf: Remove unused variable pidl_src. via 60b8f8f autobuild: Set perl vendorlib direcotry. via f46447a buildtools: Add perl vendorlib configure option. via 503d0ff buildtools: Rename perl vendorarch configure option. via cd208b2 dns: Extend tests for records with another type via 7bac6e0 bug #10471: Don't respond with NXDOMAIN to records that exist with another type via 67fc5bf s3: smbd: Fileserving share access checks. via c96bac8 smbreadline: switch to new-style readline typedef via e53c10d s4:lib/socket: simplify iface_list_wildcard() and its callers via 74aa879 s4:lib/socket: use the same logic in iface_list_wildcard() as in smbd via 5f4c1bb s3:smbd: s/BUFFER_SIZE/LARGE_WRITEX_BUFFER_SIZE via a42b892 s3:smbd: fix the maxentries calculation depending on the max_send. via 03f9c61 s3:smbd: simplify maxentries calculation in reply_search() via 00a60ed s3:smbd: fix the read numtoread calculation depending on the max_send. via e915655 s3:smbd: fix the lockread numtoread calculation depending on the max_send. via 93e5454 s3:smbd: pass the final numtoread reply_outbuf() for the lockread reply. via e6b365a s3:smbd: fix lockread numtoread calculation to match reply_outbuf() arguments. via 9da034e s3:smbd: take less than SMB_BUFFER_SIZE_MIN ('500') as header overhead in ipc.c via 1039e5f s3:smbd: reject a MaxBufferSize SMB_BUFFER_SIZE_MIN (500) in a session setup request via a5ce91c s3:smbd: use sconn-smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX via 1c13590 s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit lp_max_xmit() via e06ff86 s3:include: let CLI_BUFFER_SIZE be an alias of SMB_BUFFER_SIZE_MAX via b6ee584 libcli/smb: add SMB_BUFFER_SIZE_MIN/MAX defines via 1fac62c s3:param: avoid using BUFFER_SIZE to limit the lp_min_receive_file_size() via ab7c46c s3:client: only limit the buffer by the given length 'n' via eeb901b s3:torture: use CLI_BUFFER_SIZE instead of BUFFER_SIZE via e98e7b0 s3:utils/smbfilter: use a local variable for the packet buffer via 57cd00c s3:smbd: avoid invalid lock_order panic triggered by CTDB_SRVID_RELEASE_IP via f850683 s3:lib/ctdbd_conn: let release_ip_handler return bool via 95b04d7 s3:smbd: maintain smbd_server_connection-status via c759f09 s3:smbd: simplify exit_server_common() via 1560850 s3:smbd: s/EVENT_FD/TEVENT_FD via 626fc22 doc: add spoolss: architecture parameter usage via 33419d8 s4: smbtorture: Add a proper change_notify going async followed by tdis test. via 25464e3 s4: smbtorture: Update the torture_smb2_notify_ulogoff test to demonstrate the problem. via 77d1158 s3:smb2_tcon: cancel and wait for pending requests on tdis via e736677 s3:smb2_sesssetup: cancel and wait for pending requests on logoff via 37b51d7 s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair. via 5f8bc31 s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair. via f7cc9d0 s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdis via 53ae5fb s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel() via 6896d0c s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after smb2_logoff/tdis via b86c4fa s3: lib: Back-port tevent_queue_wait_send/recv - smbd_tevent_queue_wait_send/recv via 87a0240 tevent: fix crash bug in tevent_queue_immediate_trigger() from e42fd53 Merge tag 'samba-4.0.16' into v4-0-test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fc185a5f4cb34f4a2488eb336844c32812f930e7 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 11 08:58:05 2014 +0100 tevent: fix crash bug in tevent_queue_immediate_trigger() Assume we we have a queue with 2 entries (A and B with triggerA() and triggerB()). If triggerA() removes itself tevent_queue_entry_destructor() will be called for A, this
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 58cb450 VERSION: Bump version number up to 4.0.17. via 887e04b VERSION: Disable git snapshots for the 4.0.16 release. via a656392 WHATSNEW: Add release notes for Samba 4.0.16. via caad2f0 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via e999b98 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 6b8bca5 CVE-2013-4496:samr: Remove ChangePasswordUser via d8b5c1b CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via ac0ef44 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes from 24fec62 s3-spoolssd: Don't register spoolssd if epmd is not running. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 58cb450bae8cc1b3d73167422dfdeb4d964f3070 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 19:31:59 2014 +0100 VERSION: Bump version number up to 4.0.17. Signed-off-by: Karolin Seeger ksee...@samba.org commit 887e04b646952c7b59db00bbf72782b8566173f2 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:00:52 2014 +0100 VERSION: Disable git snapshots for the 4.0.16 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Enforce password lockout for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: ensure we don't lose an existing ACL when setting owner or group owner. Signed-off-by: Karolin Seeger ksee...@samba.org commit a656392aa2be9c11c0f61766341b56e4ded21af4 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 11:42:21 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Karolin Seeger ksee...@samba.org commit caad2f06991c0c9c245f86935d45d405c177f445 Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit e999b98ccead0794007a14326c894d2a4a6d7bea Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6b8bca5d9345517979342ca12cb9f65857c21ca2 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d8b5c1bb6577102b8e0dcb43be673b09b5187455 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e42fd53 Merge tag 'samba-4.0.16' into v4-0-test via bc0f537 VERSION: Disable git snapshots for the 4.0.16 release. via 2cd17b5 WHATSNEW: Add release notes for Samba 4.0.16. via 109d63a CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via f580c8c CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 8fee6bd CVE-2013-4496:samr: Remove ChangePasswordUser via 139b90d CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via a597c31 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via adfa17e VERSION: Bump version number up to 4.0.16... from 58cb450 VERSION: Bump version number up to 4.0.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e42fd53389807d8375a69a1b8c69d48007b48a19 Merge: 58cb450bae8cc1b3d73167422dfdeb4d964f3070 bc0f537280d7b34c717629312015170344289e5c Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 11 20:55:57 2014 +0100 Merge tag 'samba-4.0.16' into v4-0-test Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 24fec62 s3-spoolssd: Don't register spoolssd if epmd is not running. via 9537207 s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*() via 099a02a s3:winbindd: fix _wbint_LookupSids() on error via cc754e6 pidl:NDR/Client: fix dcerpc_function() with [out,ref] pointers via 52990c9 s3: smbd: Ensure brl_get_locks_internal() always returns a valid struct byte_range_lock even if there are no locks. via f4b8045 s3-printing: Fix obvious memory leak in printer_list_get_printer(). via a8fb002 rpc_client: retry open on STATUS_PIPE_NOT_AVAILABLE via fd8d469 s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search. via e1f7cbc waf: improve iconv checks via f33c3ad heimdal_build: only enable libintl functions if everything was found via 8b062f1 waf:lib/replace fix iconv checks on HP/UX via 4aafa69 waf:lib/replace gettext configure checks via e8ab980 waf:lib/replace fix gettext detection via 7346b57 waf:lib/replace change detection of gettext via f4e1771 waf:lib/replace fix up libintl related checks via 0d2e0d4 waf:lib/replace correct detection of libiconv from 68c6cb5 s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 24fec624bc342fd066233657a3cadfe05bd6b20f Author: Andreas Schneider a...@samba.org Date: Thu Feb 27 09:58:27 2014 +0100 s3-spoolssd: Don't register spoolssd if epmd is not running. https://bugzilla.samba.org/show_bug.cgi?id=10474 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 562ade624a78a11a5af0f26b04df93d76d6166bd) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Mar 10 18:37:25 CET 2014 on sn-devel-104 commit 953720784a0fe2a73e7db6d617ff181394465094 Author: Gregor Beck gb...@sernet.de Date: Thu Feb 20 11:25:53 2014 +0100 s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*() As a domain member we should always use a DC of our own domain. It would be possible to pass all sids in one single dcerpc_wbint_LookupSids() call. For now we just fix bug. Pair-Programmed-With: Stefan Metzmacher me...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 66fb0ce9557553a4c01607b517e65ac4c93841d0) commit 099a02a11db054fb2f42c42ded40ec4bce9b6fb9 Author: Gregor Beck gb...@sernet.de Date: Thu Feb 20 13:14:31 2014 +0100 s3:winbindd: fix _wbint_LookupSids() on error We need to make sure that r-out.domains remains valid, otherwise we're not able to marshall the response. Note that wbint_LookupSids() has [out,ref] lsa_RefDomainList *domains, while lsa_LookupSids() has [out,ref] lsa_RefDomainList **domains. Pair-Programmed-With: Stefan Metzmacher me...@samba.org Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 3413e64149702136429d7b5acaa7a52c49abf564) commit cc754e627329cdeef5b1c2ce1d8490eec07d7753 Author: Stefan Metzmacher me...@samba.org Date: Thu Sep 26 01:20:10 2013 +0200 pidl:NDR/Client: fix dcerpc_function() with [out,ref] pointers Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit f50b561336c7b6c08300e6e477859d1f9fab62c2) commit 52990c9a211362006ab4d262a8c90bd3891252fb Author: Jeremy Allison j...@samba.org Date: Thu Feb 27 16:19:53 2014 -0800 s3: smbd: Ensure brl_get_locks_internal() always returns a valid struct byte_range_lock even if there are no locks. brl_get_locks_internal() currently returns NULL when it can't find any byte range locks on the file. This is an error - it should return a valid struct byte_range_lock containing num_locks == 0 so it can be cached. Returning NULL when there are no locks causes POSIX lock tests to fail returning NT_STATUS_NO_MEMORY (as it thinks it can't allocate the struct) instead of NT_STATUS_OK. This is a back-port of git commit abf08ed544ce05ea5a6e6ea2e531b6a2d97e15cc that went into master. Fixes bug: Bug 10431 - STATUS_NO_MEMORY response from Query File Posix Lock request https://bugzilla.samba.org/show_bug.cgi?id=10431 Signed-off-by:
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 68c6cb5 s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message. via 23bec26 librpc/nbt: increase MAX_COMPONENTS limit for nbt_names. via 4d857a9 dfs: always call create_conn_struct with root privileges via 4bc4ab9 smbd: Fix calls to create_conn_struct_cwd to be correctly indented. via d534964 smbd: Split create_conn_struct into a fn that does not change the working dir from 20d7ec8 VERSION: Bump version number up to 4.0.15... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 68c6cb5a6909f50c6d016803881695809ccd1fbb Author: Jeremy Allison j...@samba.org Date: Wed Feb 12 10:13:19 2014 -0800 s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message. Receiving a MSG_PRINTER_DRVUPGRADE causes smbd to iterate over all printers looking for ones that uses the driver. This is a very expensive operation requiring a read of all registry printer parameters. On a system with a large number of printers, this causes the clients to timeout (smbd can take longer than 60 seconds to respond). This patch fixes the problem by forwarding the MSG_PRINTER_DRVUPGRADE to the background lpq queue updater process and allowing it to take care of the updating of the changeid in the registry, allowing the smbd connected to the client to return to processing requests immediately. https://bugzilla.samba.org/show_bug.cgi?id=9942 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Tue Feb 18 17:48:30 CET 2014 on sn-devel-104 (cherry picked from commit cd655715b8ee0a4e681d67b3996f71017b941401) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Feb 23 04:57:30 CET 2014 on sn-devel-104 commit 23bec26d78547e5a82c79fc3f1fc1f41c0d785da Author: Günther Deschner g...@samba.org Date: Tue Feb 4 16:38:46 2014 +0100 librpc/nbt: increase MAX_COMPONENTS limit for nbt_names. domains with more then 10 subdomains are not so uncommon. https://bugzilla.samba.org/show_bug.cgi?id=10439 Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Thu Feb 13 16:30:50 CET 2014 on sn-devel-104 (cherry picked from commit 4e05bad0d18e351cb2a2db74860e77adea727c79) Signed-off-by: Andreas Schneider a...@samba.org commit 4d857a92aa798448525db50c72327cfa5befc075 Author: Garming Sam garm...@catalyst.net.nz Date: Thu Dec 19 09:55:44 2013 +1300 dfs: always call create_conn_struct with root privileges This fixes a bug in dfs_samba4 identified by Daniel Müller. create_conn_struct calls SMB_VFS_CONNECT which requires root privileges. SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb. Calls were made to this function without ever becoming root (notably via setup_dfs_referral) which resulted in an error and the VFS connect failing. This happens when you have an active directory domain controller with host msdfs = yes in smb.conf and dfs links in place. Signed-off-by: Garming Sam garm...@catalyst.net.nz Reviewed-by: Bjoern Baumbach b...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104 (cherry picked from commit 24a687642de21ce872d25f16b3525003844d05f9) Fix bug #10378 - dfs: always call create_conn_struct with root privileges. commit 4bc4ab90deb9265dc506abc9c3d854909c68dccf Author: Andrew Bartlett abart...@samba.org Date: Tue Jan 8 09:29:48 2013 +1100 smbd: Fix calls to create_conn_struct_cwd to be correctly indented. These are whitespace changes only, left out of the previous commit to preserve clarity. Andrew Bartlett. Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 5a3e915d20bb11984c42081bf25ce09baa58e04e) commit d534964ea9741cc79f7cd7c2f7e9ed0a3a79d8dc Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 10 13:47:49 2012 +1100 smbd: Split create_conn_struct into a fn that does not change the working dir The python bindings do not want the current working directory changed during operations, so we provide two functions, one providing the original behaviour, and other providing the python bindings with just the memory allocation and initilisation stuff. Andrew Bartlett
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 20d7ec8 VERSION: Bump version number up to 4.0.15... via e005eb7 VERSION: Disable git snapshots for the 4.0.15 release. via dd07d1f WHATSNEW: Add release notes for Samba 4.0.15. from c400dd0 s3:smb2_notify: fix use after free on long living notify requests http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 20d7ec8a7b1d39f5a93e58d22720d0a333079254 Author: Karolin Seeger ksee...@samba.org Date: Sun Feb 16 21:01:42 2014 +0100 VERSION: Bump version number up to 4.0.15... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit e005eb7968bf7fb4bd2a09ca2335bddb78a4b4e6 Author: Karolin Seeger ksee...@samba.org Date: Sun Feb 16 21:00:50 2014 +0100 VERSION: Disable git snapshots for the 4.0.15 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit dd07d1f7796246824491a4bc463df17d376d6aa2 Author: Karolin Seeger ksee...@samba.org Date: Sun Feb 16 20:58:36 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.15. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 88 + 2 files changed, 82 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a988145..6eed1e9 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=15 +SAMBA_VERSION_RELEASE=16 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 661cf51..f602152 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,84 @@ == + Release Notes for Samba 4.0.15 + February 18, 2014 + == + + +This is the latest stable release of Samba 4.0. + + +Changes since 4.0.14: +- + +o Michael Adam ob...@samba.org +* BUG 10259: Make shadow_copy2 module working with Windows 7. + + +o Alistair Leslie-Hughes leslie_alist...@hotmail.com +* BUG 10087: ntlm_auth sometimes returns the wrong username to + mod_ntlm_auth_winbind. + + +o Jeremy Allison j...@samba.org +* BUG 2662: Make revamped directory handling code 64bit clean. +* BUG 10358: Fix 100% CPU utilization in winbindd when trying to free + memory in winbindd_reinit_after_fork. +* BUG 10429: s3: modules: streaminfo: As we have no VFS function + SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() + is true. + + +o Christian Ambach a...@samba.org +* BUG 0280: s3:winbindd: Fix use of uninitialized variables. + + +o Andrew Bartlett abart...@samba.org +* BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid. + + +o Jeffrey Clark d...@zaplabs.com +* BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system. + + +o Volker Lendecke v...@samba.org +* BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(). +* BUG 10415: smbd: Fix memory overwrites. +* BUG 10436: smbd: Fix an ancient oplock bug. + + +o Stefan Metzmacher me...@samba.org +* BUG 10442: Fix crash bug in smb2_notify code. + + +o Jelmer Vernooij jel...@samba.org +* BUG 10418: Cope with first element in hdb_method having a different name + in different heimdal versions. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.0.14 January 7, 2014 == @@ -66,14 +146,8 @@ be filed under the Samba 4.0 product in the project's Bugzilla database
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c400dd0 s3:smb2_notify: fix use after free on long living notify requests from c10bc88 s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c400dd0f92688d9baece6dcd3d66d3245127c352 Author: Stefan Metzmacher me...@samba.org Date: Thu Jan 30 16:12:44 2014 +0100 s3:smb2_notify: fix use after free on long living notify requests This is a hack, but it should fix the bug: change_notify_add_request() talloc moves smb_request away, which is not expected by the smb2_notify.c code... smbd_smb2_notify_reply() uses tevent_req_defer_callback() (in older versions an immediate event) to defer the response. This is needed as change_notify_reply() will do more things after calling reply_fn() (smbd_smb2_notify_reply is this case) and often change_notify_remove_request() is called after change_notify_reply(). change_notify_remove_request() implicitly free's the smb_request that was passed to change_notify_add_request(). smbd_smb2_fake_smb_request() added the smb_request as smb2req-smb1req, which is expected to be available after smbd_smb2_notify_recv() returned. The long term solution would be the following interface: struct tevent_req *change_notify_request_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct files_struct *fsp, uint32_t max_length, uint32_t filter, bool recursive); NTSTATUS change_notify_request_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *buffer); Bug: https://bugzilla.samba.org/show_bug.cgi?id=10442 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Feb 14 11:18:15 CET 2014 on sn-devel-104 (cherry picked from commit e0bf930f23fe20ee00d0006a5f6c2ba1a8f592a0) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Feb 16 19:18:59 CET 2014 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_notify.c | 55 1 files changed, 55 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c index 81aa615..c35acc5 100644 --- a/source3/smbd/smb2_notify.c +++ b/source3/smbd/smb2_notify.c @@ -28,6 +28,8 @@ struct smbd_smb2_notify_state { struct smbd_smb2_request *smb2req; struct smb_request *smbreq; + bool has_request; + bool skip_reply; NTSTATUS status; DATA_BLOB out_output_buffer; }; @@ -160,6 +162,44 @@ static void smbd_smb2_notify_reply(struct smb_request *smbreq, uint8_t *buf, size_t len); static bool smbd_smb2_notify_cancel(struct tevent_req *req); +static int smbd_smb2_notify_state_destructor(struct smbd_smb2_notify_state *state) +{ + if (!state-has_request) { + return 0; + } + + state-skip_reply = true; + smbd_notify_cancel_by_smbreq(state-smbreq); + return 0; +} + +static int smbd_smb2_notify_smbreq_destructor(struct smb_request *smbreq) +{ + struct tevent_req *req = talloc_get_type_abort(smbreq-async_priv, + struct tevent_req); + struct smbd_smb2_notify_state *state = tevent_req_data(req, + struct smbd_smb2_notify_state); + + /* +* Our temporary parent from change_notify_add_request() +* goes away. +*/ + state-has_request = false; + + /* +* move it back to its original parent, +* which means we no longer need the destructor +* to protect it. +*/ + talloc_steal(smbreq-smb2req, smbreq); + talloc_set_destructor(smbreq, NULL); + + /* +* We want to keep smbreq! +*/ + return -1; +} + static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, @@ -183,6 +223,7 @@ static struct
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c10bc88 s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true. via 3d666cb s3: vfs_dirsort module. via c86c98d s3: vfs_dirsort module. via 9e39883 smbd: Fix an ancient oplock bug via f847b5d kdc: Add belts-and-braces check that we fail if the hdb version changes via 3bbccc5 Support for Heimdal's unified krb5 and hdb plugin system. via 4b914d3 Cope with first element in hdb_method having a different name in different heimdal versions. via 68048a5 smbd: Fix memory overwrites from e8769b7 s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c10bc8830df84797166742e3d628deb39ea59f26 Author: Jeremy Allison j...@samba.org Date: Fri Feb 7 10:19:26 2014 -0800 s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true. Fix bug : Bug 10429 - samba returns STATUS_OBJECT_NAME_NOT_FOUND when attempting to remove dangling symlink https://bugzilla.samba.org/show_bug.cgi?id=10429 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Jeff Layton jlay...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Sat Feb 8 00:01:16 CET 2014 on sn-devel-104 (cherry picked from commit 17adbbcad7e401dd544dfa76f7ec9aeb6a847381) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Feb 14 22:35:40 CET 2014 on sn-devel-104 commit 3d666cb865c5b72fbc9131435d1ca08392e15aa6 Author: Jeremy Allison j...@samba.org Date: Tue Feb 11 10:39:04 2014 -0800 s3: vfs_dirsort module. Add raw.search torture test on a share definition with: vfs objects = dirsort https://bugzilla.samba.org/show_bug.cgi?id=10406 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 30cc8f41da58b87ff575860b7cde640520829923) commit c86c98d18e2b0719238341d6b8d5554a9abaa350 Author: Jeremy Allison j...@samba.org Date: Wed Jan 29 17:01:30 2014 -0800 s3: vfs_dirsort module. Allow dirsort to work when multiple simultaneous directories are open. The old code only keeps one active private data pointer on the connection struct, opening a second directory on the same connection will overwrite it. This modification turns the private data pointer into a linked list of open directories on the connection struct, and finds the correct one by searching on the passed in DIR *. With this code in place, smbd passes raw.search torture test on a share definition with: vfs objects = dirsort https://bugzilla.samba.org/show_bug.cgi?id=10406 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (back-ported from commit fd79652b0e598882e0c4d156bd897c29dae8ec04) commit 9e398837bab5e520429fc93e3277f00b6081559c Author: Volker Lendecke v...@samba.org Date: Wed Sep 4 13:57:00 2013 +0200 smbd: Fix an ancient oplock bug If we get an oplock break response, we forgot to remove the oplock break timeout. Found by stopping raw.oplock.exclusive5 after the 2nd open and watching a debug level 10 log. This amends 08a9de89 from 2007. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 0670975261c5f29394f9e9d25f899a7de948dad1) Fix bug #10436 - cancel fsp-oplock_timeout in downgrade_file_oplock(). commit f847b5dba7b6646cd28751e22a4d2f30fda51917 Author: Andrew Bartlett abart...@samba.org Date: Tue Jan 14 11:23:04 2014 +1300 kdc: Add belts-and-braces check that we fail if the hdb version changes This checks both if host system run-time Heimdal has changed version, and that the build-time version is supported. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-By: Jelmer Vernooij jel...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Jan 20 22:26:49 CET 2014 on sn-devel-104 (cherry picked from commit e758f4111356fafce5b5c8393648c9ea5c400601) The last 3 patches address bug #10418 - INTERNAL ERROR: Signal 11 in the kdc pid. commit 3bbccc5acf1358a76727a2739d80e85fd4c49e39 Author: Jeffrey Clark d...@zaplabs.com Date: Fri Jan 10 17:20:14 2014 -0600 Support for Heimdal's unified krb5 and hdb plugin system. Fixes exportkeytab and a kdc crash when building against heimdal master. Bug-Debian: http://bugs.debian.org/732342
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e8769b7 s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(). via 6b11557 Stop use after free from 661f8af s3:dir - We now pass the previously spinning directory tests on ext4. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e8769b7b06e6d7d2d9f5d5e23c15bd01c56255f6 Author: Volker Lendecke v...@samba.org Date: Thu Jan 16 16:10:25 2014 +0100 s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104 (cherry picked from commit 1a43778433934530d77791edd1af538de8b1d8a3) Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Feb 14 00:04:34 CET 2014 on sn-devel-104 commit 6b115571b1d480476484a33eb70ca7f0e5a76c7f Author: Alistair Leslie-Hughes leslie_alist...@hotmail.com Date: Fri Sep 27 08:31:00 2013 +1000 Stop use after free Fixes bug #10087 Thanks to Man Min Yan for their analysis and providing a solution to the issue. Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104 (cherry picked from commit 6bf9a774718917c3429fa1492f5b0268ae5e01c3) --- Summary of changes: source3/utils/ntlm_auth.c|6 +- source3/winbindd/wb_fill_pwent.c |2 +- 2 files changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 7cf40b9..ad75e69 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, } else { reply_code = AF; - reply_arg = session_info-unix_info-unix_name; + reply_arg = talloc_strdup(state-gensec_state, session_info-unix_info-unix_name); + if (reply_arg == NULL) { + reply_code = BH out of memory; + reply_arg = nt_errstr(NT_STATUS_NO_MEMORY); + } talloc_free(session_info); } } else if (state-gensec_state-gensec_role == GENSEC_CLIENT) { diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c index 9d0abbd..cd0ca50 100644 --- a/source3/winbindd/wb_fill_pwent.c +++ b/source3/winbindd/wb_fill_pwent.c @@ -91,7 +91,7 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq) state-pw-pw_uid = (uid_t)xid.id; - subreq = wb_getgrsid_send(state, state-ev, state-info-group_sid, 1); + subreq = wb_getgrsid_send(state, state-ev, state-info-group_sid, 0); if (tevent_req_nomem(subreq, req)) { return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 661f8af s3:dir - We now pass the previously spinning directory tests on ext4. via 4527bd6 s3:dir - Introduce a 64-bit directory offset - 32 bit wire offset map using memcache. via 75cc7c7 s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP. via b884da9 s3:dir - Map wire offsets to native directory cookies. via 79e6052 s3:dir - Cope with fixed mapping of 'special' values. via 334f7d4 s3: dir - Introduce 32-bit wire versions of the 'special' values. via 8874f5d s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie. via 32fffa3 s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets. from 0ce1612 shadow_copy2: add a comment explaining why we don't talloc_zero_array(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 661f8af3355229c8950665ca403c99265b9fc08a Author: Jeremy Allison j...@samba.org Date: Mon Jan 13 10:20:25 2014 -0800 s3:dir - We now pass the previously spinning directory tests on ext4. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Jan 15 11:39:12 CET 2014 on sn-devel-104 (cherry picked from commit 0f9a189e36d8e30dfd40e42130329a0984938ddd) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jan 29 21:39:55 CET 2014 on sn-devel-104 commit 4527bd6bca977943906c1247ce44107055350362 Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 15:45:48 2014 -0800 s3:dir - Introduce a 64-bit directory offset - 32 bit wire offset map using memcache. Should fix the DOS clients against 64-bit smbd's bug. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 97cd9c6729a3821faa2dbc1588a40c5e03b9fd4f) commit 75cc7c7e22adc56e9d993747db9ee67e8d660b0e Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 13:58:46 2014 -0800 s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP. We will use this in mapping 64-bit directory offset cookies to a 32-bit counter. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 4e0c41a321b2683610748c8c176fc46aaa8d114d) commit b884da932b1e1d95709d17c1803f73aefff9916b Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 15:04:38 2014 -0800 s3:dir - Map wire offsets to native directory cookies. Take care of the special offsets. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 42c80358c83dca65cdde78f442056ec0f55ecbb1) commit 79e60528274e6382b42b8408627304259e2ecf4a Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 14:59:00 2014 -0800 s3:dir - Cope with fixed mapping of 'special' values. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 81df4123ca6fae6e9d901c59a12407f3f89dc335) commit 334f7d4ad06c3f88c8d0bad96a220e880c69b270 Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 14:56:57 2014 -0800 s3: dir - Introduce 32-bit wire versions of the 'special' values. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 51a115b62048735b4c8ec79211ce45600cfa5c01) commit 8874f5d50dfd64712d53554bd67cefe0767ebc1a Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 14:48:00 2014 -0800 s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie. Make this an identity for now. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 5afc25eceb0c0e031bbe162617309178f3bcc425) commit 32fffa3fe9b6ed913d6d4d426f9f29fe1a6a0edf Author: Jeremy Allison j...@samba.org Date: Sat Jan 11 14:36:17 2014 -0800 s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets. Rename uint32 type to correct uint32_t. https://bugzilla.samba.org/show_bug.cgi?id=2662 Signed-off-by: Jeremy Allison
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0ce1612 shadow_copy2: add a comment explaining why we don't talloc_zero_array(). via d06f278 shadow_copy2: revert expensive and unnecessary zero-initialization via 4982328 docs: Fix typos in vfs_shadow_copy2.8.xml. via 6c445a9 docs: update the manpage of vfs_shadow_copy2 via cc04429 s3:modules:shadow_copy2: remove redundant documentation comment block via aca395e s3:modules:shadow_copy2: improve headline comment via c949684 s3:module:shadow_copy2: add my (C) via 4f0111f shadow_copy2: use stored mount_point instead of recalculating. via 497aff7 shadow_copy2: improve debug in shadow_copy2_convert() in snapdirseverywhere mode via a8378b0 shadow_copy2: fix shadow_copy2_convert() in the classical case. via 39e8999 shadow_copy2: add some blank lines for visual separation to shadow_copy2_convert() via eb31ad9 shadow_copy2: initialize converted string to null in shadow_copy2_convert() via 4693fb1 shadow_copy2: fix shadow_copy2_strip_snapshot() in the classical case via cbebc8f shadow_copy2: add some debug to shadow_copy2_strip_snapshot() via 151774e shadow_copy2: add comments explaining decisions in shadow_copy2_strip_snapshot() via 9ca7ac7 shadow_copy2: introduce shadow_copy2_snapshot_path() via bcbfdf9 shadow_copy2: factor shadow_copy2_posix_gmt_string() out of shadow_copy2_insert_string() via b4d54ac shadow_copy2: shadow_copy2_insert_string(): do not prepend a / in absolute mode via 7c14f34 shadow_copy2: make shadow_copy2_find_snapdir() return const char * via 1ca532a shadow_copy2: in the classical case, use configured path in shadow_copy2_find_snapdir() via 8422130 shadow_copy2: implement disk_free via c4b12f3 shadow_copy2: log resulting config at the end of shadow_copy2_connect() via be89e66 shadow_copy2: add snapshot_basepath to the config. via ce9a972 shadow_copy2: add rel_connectpath to config. via 36333db shadow_copy2: introduce shadow:mountpoint option via 799c1d5 shadow_copy2: re-add the basedir option. via 315f913 shadow_copy2: disable snapdir:crossmountpoints if the snapdir is absolute. via 47416db shadow_copy2: introduce the bool snapdir_absolute in the config. via 9e288fa shadow_copy2: introduce config struct and function shadow_copy2_connect() via 09aa316 shadow_copy2: add comment explaining the SMB level GMT format pattern via df3ff47 shadow_copy2: add comment block explaining shadow_copy2_convert() via 9adcb5b shadow_copy2: add comment block explaining shadow_copy2_insert_string() via f8fd361 shadow_copy2: add comment block explaining shadow_copy2_find_snapdir() via b338605 shadow_copy2: add header comment explaining have_snapdir() via 4135afc shadow_copy2: add comment header describing shadow_copy2_strip_snapshot() via 6fe4ae3 shadow_copy2: break overly long lines in shadow_copy2_snapshot_to_gmt() from a70f5d3 s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0ce1612f02a9e348e234dcdb20858fb6db11c785 Author: Michael Adam ob...@samba.org Date: Wed Dec 11 09:41:38 2013 +0100 shadow_copy2: add a comment explaining why we don't talloc_zero_array(). Since I stumbled over this slighly sublte point, I thought it is worthwile to point it our in a comment. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Wed Dec 11 19:55:20 CET 2013 on sn-devel-104 (cherry picked from commit 27baff0ec96cded0446ecd7739e9d31aaeb90868) The last 36 patches address bug #10259 - shadow_copy2 module Previous Version not working in Windows 7. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Jan 13 12:13:18 CET 2014 on sn-devel-104 commit d06f278ce78e9ea6a48a31cbeb83c6b8c0a93f4a Author: Michael Adam ob...@samba.org Date: Wed Dec 11 09:34:47 2013 +0100 shadow_copy2: revert expensive and unnecessary zero-initialization I was being overly cautious. This is initialization is not necessary, since further down in the for-loop, the memory always gets fully initialized because the insert string is inserted at various slash positions. So this talloc_zero_array can be skipped: this an expensive thing to do in virtually every VFS call. This essentially reverts commit 249e9b4a34d8959bd94735c1921ecfc24d6a2705. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a70f5d3 s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(). via 28e45f5 s3: winbindd: Move the logic of whether to set 'domain-primary' into add_trusted_domain(). from f0d454d s3:winbindd fix use of uninitialized variables http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a70f5d36ac0d28f9eb4ea3e92483684c8da67a67 Author: Jeremy Allison j...@samba.org Date: Mon Jan 6 15:22:59 2014 -0800 s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(). Ensure it only gets called when a new domain is allocated and added to the list. This should fix problems with the previous logic where setup_domain_child() was called in places where an existing domain was returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104 (cherry picked from commit ca931e460460ffe46735f98b31db47220772d566) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jan 10 11:45:03 CET 2014 on sn-devel-104 commit 28e45f56e818bd7821da9ac2e9500c3a8045aa42 Author: Jeremy Allison j...@samba.org Date: Mon Jan 6 15:15:37 2014 -0800 s3: winbindd: Move the logic of whether to set 'domain-primary' into add_trusted_domain(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit cfa6a36467f5679a88e49419e8af32b724c242bd) --- Summary of changes: source3/winbindd/winbindd_util.c | 73 - 1 files changed, 32 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 6e13ca8..2621722 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid) } -/* Add a trusted domain to our list of domains */ +/* Add a trusted domain to our list of domains. + If the domain already exists in the list, + return it and don't re-initialize. */ + static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, struct winbindd_methods *methods, const struct dom_sid *sid) @@ -99,6 +102,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *idmap_config_option; const char *param; const char **ignored_domains, **dom; + int role = lp_server_role(); ignored_domains = lp_parm_string_list(-1, winbind, ignore domains, NULL); for (dom=ignored_domains; dom *dom; dom++) { @@ -146,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const if (domain != NULL) { /* -* We found a match. Possibly update the SID +* We found a match on domain-name or +* domain-alt_name. Possibly update the SID +* if the stored SID was the NULL SID +* and return the matching entry. */ if ((sid != NULL) dom_sid_equal(domain-sid, global_sid_NULL)) { @@ -192,6 +199,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const sid_copy(domain-sid, sid); } + /* Is this our primary domain ? */ + if (strequal(domain_name, get_global_sam_name()) + (role != ROLE_DOMAIN_MEMBER)) { + domain-primary = true; + } else if (strequal(domain_name, lp_workgroup()) + (role == ROLE_DOMAIN_MEMBER)) { + domain-primary = true; + } + /* Link to domain list */ DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *); @@ -228,6 +244,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const done: + setup_domain_child(domain); + DEBUG(2,(Added domain %s %s %s\n, domain-name, domain-alt_name, domain-sid?sid_string_dbg(domain-sid):)); @@ -301,7 +319,6 @@ static void trustdom_list_done(struct tevent_req *req) while ((p != NULL) (*p != '\0')) { char *q, *sidstr, *alt_name; struct dom_sid sid; - struct winbindd_domain *domain;
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 7701a42 VERSION: Bump version number up to 4.0.15... via 2b2ec18 VERSION: Disable git snapshots for the 4.0.14 release. via 65e6f29 WHATSNEW: Add release notes for Samba 4.0.14. from bdafdcb ldb: bad if test in ldb_comparison_fold() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7701a42c111ecac2eaa7e1bb5acadded31678b81 Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 31 20:31:30 2013 +0100 VERSION: Bump version number up to 4.0.15... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 2b2ec186aa3fc6214c557b6770b68fd330852240 Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 31 20:30:34 2013 +0100 VERSION: Disable git snapshots for the 4.0.14 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit 65e6f29a5542c0c05f91b354097e7753df938660 Author: Karolin Seeger ksee...@samba.org Date: Sat Jan 4 20:19:14 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.14. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 81 - 2 files changed, 80 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3b27e8c..a988145 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=14 +SAMBA_VERSION_RELEASE=15 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 50ba8aa..661cf51 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,81 @@ == + Release Notes for Samba 4.0.14 + January 7, 2014 + == + + +This is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.14 include: + +o Fix segfault in smbd (bug #10284). +o Fix SMB2 server panic when a smb2 brlock times out (bug #10311). + + +Changes since 4.0.13: +- + +o Jeremy Allison j...@samba.org +* BUG 9870: smbd: Allow updates on directory write times on open handles. +* BUG 10297: smbd: Fix writing to a directory with -wx permissions + on a share. +* BUG 10305: ldb: Fix bad if test in ldb_comparison_fold(). +* BUG 10320: s3:smbpasswd: Fix crashes on invalid input. + + +o David Disseldorp dd...@samba.org +* BUG 10271: Send correct job-ID in print job notifications. + + +o Volker Lendecke v...@samba.org +* BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel. +* BUG 10284: smbd: Fix segfault. +* BUG 10297: smbd: Fix writing to a directory with -wx permissions + on a share. +* BUG 10311: Fix SMB2 server panic when a smb2 brlock times out. + + +o Stefan Metzmacher me...@samba.org +* BUG 10298: Reduce smb2_server processing overhead. +* BUG 10330: s3:configure: Require tevent = 0.9.18 as external library. + + +o Arvid Requate requ...@univention.de +* BUG 10267: spoolss: Accept XPS_PASS datatype used by Windows 8. + + +o Christof Schmitt c...@samba.org +* BUG 10310: Fix AIO with SMB2 and locks. + + +o Andreas Schneider a...@samba.org +* BUG 2191: Fix substution of %G/%g in 'template * homedir'. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.0.13 December 9, 2013 == @@ -88,8 +165,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow:
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f0d454d s3:winbindd fix use of uninitialized variables from 7701a42 VERSION: Bump version number up to 4.0.15... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f0d454d768a4b4e91dbea8c920d0fe0293c3167c Author: Christian Ambach a...@samba.org Date: Mon Sep 16 13:18:17 2013 +0200 s3:winbindd fix use of uninitialized variables Bug: https://bugzilla.samba.org/show_bug.cgi?id=10280 Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 7393781a57891687b464762b0954e6c936f750bb) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jan 7 12:25:51 CET 2014 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_cache.c | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index c463780..34319df 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -2120,6 +2120,19 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, old_status) { have_mapped = have_unmapped = false; + *names = talloc_array(mem_ctx, char *, num_rids); + if (*names != NULL) { + result = NT_STATUS_NO_MEMORY; + goto error; + } + + *types = talloc_array(mem_ctx, enum lsa_SidType, + num_rids); + if (*types != NULL) { + result = NT_STATUS_NO_MEMORY; + goto error; + } + for (i=0; inum_rids; i++) { struct dom_sid sid; struct cache_entry *centry; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via bdafdcb ldb: bad if test in ldb_comparison_fold() via 5b9e579 s3: smbpasswd - fix crashes on invalid input. via 64302c1 s3:configure: require tevent = 0.9.18 as external library from eca8433 smbtorture: New torture test for bug #9870. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit bdafdcbdf40f9bf814f9e3fbec9d32a13d0ef92e Author: Jeremy Allison j...@samba.org Date: Fri Dec 6 15:58:02 2013 -0800 ldb: bad if test in ldb_comparison_fold() Found by David Binderman dcb...@hotmail.com BUG: https://bugzilla.samba.org/show_bug.cgi?id=10305 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Sat Dec 7 11:10:47 CET 2013 on sn-devel-104 Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sat Dec 28 23:21:12 CET 2013 on sn-devel-104 commit 5b9e5793dfb6ff7111f4096d5c290af634f0714c Author: Jeremy Allison j...@samba.org Date: Thu Dec 12 09:37:25 2013 -0800 s3: smbpasswd - fix crashes on invalid input. get_pass can return NULL on error. Ensure that this is always the case and fix all callers to cope (some already did). Reported by Joonas Kuorilehto jones...@codenomicon.com BUG: https://bugzilla.samba.org/show_bug.cgi?id=10320 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Dec 16 15:17:58 CET 2013 on sn-devel-104 (cherry picked from commit ef5a3bedab74420baf0c653cf8e304fe6c2a13b4) commit 64302c156019647828553598917136ae509ac315 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 17 12:57:53 2013 +0100 s3:configure: require tevent = 0.9.18 as external library 0.9.16 might be enough, but this matches the waf build. So 0.9.18 is less likely to produce regressions in the future. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10330 Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/ldb/common/attrib_handlers.c |2 +- source3/configure.in |2 +- source3/utils/net.c |5 + source3/utils/passwd_util.c | 14 +- source3/utils/smbpasswd.c| 14 ++ 5 files changed, 30 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c index daeb422..4b94d39 100644 --- a/lib/ldb/common/attrib_handlers.c +++ b/lib/ldb/common/attrib_handlers.c @@ -254,7 +254,7 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, if (n2 == 0 n1 != 0) { return (int)toupper(*s1); } - if (n2 == 0 n2 == 0) { + if (n1 == 0 n2 == 0) { return 0; } return (int)toupper(*s1) - (int)toupper(*s2); diff --git a/source3/configure.in b/source3/configure.in index f5487c3..f4403e1 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1873,7 +1873,7 @@ AC_ARG_ENABLE(external_libtevent, if test x$enable_external_libtevent != xno then - PKG_CHECK_MODULES(LIBTEVENT, tevent = 0.9.11, + PKG_CHECK_MODULES(LIBTEVENT, tevent = 0.9.18, [ enable_external_libtevent=yes ], [ if test x$enable_external_libtevent = xyes; then AC_MSG_ERROR([Unable to find libtevent]) diff --git a/source3/utils/net.c b/source3/utils/net.c index eccb522..a31214f 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -105,6 +105,11 @@ static int net_changesecretpw(struct net_context *c, int argc, } trust_pw = get_pass(_(Enter machine password: ), c-opt_stdin); + if (trust_pw == NULL) { + d_fprintf(stderr, + _(Error in reading machine password\n)); + return 1; + } if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { d_fprintf(stderr, diff --git a/source3/utils/passwd_util.c b/source3/utils/passwd_util.c index 293f163..6bc2d60 100644 --- a/source3/utils/passwd_util.c +++ b/source3/utils/passwd_util.c @@ -42,11 +42,12 @@ char *stdin_new_passwd( void) * the newline that ends the password, then replace the newline with * a null terminator. */ - if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { - if ((len = strlen(new_pw)) 0) { - if(new_pw[len-1] == '\n') -
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 717edc2 smbd: Fix a panic when a smb2 brlock times out via e533a99 selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file via 5b0b88d selftest: Run smb2.lock tests also against AIO share via 009d5aa selftest: Introduce share for testing AIO via 5c99489 s3: Return correct error code from SMB2 AIO read failure via c36bda8 s3-aio: Use correct locking context for SMB2 via 9c622f0 s3:smb2_server: avoid calling set_current_user_info() for each request via 83f3344 s3:smb2_server: generate a header blob for the sendfile path via 3efa732 s3:smb2_server: allocate smbd_smb2_request on talloc_tos() via 6d4df0f s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue() via e2169a7 s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly via 8b72512 s3:smb2_server: fix drain_socket error handling via fe04555 smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open. via b1fb353 smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE via 790a3b2 smbd: Fix regression for the dropbox case. from db8b33d VERSION: Bump version up to 4.0.14 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 717edc25b21ed03acf07b704aae9d6c2a81bc73e Author: Volker Lendecke v...@samba.org Date: Thu Dec 5 15:50:58 2013 +0100 smbd: Fix a panic when a smb2 brlock times out Found by Peter Somogyi. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Dec 5 21:21:35 CET 2013 on sn-devel-104 Fix bug #10311 - SMB2 server can panic when a smb2 brlock times out. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Dec 10 15:06:45 CET 2013 on sn-devel-104 commit e533a998539d449f085b38e8c621b2db377d3e06 Author: Christof Schmitt c...@samba.org Date: Thu Dec 5 15:53:47 2013 -0700 selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file This test demonstrates a problem with byte range locks and AIO. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Dec 6 05:19:37 CET 2013 on sn-devel-104 (cherry picked from commit 8c3bf7b84950fbb0305bcccd49ecfc202e08901a) The last 5 patches address bug #10310 - Fix AIO with SMB2 and locks. commit 5b0b88ddaff7d6d3e276fce4285d146aac17ca42 Author: Christof Schmitt c...@samba.org Date: Thu Dec 5 15:22:13 2013 -0700 selftest: Run smb2.lock tests also against AIO share Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit d551d5256f9b1ca57b8018d816ea665c9b847ced) commit 009d5aa44e2c95dbe27addf32b683cd8e8952fcf Author: Christof Schmitt c...@samba.org Date: Thu Dec 5 15:20:06 2013 -0700 selftest: Introduce share for testing AIO Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 63727c15450e1db2be49ade758c369aa4599657a) commit 5c994896d2fa4010297b6cde53a158c797a44bd1 Author: Christof Schmitt c...@samba.org Date: Thu Dec 5 16:20:26 2013 -0700 s3: Return correct error code from SMB2 AIO read failure This is similar to commit 27e20d5d60ea8aa526bcb7c2dfc18dd2de0bb97b which fixed the same case for SMB2 writes: When sending the AIO read fails, return the real error instead of mapping it to NT_STATUS_FILE_CLOSED. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit eadb2a54d1733a482999eb770182156dad1e184d) commit c36bda8872b9a62b64de6f2f5c7486895dc5634c Author: Christof Schmitt c...@samba.org Date: Thu Dec 5 15:57:54 2013 -0700 s3-aio: Use correct locking context for SMB2 The synchronous SMB2 reads and writes use open_persistent_id. The AIO codepathes have to use the same, otherwise a write will conflict with a lock on the same open file. Signed-off-by: Christof Schmitt c...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit dfef0701c398982226dde8a8e15ff97bba0fef53) commit 9c622f082bb983179666263f77b3ecfb08d24915 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 19 05:21:05 2013 +0100 s3:smb2_server: avoid calling set_current_user_info() for each request Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): Stefan
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via eca8433 smbtorture: New torture test for bug #9870. via df348b8 smbd - allow updates on directory write times on open handles. from 717edc2 smbd: Fix a panic when a smb2 brlock times out http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit eca84335d65299553993c0cb282186f76072dfab Author: Jeremy Allison j...@samba.org Date: Tue Dec 3 17:26:26 2013 -0800 smbtorture: New torture test for bug #9870. Not fetching the latest modification time on a folder if we have read locks on it. Prove we should just rely on the mtime value from the underlying filesystem, even with an open handle. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Thu Dec 5 10:05:06 CET 2013 on sn-devel-104 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870 Not fetching the latest modification time on a folder if we have read locks on it. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Dec 10 20:24:01 CET 2013 on sn-devel-104 commit df348b8d6b571f3f72ccd6ef3248eb63fd9b02b9 Author: Jeremy Allison j...@samba.org Date: Tue Dec 3 17:22:19 2013 -0800 smbd - allow updates on directory write times on open handles. If we set a non-null 'old timestamp' in the share mode database when creating a directory handle, this prevents mtime (write time) updates from being seen by clients, as we will always return the timestamp stored in the database whilst the handle is open. For files this is ok, as we update the stored timestamp ourselves when we write to the handle. For directories we should just rely on the mtime value from the underlying filesystem. Torture test to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: selftest/knownfail |1 + source3/smbd/open.c|9 +++- source4/torture/basic/delaywrite.c | 95 3 files changed, 104 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index e393635..1889a6e 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -116,6 +116,7 @@ ^samba4.*base.delaywrite.*delayed update of write time 3c\(.*\)$ ^samba4.*base.delaywrite.*update of write time using SET_END_OF_FILE\(.*\)$ ^samba4.*base.delaywrite.*update of write time using SET_ALLOCATION_SIZE\(.*\)$ +^samba4.*base.delaywrite.*directory timestamp update test\(.*\)$ ^samba4.ldap.python \(dc\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID\(.*\)$ # some operations don't work over the CIFS NTVFS backend yet (eg. root_fid) ^samba4.ntvfs.cifs.*.base.createx_sharemodes_dir diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0282722..a41d3d5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3154,7 +3154,14 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } - mtimespec = smb_dname-st.st_ex_mtime; + /* Don't store old timestamps for directory + handles in the internal database. We don't + update them in there if new objects + are creaded in the directory. Currently + we only update timestamps on file writes. + See bug #9870. + */ + ZERO_STRUCT(mtimespec); #ifdef O_DIRECTORY status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0); diff --git a/source4/torture/basic/delaywrite.c b/source4/torture/basic/delaywrite.c index 15482d8..90ad667 100644 --- a/source4/torture/basic/delaywrite.c +++ b/source4/torture/basic/delaywrite.c @@ -3059,6 +3059,100 @@ static bool test_delayed_write_update7(struct torture_context *tctx, struct smbc } /* + Test if creating a file in a directory with an open handle updates the + write timestamp (it should). +*/ +static bool test_directory_update8(struct torture_context *tctx, struct smbcli_state *cli) +{ + union smb_fileinfo dir_info1, dir_info2; + union smb_open open_parms; + const char *fname = BASEDIR \\torture_file.txt; + NTSTATUS status; + int fnum1 = -1; + int fnum2 = -1; + bool ret = true; + int used_delay = torture_setting_int(tctx, writetimeupdatedelay, 200); + int normal_delay = 200; + double sec = ((double)used_delay) / ((double)normal_delay); + int msec = 1000 * sec; + TALLOC_CTX
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via db8b33d VERSION: Bump version up to 4.0.14 via d580670 Merge tag 'samba-4.0.13' into v4-0-test via b0574ae VERSION: Disable git snapshots for the 4.0.13 release. via 73546c1 WHATSNEW: Add release notes for Samba 4.0.13. via c114323 CVE-2012-6150: fail authentication for single group name which cannot be converted to sid via 09060b5 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via d6a4813 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via acab72e CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via dd126bf CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via f1e2d2d CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() via b705738 CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via 29bd4d1 CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 06b043c CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via 05cd093 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via 53afd58 CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via 0703abf CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 654b02e CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via 2da4314 CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 7eb27f2 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via 9d994c2 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via e209606 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() via 0ba9d8f VERSION: Bump version number up to 4.0.13... from c880a38 smbd: Fix bug 10284 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit db8b33d99eeb2c75724f58e7e87c3f36d9405012 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:09:02 2013 +0100 VERSION: Bump version up to 4.0.14 Signed-off-by: Karolin Seeger ksee...@samba.org commit d580670ebacacac8fbcaf1f0dce93b56868643af Merge: c880a384a9063cb970483185dc114792a75eaeae b0574ae788d3379915996fb5bd0db2721f0634cd Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:08:22 2013 +0100 Merge tag 'samba-4.0.13' into v4-0-test samba: tag release samba-4.0.13 --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 97 ++- lib/async_req/async_sock.c |5 ++ libcli/util/tstream.c |5 ++ librpc/rpc/dcerpc_util.c| 14 nsswitch/libwbclient/wbc_sid.c |7 ++ nsswitch/pam_winbind.c |6 ++ nsswitch/wbinfo.c | 23 ++- source3/lib/ctdb_conn.c |5 ++ source3/lib/netapi/group.c | 98 +++ source3/lib/netapi/localgroup.c |8 ++- source3/lib/netapi/user.c | 72 source3/lib/util_tsock.c|5 ++ source3/libnet/libnet_join.c| 16 + source3/librpc/rpc/dcerpc_helpers.c |4 + source3/rpc_client/cli_lsarpc.c | 35 +- source3/rpc_client/cli_pipe.c | 41 +-- source3/rpc_server/netlogon/srv_netlog_nt.c |2 +- source3/rpcclient/cmd_lsarpc.c | 13 +++- source3/rpcclient/cmd_samr.c| 66 ++- source3/smbd/lanman.c |8 ++ source3/utils/net_rpc.c | 47 - source3/utils/net_rpc_join.c|9 +++ source3/winbindd/wb_lookupsids.c|3 + source3/winbindd/winbindd_msrpc.c | 10 ++- source3/winbindd/winbindd_rpc.c | 54 +++ source4/libcli/util/clilsa.c| 22 ++- source4/libnet/groupinfo.c |9 ++- source4/libnet/groupman.c | 10 ++-- source4/libnet/libnet_join.c| 12 +++- source4/libnet/libnet_lookup.c |5 ++ source4/libnet/libnet_passwd.c | 10 +++- source4/libnet/userinfo.c |8 ++- source4/libnet/userman.c| 24 +++ source4/librpc/rpc/dcerpc.c |4 +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c880a38 smbd: Fix bug 10284 from 9ad3d28 printing: always store sytem job-ID in queue state http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c880a384a9063cb970483185dc114792a75eaeae Author: Volker Lendecke v...@samba.org Date: Thu Nov 21 21:05:29 2013 +0100 smbd: Fix bug 10284 If we msg_read_send on a nonempty channel, we create one tevent_immediate. If we directly receive another message and from within the msg_read_send's tevent_req callback we immediately do another msg_read_send, we end up with two tevent_immediate events for msg_channel_trigger with just one incoming message. Test to follow. This patch simplifies msg_channel.c by removing the explicit immediate events. Instead, it relies on the implicit immediate event available via tevent_req_defer_callback. For messages received from tdb with a msg_read_send req pending, we directly finish that request without putting the message on the queue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10284 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 6b6920b02905661ae661a894e3bd8d2c744d7003) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Nov 28 13:15:20 CET 2013 on sn-devel-104 --- Summary of changes: source3/lib/msg_channel.c | 100 ++--- 1 files changed, 31 insertions(+), 69 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/msg_channel.c b/source3/lib/msg_channel.c index 1a30472..5f6ddeb 100644 --- a/source3/lib/msg_channel.c +++ b/source3/lib/msg_channel.c @@ -41,9 +41,6 @@ static void msg_channel_init_got_ctdb(struct tevent_req *subreq); static void msg_channel_init_got_msg(struct messaging_context *msg, void *priv, uint32_t msg_type, struct server_id server_id, DATA_BLOB *data); -static void msg_channel_trigger(struct tevent_context *ev, - struct tevent_immediate *im, - void *priv); static int msg_channel_destructor(struct msg_channel *s); struct tevent_req *msg_channel_init_send(TALLOC_CTX *mem_ctx, @@ -157,6 +154,12 @@ fail: return err; } +struct msg_read_state { + struct tevent_context *ev; + struct msg_channel *channel; + struct messaging_rec *rec; +}; + static void msg_channel_init_got_msg(struct messaging_context *msg, void *priv, uint32_t msg_type, struct server_id server_id, @@ -167,7 +170,6 @@ static void msg_channel_init_got_msg(struct messaging_context *msg, struct messaging_rec *rec; struct messaging_rec **msgs; size_t num_msgs; - struct tevent_immediate *im; rec = talloc(s, struct messaging_rec); if (rec == NULL) { @@ -184,6 +186,19 @@ static void msg_channel_init_got_msg(struct messaging_context *msg, } rec-buf.length = data-length; + if (s-pending_req != NULL) { + struct tevent_req *req = s-pending_req; + struct msg_read_state *state = tevent_req_data( + req, struct msg_read_state); + + s-pending_req = NULL; + + state-rec = talloc_move(state, rec); + tevent_req_defer_callback(req, s-ev); + tevent_req_done(req); + return; + } + num_msgs = talloc_array_length(s-msgs); msgs = talloc_realloc(s, s-msgs, struct messaging_rec *, num_msgs+1); if (msgs == NULL) { @@ -192,28 +207,11 @@ static void msg_channel_init_got_msg(struct messaging_context *msg, s-msgs = msgs; s-msgs[num_msgs] = talloc_move(s-msgs, rec); - if (s-pending_req == NULL) { - return; - } - - im = tevent_create_immediate(s); - if (im == NULL) { - goto fail; - } - tevent_schedule_immediate(im, s-ev, msg_channel_trigger, s); return; fail: TALLOC_FREE(rec); } -struct msg_read_state { - struct tevent_context *ev; - struct tevent_req *req; - struct msg_channel *channel; - struct messaging_rec *rec; -}; - -static int msg_read_state_destructor(struct msg_read_state *s); static void msg_read_got_ctdb(struct tevent_req *subreq); struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx, @@ -221,7 +219,6 @@ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx, struct msg_channel *channel) { struct tevent_req *req; - struct tevent_immediate *im; struct msg_read_state *state;
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 9ad3d28 printing: always store sytem job-ID in queue state via 0fa726b spoolss: return the spoolss job ID in notifications via 68f0047 s3-winbind: Pass the group name to fillup_pw_field(). via ff8c218 s3-lib: Add grpname to talloc_sub_specified(). from be0a7af spoolss: accept XPS_PASS datatype used by Windows 8 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 9ad3d28ab37b49fb9297c6bef7fad265edd1b599 Author: David Disseldorp dd...@samba.org Date: Fri Oct 18 13:09:23 2013 +0200 printing: always store sytem job-ID in queue state Print jobs have multiple identifiers: the regular spoolss jobid, which is allocated by spoolss on job submission, and the system jobid, which is assigned by the printing back-end. Currently these identifiers are incorrectly mixed in print job queue tracking. Fix this by ensuring that only the system jobid is stored in the print queue state structure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon Nov 18 18:03:41 CET 2013 on sn-devel-104 (cherry picked from commit b7da5a5b00f6c78e41279415e33c091dcc0a773b) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Nov 26 22:34:24 CET 2013 on sn-devel-104 commit 0fa726b270607ea79cd38401e2c204a36c331d7a Author: David Disseldorp dd...@samba.org Date: Thu Sep 19 20:31:37 2013 -0700 spoolss: return the spoolss job ID in notifications Print job notifications currently carry the system print job identifier from the queue structure. Instead, the spoolss job identifier should be resolved and returned. Print clients can use notification job-ids in subsequent spoolss SetJob requests. Returning an incorrect identifier can result in the failure of such requests, e.g. spoolss_SetJob(SPOOLSS_JOB_CONTROL_DELETE). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org (cherry picked from commit 24d025f85d6eea272bff5e1040d4fd2ba0e6b8f3) commit 68f00471a945ccc9c58120db90eeb475e04a0c90 Author: Andreas Schneider a...@samba.org Date: Mon Nov 18 14:58:14 2013 +0100 s3-winbind: Pass the group name to fillup_pw_field(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104 (cherry picked from commit 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a) commit ff8c2181af02caa574be96757b02bb2e50d89a62 Author: Andreas Schneider a...@samba.org Date: Mon Nov 18 14:58:04 2013 +0100 s3-lib: Add grpname to talloc_sub_specified(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 6366ebb79bb72d9dcb12f8fe8d6e35611fcff150) --- Summary of changes: source3/include/printing.h |1 + source3/include/proto.h |1 + source3/lib/substitute.c| 31 +-- source3/passdb/passdb.c |8 ++-- source3/passdb/pdb_ldap.c | 24 - source3/printing/printing.c | 45 source3/rpc_server/spoolss/srv_spoolss_nt.c | 32 ++-- source3/torture/torture.c |2 +- source3/utils/net_sam.c |2 + source3/winbindd/wb_fill_pwent.c| 73 --- 10 files changed, 147 insertions(+), 72 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/printing.h b/source3/include/printing.h index 391fb7a..ec5a53b 100644 --- a/source3/include/printing.h +++ b/source3/include/printing.h @@ -193,6 +193,7 @@ uint16_t print_spool_rap_jobid(struct print_file_data *print_file); /* The following definitions come from printing/printing.c */ +uint32 sysjob_to_jobid_pdb(struct tdb_print_db *pdb, int sysjob); uint32 sysjob_to_jobid(int unix_jobid); bool print_notify_register_pid(int snum); bool print_notify_deregister_pid(int snum); diff --git a/source3/include/proto.h
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via be0a7af spoolss: accept XPS_PASS datatype used by Windows 8 via 7dbcb14 smbd: Fix a talloc hierarchy problem in msg_channel from 59da16e VERSION: Bump version number up to 4.0.13... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit be0a7af9b3a216dd8a29e08b99ca71577a47560e Author: Arvid Requate requ...@univention.de Date: Thu Nov 21 12:35:20 2013 +0100 spoolss: accept XPS_PASS datatype used by Windows 8 The new v4 driver model used in Windows 8 declares print jobs intended to bypass the XPS processing layer by setting datatype to XPS_PASS instead of RAW. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267 Reviewed-by: David Disseldorp dd...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit b2815b4c8c3e436a79fb7f07be285a417fd6e8cb) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Nov 22 13:47:19 CET 2013 on sn-devel-104 commit 7dbcb14e75740fd7793473d5b8b1db5ab0639c43 Author: Volker Lendecke v...@samba.org Date: Thu Nov 14 21:30:49 2013 +0100 smbd: Fix a talloc hierarchy problem in msg_channel When tearing down a watch_send with an open tevent_immediate, we talloc_free the msg_channel while the tevent_immediate still references it. Don't make the tevent_immediate outlive the msg_channel. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10250 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Nov 20 00:13:51 CET 2013 on sn-devel-104 (cherry picked from commit 2d91577f984bc83c2c87141cfdda87d068060b32) --- Summary of changes: source3/lib/msg_channel.c |2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c |8 +++- 2 files changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/msg_channel.c b/source3/lib/msg_channel.c index c68c11e..1a30472 100644 --- a/source3/lib/msg_channel.c +++ b/source3/lib/msg_channel.c @@ -244,7 +244,7 @@ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx, num_msgs = talloc_array_length(channel-msgs); if (num_msgs != 0) { - im = tevent_create_immediate(channel-ev); + im = tevent_create_immediate(channel); if (tevent_req_nomem(im, req)) { return tevent_req_post(req, ev); } diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 9ecf191..fa5f022 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -5771,7 +5771,13 @@ WERROR _spoolss_StartDocPrinter(struct pipes_struct *p, */ if (info_1-datatype) { - if (strcmp(info_1-datatype, RAW) != 0) { + /* +* The v4 driver model used in Windows 8 declares print jobs +* intended to bypass the XPS processing layer by setting +* datatype to XPS_PASS instead of RAW. +*/ +if ((strcmp(info_1-datatype, RAW) != 0) + (strcmp(info_1-datatype, XPS_PASS) != 0)) { *r-out.job_id = 0; return WERR_INVALID_DATATYPE; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 59da16e VERSION: Bump version number up to 4.0.13... via 430c74f VERSION: Disable git snapshots for the 4.0.12 release. via a60c24e WHATSNEW: Add release notes for Samba 4.0.12. from c35f22e util: Remove 32bit macros breaking strict aliasing. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 59da16e6751fc67a4e24b71851d0e49cb708bd77 Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 18 10:30:36 2013 +0100 VERSION: Bump version number up to 4.0.13... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 430c74f5b58e7054ded963bd3dc8cc4b5f7b1cd2 Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 18 10:29:58 2013 +0100 VERSION: Disable git snapshots for the 4.0.12 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit a60c24e4ea73e99f6f14832201fbbf45a90f0c3b Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 18 10:28:36 2013 +0100 WHATSNEW: Add release notes for Samba 4.0.12. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 85 - 2 files changed, 84 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 576d58f..0639a26 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 20b6e7f..3ae3b2f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,85 @@ == + Release Notes for Samba 4.0.12 + November 19, 2013 + == + + +This is is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.12 include: + +o RW Deny for a specific user is not overriding RW Allow for a group (bug + #10196) + + +Changes since 4.0.11: +- + +o Jeremy Allison j...@samba.org +* BUG 10187: Missing talloc_free can leak stackframe in error path. +* BUG 10196: RW Deny for a specific user is not overriding RW Allow for a + group. + + +o Andrew Bartlett abart...@samba.org +* BUG 10052: Use dsdb_search_one to catch 0 results as well as + NO_SUCH_OBJECT errors. + + +o Samuel Cabrero scabr...@zentyal.com +* BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled. + + +o Günther Deschner g...@samba.org +* BUG 10264: s3-winbind: Fix cache_traverse_validate_fn failure for NDR + cache entries. + + +o Björn Jacke b...@sernet.de +* BUG 10247: xattr: Fix listing EAs on *BSD for non-root users. + + +o Volker Lendecke v...@samba.org +* BUG 10195: nsswitch: Fix short writes in winbind_write_sock. + + +o Stefan Metzmacher me...@samba.org +* BUG 9905: ldap_server: Register name and pid at startup. +* BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'. +* BUG 10232: libcli/smb: fix smb2cli_ioctl*() against Windows 2008. + + +o Andreas Schneider a...@samba.org +* BUG 10132: pam_winbindd: Add support for the KEYRING ccache type. +* BUG 10194: winbind: Offline logon cache not updating for cross child + domain group membership. +* BUG 10269: util: Remove 32bit macros breaking strict aliasing. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.0.11 November 11, 2013 == @@ -68,8 +149,8 @@ database (https://bugzilla.samba.org/).
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c35f22e util: Remove 32bit macros breaking strict aliasing. via ce12995 s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries. from e76556d Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c35f22eba75c42d544d8f9db03feb2a878e4d232 Author: Andreas Schneider a...@samba.org Date: Thu Nov 14 18:36:41 2013 +0100 util: Remove 32bit macros breaking strict aliasing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10269 These macros might have worked but they break strict aliasing in the meantime and so the compiler is not able to optimize the relevant code. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Thu Nov 14 23:16:45 CET 2013 on sn-devel-104 (cherry picked from commit af69cb2a78810e608ccff115b433801a58a749e4) Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Nov 15 13:39:05 CET 2013 on sn-devel-104 commit ce12995d4e65e0839b9956b7c2d089b14d6b5cce Author: Günther Deschner g...@samba.org Date: Wed Nov 13 15:10:33 2013 +0100 s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries. We need to increase the keysize limit for NDR queries. A wbint_LookupSids query for just 20 sids already hits the older limit. Guenther https://bugzilla.samba.org/show_bug.cgi?id=10264 Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104 (cherry picked from commit 944e9fbc20f125b52e047484dca1792d75561ed9) --- Summary of changes: lib/util/byteorder.h | 52 +--- source3/winbindd/winbindd_cache.c |3 +- 2 files changed, 4 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h index 6bcf71e..58cd68a 100644 --- a/lib/util/byteorder.h +++ b/lib/util/byteorder.h @@ -35,15 +35,6 @@ Here is a description of this file that I emailed to the samba list once: sure. -The distinction between 386 and other architectures is only there as -an optimisation. You can take it out completely and it will make no -difference. The routines (macros) in byteorder.h are totally byteorder -independent. The 386 optimsation just takes advantage of the fact that -the x86 processors don't care about alignment, so we don't have to -align ints on int boundaries etc. If there are other processors out -there that aren't alignment sensitive then you could also define -CAREFUL_ALIGNMENT=0 on those processors as well. - Ok, now to the macros themselves. I'll take a simple example, say we want to extract a 2 byte integer from a SMB packet and put it into a type called uint16_t that is in the local machines byte order, and you @@ -130,20 +121,6 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val) #define HAVE_ASM_BYTEORDER 0 #endif - - -#undef CAREFUL_ALIGNMENT - -/* we know that the 386 can handle misalignment and has the right - byteorder */ -#if defined(__i386__) -#define CAREFUL_ALIGNMENT 0 -#endif - -#ifndef CAREFUL_ALIGNMENT -#define CAREFUL_ALIGNMENT 1 -#endif - #define CVAL(buf,pos) ((unsigned int)(((const uint8_t *)(buf))[pos])) #define CVAL_NC(buf,pos) (((uint8_t *)(buf))[pos]) /* Non-const version of CVAL */ #define PVAL(buf,pos) (CVAL(buf,pos)) @@ -161,7 +138,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val) #define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val))) #define SIVALS(buf,pos,val) SIVAL((buf),(pos),((int32_t)(val))) -#elif CAREFUL_ALIGNMENT +#else /* not HAVE_ASM_BYTEORDER */ #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)8) #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)16) @@ -174,32 +151,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val) #define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16_t)(val))) #define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32_t)(val))) -#else /* not CAREFUL_ALIGNMENT */ - -/* this handles things for architectures like the 386 that can handle - alignment errors */ -/* - WARNING: This section is dependent on the length of int16_t and int32_t - being correct -*/ - -/* get single value from an SMB buffer */ -#define SVAL(buf,pos) (*(const uint16_t *)((const char *)(buf) + (pos))) -#define SVAL_NC(buf,pos) (*(uint16_t
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e76556d Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group. via 2c2d292 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group. from c87f8ed xattr: fix listing EAs on *BSD for non-root users http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e76556d1c81590839fed5dde4035331a38b36db2 Author: Jeremy Allison j...@samba.org Date: Wed Oct 23 15:06:40 2013 -0700 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group. Fix posix_acl tests to match the change in writing ACLs with ID_TYPE_BOTH. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org (cherry picked from commit a1bc1c32e33508c45e614646d69a5f5d67ba22be) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Nov 14 11:39:10 CET 2013 on sn-devel-104 commit 2c2d292f8b3cd3457815af6db54542ba227eb746 Author: Jeremy Allison j...@samba.org Date: Mon Oct 21 16:59:11 2013 -0700 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group. When the ID returned is ID_TYPE_BOTH we must *always* add it as both a user and a group, not just in the owning case. Otherwise DENY entries are not correctly processed. Confirmed by the reporter as fixing the problem. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10196 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org (cherry picked from commit 14813e74431816cd894fb242ff5633c2cd14ddca) --- Summary of changes: python/samba/tests/posixacl.py | 160 +--- source3/smbd/posix_acls.c | 79 ++-- 2 files changed, 157 insertions(+), 82 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py index 6a234e4..1948e8b 100644 --- a/python/samba/tests/posixacl.py +++ b/python/samba/tests/posixacl.py @@ -319,7 +319,7 @@ class PosixAclMappingTests(TestCaseInTempDir): (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid) self.assertEquals(AU_type, idmap.ID_TYPE_BOTH) -self.assertEquals(posix_acl.count, 9) +self.assertEquals(posix_acl.count, 13) self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[0].a_perm, 7) @@ -335,23 +335,39 @@ class PosixAclMappingTests(TestCaseInTempDir): self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ) self.assertEquals(posix_acl.acl[3].a_perm, 6) -self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ) +self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER) self.assertEquals(posix_acl.acl[4].a_perm, 7) +self.assertEquals(posix_acl.acl[4].info.uid, BA_gid) -self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP) -self.assertEquals(posix_acl.acl[5].a_perm, 5) -self.assertEquals(posix_acl.acl[5].info.gid, SO_gid) +self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP_OBJ) +self.assertEquals(posix_acl.acl[5].a_perm, 7) -self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP) -self.assertEquals(posix_acl.acl[6].a_perm, 7) -self.assertEquals(posix_acl.acl[6].info.gid, SY_gid) +self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_USER) +self.assertEquals(posix_acl.acl[6].a_perm, 5) +self.assertEquals(posix_acl.acl[6].info.uid, SO_gid) self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[7].a_perm, 5) -self.assertEquals(posix_acl.acl[7].info.gid, AU_gid) +self.assertEquals(posix_acl.acl[7].info.gid, SO_gid) -self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK) +self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_USER) self.assertEquals(posix_acl.acl[8].a_perm, 7) +self.assertEquals(posix_acl.acl[8].info.uid, SY_gid) + +self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_GROUP) +self.assertEquals(posix_acl.acl[9].a_perm, 7) +self.assertEquals(posix_acl.acl[9].info.gid, SY_gid) + +self.assertEquals(posix_acl.acl[10].a_type, smb_acl.SMB_ACL_USER) +self.assertEquals(posix_acl.acl[10].a_perm, 5) +self.assertEquals(posix_acl.acl[10].info.uid, AU_gid) + +self.assertEquals(posix_acl.acl[11].a_type, smb_acl.SMB_ACL_GROUP) +self.assertEquals(posix_acl.acl[11].a_perm, 5) +self.assertEquals(posix_acl.acl[11].info.gid, AU_gid) + +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c87f8ed xattr: fix listing EAs on *BSD for non-root users from 0a52101 VERSION: Bump version number up to 4.0.12... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c87f8edd8918546630cbc1b7e02f99f17b782873 Author: Björn Jacke b...@sernet.de Date: Wed Nov 6 12:37:07 2013 +0100 xattr: fix listing EAs on *BSD for non-root users Thanks to Stefan Rompf for reporting. This fixes bug #10247 Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Nov 8 20:43:30 CET 2013 on sn-devel-104 (cherry picked from commit 374b2cfde74e0c61f4b2da724b30d0e430596092) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Nov 12 13:31:21 CET 2013 on sn-devel-104 --- Summary of changes: lib/replace/xattr.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c index a26ff67..459b7f3 100644 --- a/lib/replace/xattr.c +++ b/lib/replace/xattr.c @@ -194,6 +194,10 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg, char *list, size_t size char *buf; /* Iterate through extattr(2) namespaces */ for(t = 0; t ARRAY_SIZE(extattr); t++) { + if (t != EXTATTR_NAMESPACE_USER geteuid() != 0) { + /* ignore all but user namespace when we are not root, see bug 10247 */ + continue; + } switch(type) { #if defined(HAVE_EXTATTR_LIST_FILE) case 0: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0a52101 VERSION: Bump version number up to 4.0.12... via 98712df Merge tag 'samba-4.0.11' into v4-0-test via a8e0112 VERSION: Disable git snapshots for the 4.0.11 release. via 90b9835 WHATSNEW: Add release notes for Samba 4.0.11. via 66fb9ec CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem) via c417cb7 CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600 via c1e106b CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs() via 367f017 CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700 via e74797c CVE-2013-4476: lib-util: split out file_save_mode() from file_save() via 13566a5 CVE-2013-4476: lib-util: add file_check_permissions() via 761096f Add regression test for bug #10229 - No access check verification on stream files. via a6d74c4 Fix bug #10229 - No access check verification on stream files. from de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0a52101416d4a4be75b2515d352137550d04b368 Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 11 11:46:21 2013 +0100 VERSION: Bump version number up to 4.0.12... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 98712df3ddf6cca5614f273eb21336c62a9157f7 Merge: de4e72152d83cf03e86c3531f43a9f2bed4967ac a8e0112c7c540307e263d00306cb06f473547cea Author: Karolin Seeger ksee...@samba.org Date: Mon Nov 11 11:45:52 2013 +0100 Merge tag 'samba-4.0.11' into v4-0-test samba: tag release samba-4.0.11 --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 77 +++- lib/util/samba_util.h | 11 ++ lib/util/util.c| 44 + lib/util/util_file.c | 16 ++- python/samba/provision/__init__.py |2 +- selftest/knownfail |1 + selftest/target/Samba4.pm |6 +- source3/smbd/open.c| 57 +++ source4/lib/tls/tls.c | 17 source4/lib/tls/tls_tstream.c | 16 +++ source4/lib/tls/tlscert.c |2 +- source4/torture/raw/streams.c | 181 13 files changed, 421 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index eb74a75..576d58f 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3b9462b..20b6e7f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,77 @@ == + Release Notes for Samba 4.0.11 + November 11, 2013 + == + + +This is a security release in order to address +CVE-2013-4475 (ACLs are not checked on opening an alternate +data stream on a file or directory) and +CVE-2013-4476 (Private key in key.pem world readable). + +o CVE-2013-4475: + Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying + file or directory ACL when opening an alternate data stream. + + According to the SMB1 and SMB2+ protocols the ACL on an underlying + file or directory should control what access is allowed to alternate + data streams that are associated with the file or directory. + + By default no version of Samba supports alternate data streams + on files or directories. + + Samba can be configured to support alternate data streams by loading + either one of two virtual file system modues (VFS) vfs_streams_depot or + vfs_streams_xattr supplied with Samba, so this bug only affects Samba + servers configured this way. + + To determine if your server is vulnerable, check for the strings + streams_depot or streams_xattr inside your smb.conf configuration + file. + +o CVE-2013-4476: + In setups which provide ldap(s) and/or https services, the private + key for SSL/TLS encryption might be world readable. This typically + happens in active directory domain controller setups. + + +Changes since 4.0.10: +- + +o Jeremy Allison j...@samba.org +* BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream + files. + + +o Björn Baumbach b...@sernet.de +*
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled via c07a730 libcli/smb: fix smb2cli_ioctl*() against Windows 2008. from 8d4f270 nsswitch: Fix short writes in winbind_write_sock http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit de4e72152d83cf03e86c3531f43a9f2bed4967ac Author: Samuel Cabrero scabr...@zentyal.com Date: Thu Oct 24 17:37:06 2013 +0200 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104 (cherry picked from commit d3aee80928dc7ccde9441309bf946c2503f7714a) Part of a fix for bug #9091 - When replicating DNS for bind9_dlz we need to create the server-DNS account remotely. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Nov 7 10:43:12 CET 2013 on sn-devel-104 commit c07a73007198dc51161c73e4a360334bb80b4908 Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 28 15:43:03 2013 +0100 libcli/smb: fix smb2cli_ioctl*() against Windows 2008. The subsections of [MS-SMB2] 3.2.5.14 Receiving an SMB2 IOCTL Response say the client should ignore the InputOffset/InputCount. We do that only if we ask for max_input_length = 0. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104 (cherry picked from commit 127fc670a39d15eaa3869045fca0287ba7df9efa) --- Summary of changes: libcli/smb/smb2cli_ioctl.c | 33 + python/samba/join.py | 11 +++ 2 files changed, 36 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c index 687c9d5..90c3a2c 100644 --- a/libcli/smb/smb2cli_ioctl.c +++ b/libcli/smb/smb2cli_ioctl.c @@ -201,7 +201,21 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq) return; } - if (input_buffer_length dyn_len) { + ofs = input_buffer_length; + ofs = NDR_ROUND(ofs, 8); + + if (state-max_input_length == 0) { + /* +* If max_input_length is 0 we ignore +* the input_buffer_length, because +* Windows 2008 echos the DCERPC request +* from the requested input_buffer +* to the response input_buffer. +*/ + input_buffer_length = 0; + } + + if (input_buffer_length dyn_len) { tevent_req_nterror( req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; @@ -216,8 +230,11 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq) state-out_input_buffer.data = dyn; state-out_input_buffer.length = input_buffer_length; - ofs = input_buffer_length; - ofs = NDR_ROUND(ofs, 8); + if (ofs dyn_len) { + tevent_req_nterror( + req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } dyn_ofs += ofs; dyn += ofs; @@ -231,7 +248,15 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq) return; } - if (output_buffer_length dyn_len) { + if (state-max_output_length == 0) { + /* +* We do the same logic as for +* max_input_length. +*/ + output_buffer_length = 0; + } + + if (output_buffer_length dyn_len) { tevent_req_nterror( req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; diff --git a/python/samba/join.py b/python/samba/join.py index b2f4da4..bdd3629 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -606,15 +606,18 @@ class dc_join(object): DNSNAME : ctx.dnshostname})) for changetype, msg in recs: assert changetype == ldb.CHANGETYPE_NONE +dns_acct_dn = msg[dn] print Adding DNS account %s
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 8d4f270 nsswitch: Fix short writes in winbind_write_sock from a918e7d dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 8d4f2708b77d917b693d361be37cee69eb14e7e4 Author: Volker Lendecke v...@samba.org Date: Tue Oct 15 08:23:10 2013 + nsswitch: Fix short writes in winbind_write_sock We set the socket to nonblocking and don't handle EAGAIN right. We do a poll anyway, so wait for writability, which should fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195 Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit c6909887c26d4e827633acd50b11cf08c6aee0f7) Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Oct 28 14:51:22 CET 2013 on sn-devel-104 --- Summary of changes: nsswitch/wb_common.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c index c56a76f..5fde8d0 100644 --- a/nsswitch/wb_common.c +++ b/nsswitch/wb_common.c @@ -395,9 +395,9 @@ static int winbind_write_sock(void *buffer, int count, int recursing, call would not block by calling poll(). */ pfd.fd = fd; - pfd.events = POLLIN|POLLHUP; + pfd.events = POLLIN|POLLOUT|POLLHUP; - ret = poll(pfd, 1, 0); + ret = poll(pfd, 1, -1); if (ret == -1) { winbind_close_sock(); return -1; /* poll error */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a1d0339 s3-winbind: Send online/offline message of the domain to the parent. via ddd3302 s3-winbind: Register handlers for domain online/offline messages. via 16dcb6c s3-winbind: Add functions for domain online/offline handling. via e052e65 idl: Add a new message for winbind domain states. via 5a65f86 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. via c388828 s4:smb_server: call irpc_add_name() at startup (bug #9905) via 2c6ef14 s4:rpc_server: call irpc_add_name() at startup (bug #9905) via 95d66d0 s4:ldap_server: call irpc_add_name() at startup (bug #9905) from acf4fe4 doc: Update documentation of pam_winbind krb5 support. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a1d0339908ec80d39ba5c6d5a82bc2f39f2ebf39 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:03:32 2013 +0200 s3-winbind: Send online/offline message of the domain to the parent. https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 (cherry picked from commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Oct 14 12:10:14 CEST 2013 on sn-devel-104 commit ddd330241cbea366f1fb8a10fa936091aff185a6 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:02:27 2013 +0200 s3-winbind: Register handlers for domain online/offline messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit fc5941622010843d823b5c245eccc68d1d3bce19) commit 16dcb6cf028e20281db16aab5861cc3f16e74d99 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:01:40 2013 +0200 s3-winbind: Add functions for domain online/offline handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52) commit e052e6587f3270bb186dda4b34cfd8f153cfb055 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 09:15:57 2013 +0200 idl: Add a new message for winbind domain states. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 1a884636542ba0e54c6d209662a5d1613d727a85) commit 5a65f86bf2d43ccb5719a5734ee278e7c5d83921 Author: Jeremy Allison j...@samba.org Date: Tue Oct 8 15:01:38 2013 -0700 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. Fix error path. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104 commit c388828165ce0ab5ae91a656b09c3db99cab5e55 Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:smb_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the smb_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit afb2bcc08489dbece732fc8f842cbd83862320be) commit 2c6ef147c69bb4cb70c237870d650edaebeb0b52 Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:rpc_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 12d9728131afab7fa093a9cd7ccaff076a74f271) commit 95d66d039afae4eef284e3d2d4b20c66ac88f35a Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:ldap_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit a1a4302a4eaf7e210e8084416cd2a0d14384) --- Summary of changes: source3/librpc/idl/messaging.idl |2 + source3/winbindd/winbindd.c |6 +++
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via acf4fe4 doc: Update documentation of pam_winbind krb5 support. via 11a4a64 s3-winbind: Add support for the kernel krb5 keyring buffer. via f91b6c9 s3-winbind: Don't set a default directory for DIR. from 5b0caf4 VERSION: Bump version number up to 4.0.11... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit acf4fe4084eb7e8715bc8ebc18ddf02b05b1ef57 Author: Andreas Schneider a...@samba.org Date: Tue Sep 10 09:43:32 2013 +0200 doc: Update documentation of pam_winbind krb5 support. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Guenther Deschner g...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Tue Sep 10 15:35:20 CEST 2013 on sn-devel-104 The last 3 patches address bug #10132 - pam_winbindd should support the KEYRING ccache type. Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon Oct 7 12:21:29 CEST 2013 on sn-devel-104 (cherry picked from commit 82d6a4354d3b4a6cc9e70ccfb21d7b604bed179b) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Oct 8 13:32:27 CEST 2013 on sn-devel-104 commit 11a4a6474589fc5d3fccd8a645281323f7d252d1 Author: Andreas Schneider a...@samba.org Date: Tue Sep 10 09:30:04 2013 +0200 s3-winbind: Add support for the kernel krb5 keyring buffer. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Guenther Deschner g...@samba.org (cherry picked from commit 5a55cb636fa50e96000ea6a00960cc34e00e26a1) commit f91b6c995e322da9d359437bd114b751ba73a67c Author: Andreas Schneider a...@samba.org Date: Tue Sep 10 09:28:50 2013 +0200 s3-winbind: Don't set a default directory for DIR. There is not default so you should always have to specify a directory in the config file. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Guenther Deschner g...@samba.org (cherry picked from commit 58038f6b26b5363f07d6e4a3fac6db461f9bca2c) --- Summary of changes: docs-xml/manpages/pam_winbind.conf.5.xml | 26 +- source3/winbindd/winbindd_pam.c |4 ++-- 2 files changed, 19 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml index be7f684..725e809 100644 --- a/docs-xml/manpages/pam_winbind.conf.5.xml +++ b/docs-xml/manpages/pam_winbind.conf.5.xml @@ -106,16 +106,24 @@ termkrb5_ccache_type = [type]/term listitempara - When pam_winbind is configured to try kerberos authentication by - enabling the parameterkrb5_auth/parameter option, it can - store the retrieved Ticket Granting Ticket (TGT) in a credential - cache. The type of credential cache can be controlled with this - option. The supported values are: parameterFILE/parameter - and parameterDIR/parameter (when the DIR type is supported - by the system's Kerberos library). In case of FILE a credential + When pam_winbind is configured to try kerberos authentication + by enabling the parameterkrb5_auth/parameter option, it can + store the retrieved Ticket Granting Ticket (TGT) in a + credential cache. The type of credential cache can be + controlled with this option. The supported values are: + parameterKEYRING/parameter (when supported by the system's + Kerberos library and Kernel), parameterFILE/parameter and + parameterDIR/parameter (when the DIR type is supported by + the system's Kerberos library). In case of FILE a credential cache in the form of /tmp/krb5cc_UID will be created - in case - of DIR it will be located under the /run/user/UID/krb5cc - directory. UID is replaced with the numeric user id./para + of DIR you NEED to specify a directory. UID is replaced with + the numeric user id./para + + paraWhen using the KEYRING type, the supported mechanism is + quoteKEYRING:persistent:UID/quote, which uses the Linux + kernel keyring to store credentials on a per-UID basis. This is + the recommended choice on latest Linux distributions, as it is + the most secure and predictable method./para paraIt is also possible to define custom filepaths and use the %u pattern in order to substitue the numeric user id. diff --git a/source3/winbindd/winbindd_pam.c
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5b0caf4 VERSION: Bump version number up to 4.0.11... via 55c51b8 VERSION: Disable git snapshots for the 4.0.10 release. via 6b120a5 WHATSNEW: Update release date. from 825aadb WHATSNEW: Add latest changes since 4.0.9. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5b0caf4a0b9ea141a912c356abe200c3499ad852 Author: Karolin Seeger ksee...@samba.org Date: Mon Oct 7 10:47:15 2013 +0200 VERSION: Bump version number up to 4.0.11... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 55c51b864a32d7b66240b4a9fb9162906861b1d7 Author: Karolin Seeger ksee...@samba.org Date: Mon Oct 7 10:46:08 2013 +0200 VERSION: Disable git snapshots for the 4.0.10 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit 6b120a594bdd387251866e04b7f0d2e8140bcdf3 Author: Karolin Seeger ksee...@samba.org Date: Mon Oct 7 10:45:14 2013 +0200 WHATSNEW: Update release date. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 02c79f3..eb74a75 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b6d0c72..3b9462b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,6 +1,6 @@ == Release Notes for Samba 4.0.10 - October 1, 2013 + October 8, 2013 == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c02af3e WHATSNEW: Add hint on the new acl allow execute always parameter. via 5f3c623 WHATSNEW: Satrt release notes for Samba 4.0.10. via ac049b9 dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs via 51822a5 s3:smbd:smb2:scavenger: fix format error for debugging open_persistent_id in scavenger_timer() from 22b48b3 python-samba-tool fsmo: Do not give an error on a successful role transfer http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c02af3ef62410c78466bd4d828d5153e8689157a Author: Karolin Seeger ksee...@samba.org Date: Mon Sep 30 12:40:54 2013 +0200 WHATSNEW: Add hint on the new acl allow execute always parameter. Signed-off-by: Karolin Seeger ksee...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Oct 1 09:27:23 CEST 2013 on sn-devel-104 commit 5f3c62365bfc7cbc674c2f9dc1e1f73d14d90e62 Author: Karolin Seeger ksee...@samba.org Date: Mon Sep 30 12:31:02 2013 +0200 WHATSNEW: Satrt release notes for Samba 4.0.10. Signed-off-by: Karolin Seeger ksee...@samba.org commit ac049b9c25c4975733b7a1152be4a7dd8c85e620 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 24 10:18:36 2013 -0700 dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Note that this doesn't fix the userParameters problem completely, but it doesn't truncate the userParameters value anymore. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104 (cherry picked from commit 89200c227f36a063612eb38927ac8dee18e044d5) commit 51822a531bba78e96a9604b11b457e884e76b654 Author: Michael Adam ob...@samba.org Date: Thu Apr 18 23:45:24 2013 +0200 s3:smbd:smb2:scavenger: fix format error for debugging open_persistent_id in scavenger_timer() Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Apr 19 01:36:15 CEST 2013 on sn-devel-104 Fix bug #10169 - Build Error in scavenger.c. --- Summary of changes: WHATSNEW.txt| 133 ++- source3/smbd/scavenger.c|9 ++- source4/dsdb/schema/schema_syntax.c |2 +- 3 files changed, 137 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8847406..932c90e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,132 @@ + == + Release Notes for Samba 4.0.10 + October 1, 2013 + == + + +This is is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.10 include: + +o NetBIOS related samba process consumes 100% CPU (bug #10158). +o Fix POSIX ACL mapping when setting DENY ACE's from Windows (bug #10162). + +To ease upgrades from Samba 3.6 and older, a new parameter called acl allow +execute always has been introduced as a temporary workaround. Please see the +smb.conf man page for details. + + +Changes since 4.0.9: + + +o Michael Adam ob...@samba.org +* BUG 10134: Ease file server upgrades from 3.6 and earlier with acl allow + execute always. +* BUG 10169: Fix build error in scavenger.c. + + +o Jeremy Allison j...@samba.org +* BUG 5917: Make Samba work on site with Read Only Domain Controller. +* BUG 9166: Starting smbd or nmbd with stdin from /dev/null results in + EOF on stdin. +* BUG 10063: source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / + winbind. +* BUG 10121: Masks incorrectly applied to UNIX extension permission changes. +* BUG 10139: Valid utf8 filenames cause invalid conversion error + messages. + + +o Christian Ambach a...@samba.org +* BUG #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++. + + +o Andrew Bartlett abart...@samba.org +* BUG 8077: dsdb: Convert the full string from UTF16 to UTF8, including + embedded NULLs. +* BUG 9091: When replicating DNS for bind9_dlz we need to create the + server-DNS account remotely. +* BUG 9461: python-samba-tool fsmo: Do not give an error on a successful + role transfer. + + +o Günther Deschner g...@samba.org +* BUG 9615: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). +* BUG 9899: s3-winbindd: fix fallback to ncacn_np in
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 825aadb WHATSNEW: Add latest changes since 4.0.9. via 8303c26 smbd: Fix crash bug in notify_deferred_opens via 76952d4 torture3: Trigger a nasty cleanup bug in smbd via 73166e5 smbd: Fix flawed share_mode_stale_pid API via 65c8909 smbd: Rename parameter i to idx via e3e0f59 smbd: Don't store in-memory only flags in locking.tdb via a321024 smbd: Simplify find_oplock_types from c02af3e WHATSNEW: Add hint on the new acl allow execute always parameter. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 825aadbdc46a4a10ee923082f69620112d109070 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 1 09:36:11 2013 +0200 WHATSNEW: Add latest changes since 4.0.9. Signed-off-by: Karolin Seeger ksee...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Oct 1 11:28:04 CEST 2013 on sn-devel-104 commit 8303c26ae93e487d823ab80251b1e9f6ff85d9ea Author: Volker Lendecke v...@samba.org Date: Mon Sep 30 12:52:49 2013 + smbd: Fix crash bug in notify_deferred_opens The deferred array only holds enough entries for non-stale pids. We should skip those as well when filling that array. This bug came in with 19b6671. No issue in master and 4.1, we don't have deferred entries anymore there. Part of a fix for bug #10138 - smbd doesn't always clean up share modes after hard crash. commit 76952d4ac5fdc96109e50e2aa10e7a0f1326de1e Author: Volker Lendecke v...@samba.org Date: Sun Sep 1 18:54:59 2013 +0200 torture3: Trigger a nasty cleanup bug in smbd Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Tue Sep 3 19:13:14 CEST 2013 on sn-devel-104 (cherry picked from commit ade8477f98fcffcc6e3c5ea31618b49d0c1bba95) The latest 5 patches address bug #10138 - smbd doesn't always clean up share modes after hard crash. commit 73166e5fde3e587ba9e0e204424973ca0869cf54 Author: Volker Lendecke v...@samba.org Date: Fri Aug 30 12:49:43 2013 + smbd: Fix flawed share_mode_stale_pid API The comment for this routine said: Modifies d-num_share_modes, watch out in routines iterating over that array. Well, it turns out that *every* caller of this API got it wrong. So I think it's better to change the routine. This leaves the array untouched while iterating but filters out the deleted ones while saving them back to disk. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 7d91ffc6fdc3b371564e14f09822a96264ea372a) commit 65c89097475205a21892c35c62fb8cf977390ef7 Author: Volker Lendecke v...@samba.org Date: Fri Aug 30 12:27:36 2013 + smbd: Rename parameter i to idx We'll need i in a later checkin ... :-) Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 5006db98aaf1efe119f1da8be091587a9bc2b952) Conflicts: source3/locking/proto.h commit e3e0f591361a51a911df5d60590ae6d462567c89 Author: Volker Lendecke v...@samba.org Date: Sun Sep 1 11:07:19 2013 +0200 smbd: Don't store in-memory only flags in locking.tdb Hey, pidl knows the [skip] attribute ... :-) Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 696bc569b17f024f840774e3d59761229836a310) commit a321024a5beb32b7ce4cd4bf0ea9195911b83ad9 Author: Volker Lendecke v...@samba.org Date: Thu Aug 22 08:49:07 2013 + smbd: Simplify find_oplock_types Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 94b320527eee0c7ba1d3818816e7d59cb863bf3f) --- Summary of changes: WHATSNEW.txt |2 + source3/librpc/idl/open_files.idl | 10 - source3/locking/locking.c | 47 + source3/locking/proto.h |2 +- source3/locking/share_mode_lock.c | 24 + source3/selftest/tests.py |1 + source3/smbd/close.c | 10 -- source3/smbd/open.c | 19 +- source3/torture/proto.h |1 + source3/torture/test_cleanup.c| 70 + source3/torture/torture.c |1 + 11 files changed, 157 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 932c90e..b6d0c72 100644 --- a/WHATSNEW.txt +++
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 22b48b3 python-samba-tool fsmo: Do not give an error on a successful role transfer from fffa771 Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 22b48b3cb4b2b1cfde3e15e737e23ae7d0ea12f8 Author: Andrew Bartlett abart...@samba.org Date: Thu May 9 15:16:55 2013 +1200 python-samba-tool fsmo: Do not give an error on a successful role transfer Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104 (cherry picked from commit 8d8872ae0a19786452c3be044757b16814b82be8) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Sep 25 10:51:49 CEST 2013 on sn-devel-104 --- Summary of changes: python/samba/netcmd/fsmo.py | 14 +++--- 1 files changed, 7 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py index c938c91..02721f9 100644 --- a/python/samba/netcmd/fsmo.py +++ b/python/samba/netcmd/fsmo.py @@ -124,22 +124,22 @@ all=all of the above), self.message(Attempting transfer...) try: transfer_role(self.outf, role, samdb) +self.outf.write(FSMO seize was not required, as transfer of '%s' role was successful\n % role) +return except CommandError: #transfer failed, use the big axe... self.message(Transfer unsuccessful, seizing...) -m[fSMORoleOwner]= ldb.MessageElement( -serviceName, ldb.FLAG_MOD_REPLACE, -fSMORoleOwner) else: self.message(Will not attempt transfer, seizing...) -m[fSMORoleOwner]= ldb.MessageElement( -serviceName, ldb.FLAG_MOD_REPLACE, -fSMORoleOwner) + +m[fSMORoleOwner]= ldb.MessageElement( +serviceName, ldb.FLAG_MOD_REPLACE, +fSMORoleOwner) try: samdb.modify(m) except LdbError, (num, msg): raise CommandError(Failed to initiate role seize of '%s' role: %s % (role, msg)) -self.outf.write(FSMO transfer of '%s' role successful\n % role) +self.outf.write(FSMO seize of '%s' role successful\n % role) def run(self, force=None, H=None, role=None, credopts=None, sambaopts=None, versionopts=None): -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via fffa771 Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows. via c62c56c docs: point out side-effects of global valid users setting. from 43e5b94 libcli: continue to read from the socket even if the size is 0 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fffa7712ad0712f963c8056ebfb9f2b98fcf1bdb Author: Daniel Liberman danie...@gmail.com Date: Thu Sep 19 20:28:33 2013 -0300 Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows. Fix for ACL problem - not accepting DENY. Code was checking for pointer and not for content. Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Sat Sep 21 05:24:07 CEST 2013 on sn-devel-104 (cherry picked from commit e24fcf0f3e1b5b19d97a13786b09f069393b06d8) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 23 11:23:14 CEST 2013 on sn-devel-104 commit c62c56cd8dc73340ced15071427469f9e7f5e4ad Author: Günther Deschner g...@samba.org Date: Tue Sep 17 12:47:58 2013 +0200 docs: point out side-effects of global valid users setting. Guenther Signed-off-by: Günther Deschner g...@samba.org Fix bug #10147 - Better document potential implications of a globally used valid users. --- Summary of changes: docs-xml/smbdotconf/security/validusers.xml | 10 ++ source3/smbd/posix_acls.c |2 +- 2 files changed, 11 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/validusers.xml b/docs-xml/smbdotconf/security/validusers.xml index 313739d..ec3e11e 100644 --- a/docs-xml/smbdotconf/security/validusers.xml +++ b/docs-xml/smbdotconf/security/validusers.xml @@ -19,6 +19,16 @@ The current servicename is substituted for parameter moreinfo=none%S/parameter. This is useful in the [homes] section. /para + +paraemphasisNote: /emphasisWhen used in the [global] section this +parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see +parameter moreinfo=nonelocal master/parameter, +parameter moreinfo=noneos level/parameter, +parameter moreinfo=nonedomain master/parameter, +parameter moreinfo=nonepreferred master/parameter) this option +will prevent workstations from being able to browse the network. +/para + /description relatedinvalid users/related diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 3ff34fc..713ad50 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1807,7 +1807,7 @@ static bool add_current_ace_to_acl(files_struct *fsp, struct security_ace *psa, if (current_ace-attr == ALLOW_ACE) *got_file_allow = True; - if ((current_ace-attr == DENY_ACE) got_file_allow) { + if ((current_ace-attr == DENY_ACE) *got_file_allow) { DEBUG(0,(add_current_ace_to_acl: malformed ACL in file ACL ! Deny entry after Allow entry. Failing to set on file -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 43e5b94 libcli: continue to read from the socket even if the size is 0 from f7a9cb0 Fix is_legal_name() to not emit character conversion error messages. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 43e5b94448a8a4a1f772901433f8c30fd95809ed Author: Matthieu Patou m...@matws.net Date: Thu Sep 19 11:18:32 2013 -0700 libcli: continue to read from the socket even if the size is 0 This is an issue found by Codenomicon, with a malicious packet with 0 bytes UDP payload we will continiously be looping trying to react from the socket event and continiously do nothing as we will bail out thinking that we had a memory allocation error. Original fix comes from Volker Lendecke v...@samba.org Signed-off-by: Matthieu Patou m...@matws.net Fix bug #10158 - netbios related samba process consume 100% CPU. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Sep 20 11:05:42 CEST 2013 on sn-devel-104 --- Summary of changes: source4/libcli/dgram/dgramsocket.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c index 3f06dc7..cd6d3e4 100644 --- a/source4/libcli/dgram/dgramsocket.c +++ b/source4/libcli/dgram/dgramsocket.c @@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock) } blob = data_blob_talloc(tmp_ctx, NULL, dsize); - if (blob.data == NULL) { + if ((dsize != 0) (blob.data == NULL)) { talloc_free(tmp_ctx); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f7a9cb0 Fix is_legal_name() to not emit character conversion error messages. from 5f3fa21 s3:smb2_find: Return that timestamps do not exist as directories http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f7a9cb0eca0b2b2ed07e49ef56cd35dded3b2fe5 Author: Jeremy Allison j...@samba.org Date: Tue Sep 10 10:46:18 2013 -0700 Fix is_legal_name() to not emit character conversion error messages. Using next_codepoint() does the same check, but without the conversion message. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 776db7d38597a29536e4127837ffa3b4f4ce35ab) Fix bug #10139 - valid utf8 filenames cause invalid conversion error messages. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Sep 19 12:06:53 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/mangle_hash2.c | 20 1 files changed, 8 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index 655c727..c2910f8 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -626,21 +626,17 @@ static bool is_legal_name(const char *name) while (*name) { if (((unsigned int)name[0]) 128 (name[1] != 0)) { /* Possible start of mb character. */ - char mbc[2]; size_t size = 0; + (void)next_codepoint(name, size); /* -* Note that if CH_UNIX is utf8 a string may be 3 -* bytes, but this is ok as mb utf8 characters don't -* contain embedded ascii bytes. We are really checking -* for mb UNIX asian characters like Japanese (SJIS) here. -* JRA. +* Note that we're only looking for multibyte +* encoding here. No encoding with a length 1 +* contains invalid characters. */ - if (convert_string(CH_UNIX, CH_UTF16LE, name, 2, mbc, 2, size)) { - if (size == 2) { - /* Was a good mb string. */ - name += 2; - continue; - } + if (size 1) { + /* Was a mb string. */ + name += size; + continue; } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5f3fa21 s3:smb2_find: Return that timestamps do not exist as directories from 71e2a9a docs: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5f3fa215d9f88aa83f2f0daa5e1e540ffc6294a3 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Thu Aug 29 19:36:00 2013 +0200 s3:smb2_find: Return that timestamps do not exist as directories When a Windows client receives a large directory listing while querying snapshots, it sends a find request asking for the timestamp as a directory. A Windows server returns NO_SUCH_FILE, so make sure Samba returns the same. Otherwise the client will get confused and display timestamps in the 'previous versions' dialog. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104 (cherry picked from commit c8c0632c871e838fc4465b2a69b4e059e9a126c0) Fix bug #10137 - shadow_copy2 does not display previous versions correctly over SMB2. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 16 11:38:36 CEST 2013 on sn-devel-104 --- Summary of changes: source3/include/smb.h |3 +++ source3/modules/vfs_shadow_copy2.c |3 --- source3/smbd/smb2_find.c | 13 + 3 files changed, 16 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 2aa2ab3..568ba54 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -567,6 +567,9 @@ Offset Datalength. #define NOTIFY_ACTION_REMOVED_STREAM 7 #define NOTIFY_ACTION_MODIFIED_STREAM 8 +/* timestamp format used in previous versions */ +#define GMT_NAME_LEN 24 /* length of a @GMT- name */ +#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S /* where to find the base of the SMB packet proper */ #define smb_base(buf) (((const char *)(buf))+4) diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index 1cf8e37..e96eb02 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -107,9 +107,6 @@ #include ccan/hash/hash.h #include util_tdb.h -#define GMT_NAME_LEN 24 /* length of a @GMT- name */ -#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S - static bool shadow_copy2_find_slashes(TALLOC_CTX *mem_ctx, const char *str, size_t **poffsets, unsigned *pnum_offsets) diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index c2c0559..c39a35d 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -224,6 +224,8 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY; bool dont_descend = false; bool ask_sharemode = true; + struct tm tm; + char *p; req = tevent_req_create(mem_ctx, state, struct smbd_smb2_find_state); @@ -259,6 +261,17 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + p = strptime(in_file_name, GMT_FORMAT, tm); + if ((p != NULL) (*p =='\0')) { + /* +* Bogus find that asks for a shadow copy timestamp as a +* directory. The correct response is that it does not exist as +* a directory. +*/ + tevent_req_nterror(req, NT_STATUS_NO_SUCH_FILE); + return tevent_req_post(req, ev); + } + if (in_output_buffer_length smb2req-sconn-smb2.max_trans) { DEBUG(2,(smbd_smb2_find_send: client ignored max trans:%s: 0x%08X: 0x%08X\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 71e2a9a docs: Fix typos. via 56fb38c Raise the level of a debug. via 4dd30fa docs: document acl allow execute always via 4101896 s3:smbd: ease file server upgrades from 3.6 and earlier with acl allow execute aways via 13be13f loadparm: add new parameter acl allow execute always from dab5a79 samba-tool/dns: Pass on additional flags when creating zones http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 71e2a9ae3b108d24d1f7dc521c4035a4b9f93900 Author: Karolin Seeger ksee...@samba.org Date: Thu Sep 12 09:20:03 2013 +0200 docs: Fix typos. This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking acls for open for execution. Signed-off-by: Karolin Seeger ksee...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104 (cherry picked from commit 4af7b709e925d85be9446af179186fc13466626f) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Sep 13 12:54:16 CEST 2013 on sn-devel-104 commit 56fb38ccb195d82e25a7437ccb5956f6ffcae987 Author: Korobkin korobkin+sa...@gmail.com Date: Tue Sep 10 16:20:27 2013 -0700 Raise the level of a debug. Bug #10118 - Samba is chatty about being unable to open a printer Reviewed-by: Guenther Deschner g...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104 (cherry picked from commit d809cf653b624a9fde48de3b0c2ab58aca705c50) commit 4dd30fa4c082bdd32f615cde05d077730dec9c5d Author: Michael Adam ob...@samba.org Date: Mon Sep 2 16:54:15 2013 +0200 docs: document acl allow execute always Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: David Disseldorp dd...@samba.org The last 3 patches address bug #10134 - Samba 4.0 is stricter in checking acls for open for execution. See the following commits in master: de3bc10ef69f23e7dab9fc3f6990bb403824b14e 1e29d730663382875d96c275c60e022a1c33a2d1 a2a3c9f36d7a19d75924cff25fa1b450d85ee6d6 commit 41018965728cba99c4fa8e9cfaa4bc11c4303506 Author: Michael Adam ob...@samba.org Date: Mon Sep 2 17:37:50 2013 +0200 s3:smbd: ease file server upgrades from 3.6 and earlier with acl allow execute aways 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This patch changes smbd to skip the execute bit from the ACL check in the open code if acl allow execute always = yes, hence re-establishing the old behaviour in this case. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 13be13fa876c3fe5580e311ed78b791b1980b56f Author: Michael Adam ob...@samba.org Date: Mon Sep 2 17:36:59 2013 +0200 loadparm: add new parameter acl allow execute always Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: David Disseldorp dd...@samba.org --- Summary of changes: .../smbdotconf/protocol/aclallowexecutealways.xml | 26 lib/param/param_functions.c|1 + lib/param/param_table.c| 10 +++ source3/include/proto.h|1 + source3/param/loadparm.c |1 + source3/rpc_server/spoolss/srv_spoolss_nt.c|2 +- source3/smbd/open.c| 16 +++- 7 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 docs-xml/smbdotconf/protocol/aclallowexecutealways.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml new file mode 100644 index 000..49d2c48 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml @@ -0,0 +1,26 @@ +samba:parameter name=acl allow execute always + context=S + type=boolean + advanced=1 wizard=1 + xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; +description +para +This boolean parameter controls the behaviour of citerefentryrefentrytitlesmbd/refentrytitle +manvolnum8/manvolnum/citerefentry when receiving a protocol request of open for execution +from a Windows client. +With Samba 3.6 and older, the execution
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via dab5a79 samba-tool/dns: Pass on additional flags when creating zones via e4e9464 samba-tool/dns: Set secure zone update flag after creating new zone from f9c157c Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit dab5a79433da31e77723518cb8f324773f2219ad Author: Amitay Isaacs ami...@gmail.com Date: Mon May 27 12:26:36 2013 +1000 samba-tool/dns: Pass on additional flags when creating zones Windows DCs require additional flags to be set when creating zones. This fixes bug #9599. Signed-off-by: Amitay Isaacs ami...@gmail.com (cherry picked from commit c22eb103d865ed50a6c3ca89750245b92e17b493) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 9 12:04:57 CEST 2013 on sn-devel-104 commit e4e9464a58c52abc275e0457a676198d329be1f2 Author: Amitay Isaacs ami...@gmail.com Date: Mon May 27 12:37:20 2013 +1000 samba-tool/dns: Set secure zone update flag after creating new zone Windows DC ignores the secure update flag while creating new zone. Windows performs another operation to set the secure update flag. Signed-off-by: Amitay Isaacs ami...@gmail.com (cherry picked from commit 05578dcdbfa1734ae7bafb70859a76f4cd2a023d) --- Summary of changes: python/samba/netcmd/dns.py | 18 +++--- 1 files changed, 15 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py index c00d17a..6cfaa68 100644 --- a/python/samba/netcmd/dns.py +++ b/python/samba/netcmd/dns.py @@ -852,28 +852,40 @@ class cmd_zonecreate(Command): zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_W2K() zone_create_info.pszZoneName = zone zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY -zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE zone_create_info.fAging = 0 +zone_create_info.fDsIntegrated = 1 +zone_create_info.fLoadExisting = 1 elif client_version == dnsserver.DNS_CLIENT_VERSION_DOTNET: typeid = dnsserver.DNSSRV_TYPEID_ZONE_CREATE_DOTNET zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_DOTNET() zone_create_info.pszZoneName = zone zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY -zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE zone_create_info.fAging = 0 +zone_create_info.fDsIntegrated = 1 +zone_create_info.fLoadExisting = 1 zone_create_info.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT else: typeid = dnsserver.DNSSRV_TYPEID_ZONE_CREATE zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_LONGHORN() zone_create_info.pszZoneName = zone zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY -zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE zone_create_info.fAging = 0 +zone_create_info.fDsIntegrated = 1 +zone_create_info.fLoadExisting = 1 zone_create_info.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT res = dns_conn.DnssrvOperation2(client_version, 0, server, None, 0, 'ZoneCreate', typeid, zone_create_info) + +typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM +name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM() +name_and_param.pszNodeName = 'AllowUpdate' +name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE + +res = dns_conn.DnssrvOperation2(client_version, 0, server, zone, +0, 'ResetDwordProperty', typeid, +name_and_param) self.outf.write('Zone %s created successfully\n' % zone) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f9c157c Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query. via 70be15b Move the retry logic when site_name is passed in a NULL or to the wrapper function. via 9930f28 Move the manipulation of site_name into the caller function dsgetdcname(). via 6ddc9a5 Refactor dsgetdcname to be called via a wrapper function. via 8943d97 dsgetdcname_cache_fetch() doesn't use the site_name parameter so don't pass it. via e0beb5a smbd: Correctly return INFO_LENGTH_MISMATCH for smb1 via df9fd7f smbd: Fix error return for STREAM_INFO via d594876 smbd: Revert a93f9c3 via aadd02d smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo via cedcde9 smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo via ef717ef smbd: qfsinfo has fixed/variable buffers via 4220369 smbd: qfilepathinfo has fixed/variable buffers via 12c77c7 smbd: Use #defines in smb2_getinfo_send via 6dc2f7f s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data via cc100f0 s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data via 235342b s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler via 2c608aa s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data via 71c00f1 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small via 067ce71 torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9 via cf1ae22 selftest: Add a basic test of samba_upgradedns via 8424ea2 selftest: Start internal DNS server on domain provisioned for BIND9_DLZ via e94d37c selftest: Test creation of the dns-SERVER account during selftest via 8e618de scripting/samba_upgradedns: Tighten up exception and attribute list handling via d17713f scripting/join.py: Handle creating the dns-NAME account during a DC join via 6bed1b2 selftest: Fix specification of --machinepass to actually set a unique password from 8749a30 s3:lib/gencache: place gencache.tdb into /var/cache/samba http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f9c157cf6892e02e765a64601c4a286d8dadece4 Author: Jeremy Allison j...@samba.org Date: Tue Sep 3 14:07:43 2013 -0700 Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query. Bug 5917 - Samba does not work on site with Read Only Domain Controller Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Sep 4 01:19:05 CEST 2013 on sn-devel-104 (cherry picked from commit bdab6f9431715fbfd28f8cc0dfb4dde2966f22f3) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Sep 6 12:51:06 CEST 2013 on sn-devel-104 commit 70be15bdb448b9c6c8ec047ce6f6df4a696ce61e Author: Jeremy Allison j...@samba.org Date: Tue Sep 3 12:20:52 2013 -0700 Move the retry logic when site_name is passed in a NULL or to the wrapper function. Bug 5917 - Samba does not work on site with Read Only Domain Controller Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Richard Sharpe rsha...@samba.org (cherry picked from commit 68e7b1c9446c7d1274b0fb85b59b90ac1a7f6041) commit 9930f28a3cf94bdbeb11f551926c105f27c1c12e Author: Jeremy Allison j...@samba.org Date: Tue Sep 3 12:08:46 2013 -0700 Move the manipulation of site_name into the caller function dsgetdcname(). Leave dsgetdcname_internal() only using const char *site_name. Bug 5917 - Samba does not work on site with Read Only Domain Controller Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Richard Sharpe rsha...@samba.org (cherry picked from commit 181c11066bd53b07015a199f56eb71182e89ff71) commit 6ddc9a57d025fe196b2f820cfa27429a3acf5643 Author: Jeremy Allison j...@samba.org Date: Tue Sep 3 12:04:37 2013 -0700 Refactor dsgetdcname to be called via a wrapper function. Bug 5917 - Samba does not work on site with Read Only Domain Controller Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Richard Sharpe rsha...@samba.org (cherry picked from commit 66006be7ef703b2935334633d27641050cee5f58) commit 8943d971ee729e7f00e17125b9011d9456f220f3 Author: Jeremy Allison j...@samba.org Date: Tue Sep 3 12:13:45 2013 -0700
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 8749a30 s3:lib/gencache: place gencache.tdb into /var/cache/samba via 825d273 python/provision: remove unused linklocal=False argument from interface_ips_v6() via 1cfb0ae s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6() via ad2dc0f python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given from 25ded36 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 8749a307c5d24bf9d613f7edf3354b689eaaf83e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 28 11:00:27 2013 +0100 s3:lib/gencache: place gencache.tdb into /var/cache/samba /var/lock/samba is located on tmpfs on newer systems, but we want to keep things like the server affinity cache across reboots. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 54529fd354275cfb4ece407f95ef34675b202ea3) Fix bug #9802 - gencache.tdb should be moved to /var/cache/samba. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 2 11:57:51 CEST 2013 on sn-devel-104 commit 825d2731a7276848d8a673c05c4a503a37c2904c Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 15:18:44 2013 +0200 python/provision: remove unused linklocal=False argument from interface_ips_v6() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104 (cherry picked from commit 3430448fc01ce3fbe0606a2c239d3c98a5b78361) The last 3 patches address bug #10030 - ::1 added to nameserver on join. commit 1cfb0ae84885215c186650f941fd867868df7c11 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 15:17:59 2013 +0200 s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6() This is the default... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de (cherry picked from commit 9edc0276c742194ec381c266acedf3216ccf1c69) commit ad2dc0facbc02e82cae1882a3e15aae81f1cfb53 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 30 14:59:01 2013 +0200 python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Bjoern Jacke b...@sernet.de (cherry picked from commit 0e6aca40413fb3cfd4300f282204a69743be4a65) --- Summary of changes: python/pyglue.c| 45 ++- python/samba/provision/__init__.py |6 ++-- source3/lib/gencache.c |2 +- source4/scripting/bin/samba_upgradedns |2 +- 4 files changed, 48 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/python/pyglue.c b/python/pyglue.c index c21de46..802153a 100644 --- a/python/pyglue.c +++ b/python/pyglue.c @@ -164,18 +164,59 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args) /* first count how many are not loopback addresses */ for (ifcount = i = 0; icount; i++) { const char *ip = iface_list_n_ip(ifaces, i); - if (!(!all_interfaces iface_list_same_net(ip, 127.0.0.1, 255.0.0.0))) { + + if (all_interfaces) { ifcount++; + continue; + } + + if (iface_list_same_net(ip, 127.0.0.1, 255.0.0.0)) { + continue; + } + + if (iface_list_same_net(ip, 169.254.0.0, 255.255.0.0)) { + continue; } + + if (iface_list_same_net(ip, ::1, :::::::)) { + continue; + } + + if (iface_list_same_net(ip, fe80::, :::::)) { + continue; + } + + ifcount++; } pylist = PyList_New(ifcount); for (ifcount = i = 0; icount; i++) { const char *ip = iface_list_n_ip(ifaces, i); - if (!(!all_interfaces iface_list_same_net(ip, 127.0.0.1, 255.0.0.0))) { + + if (all_interfaces) { PyList_SetItem(pylist, ifcount, PyString_FromString(ip)); ifcount++; + continue; + } + + if (iface_list_same_net(ip, 127.0.0.1, 255.0.0.0)) { +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 25ded36 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. via ac3c32d Allow UNIX extensions client to act on open fsp instead of pathname if available. via 335e417 Fix the erroneous masking of chmod requests via the UNIX extensions. via 9891d98 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in EOF on stdin via d63a5e5 s3: Fix some blank line endings via c65a4e8 smbd: Simplify dropbox special case in unix_convert via c72c00c smbd: Fix a profile problem from 1787174 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 25ded368585b8d439023503dc11e6502e5bd Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:20:48 2013 -0700 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. UNIX extensions calls must never deref links. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Aug 26 20:19:46 CEST 2013 on sn-devel-104 (cherry picked from commit d1593a20f3a5ebf287477dfa8f5ab31dca3dd0c3) The last 3 patches address bug #10121 - masks incorrectly applied to UNIX extension permission changes. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Aug 30 12:34:12 CEST 2013 on sn-devel-104 commit ac3c32d0d51f626d6198c6994daff4fc48f6b5ae Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:10:05 2013 -0700 Allow UNIX extensions client to act on open fsp instead of pathname if available. Eliminates possible race condition on pathname op. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit f1ff97fc022adaacaa23b7da250be6f7d51c6ac7) commit 335e4178220b848cd822428359b589bc599e81eb Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:03:25 2013 -0700 Fix the erroneous masking of chmod requests via the UNIX extensions. Changed from switch statement to if, as create mask, force create mode are only applied to new files, not existing ones. directory mask, force directory mode are only applied to new directories, not existing ones. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit bd0156988b34feaf91c3046f7ec78f0833222395) commit 9891d9870060e61f33a835363dea8f5267d6e8ca Author: Jeremy Allison j...@samba.org Date: Mon Jun 10 13:33:40 2013 -0700 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in EOF on stdin Only install the stdin handler if it's a pipe or fifo. Signed-off-by: Jeremy Allison j...@samba.org commit d63a5e5c7b38b6eb906e1bbe497fc9c07d5961ce Author: Volker Lendecke v...@samba.org Date: Wed Sep 26 16:53:48 2012 -0700 s3: Fix some blank line endings Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Thu Sep 27 07:57:03 CEST 2012 on sn-devel-104 (cherry picked from commit aad669b53eca99f86c2e630bf3f2e9f594fed9c1) commit c65a4e82886487a389ab2c1d21487e0d16f6fb16 Author: Volker Lendecke v...@samba.org Date: Mon Aug 19 10:26:00 2013 + smbd: Simplify dropbox special case in unix_convert EACCESS needs special treatment: If we want to create a fresh file, return OBJECT_PATH_NOT_FOUND, so that the client will continue creating the file. If the client wants us to open a potentially existing file, we need to correctly return ACCESS_DENIED. This patch makes this behaviour hopefully a bit clearer than the code before did. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Aug 26 12:14:26 CEST 2013 on sn-devel-104 The last 2 patches address bug #10114 - Dropbox (write-only-directory) case isn't handled correctly in pathname lookup. commit c72c00cd126194aaa51d74585b0ca32cf224663b Author: Volker Lendecke volker.lende...@sernet.de Date: Tue Jul 9 11:02:39 2013 -0700 smbd: Fix a profile problem When trying to read a profile, under certain circumstances Windows tries to read with its machine account first. The profile previously written was stored with an ACL that only allows access for the user and not the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using the machine account, making it retry with the user account (which would then succeed). Samba under these circumstances erroneously
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1787174 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind from 16e6631 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 17871748fbf07c545099bdead294694c976d467a Author: Jeremy Allison j...@samba.org Date: Fri Aug 2 15:03:39 2013 -0700 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind Don't use talloc_tos() in something that can be linked to in pam_winbindd.so Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104 (cherry picked from commit 9423d5afb71e272298f4858d82f436e19ee2b07f) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Aug 27 11:39:07 CEST 2013 on sn-devel-104 --- Summary of changes: source3/lib/util.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util.c b/source3/lib/util.c index 5ffce58..d543c7f 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1487,10 +1487,12 @@ char *myhostname(void) char *myhostname_upper(void) { - char *name; static char *ret; if (ret == NULL) { - name = get_myname(talloc_tos()); + char *name = get_myname(NULL); + if (name == NULL) { + return NULL; + } ret = strupper_talloc(NULL, name); talloc_free(name); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via ead7d80 VERSION: Bump version number up to 4.0.10... via c0bc3a3 VERSION: Disable git snapshots for the 4.0.9 release. via b752b34 WHATSNEW: Prepare release notes for Samba 4.0.9. from 1a61c56 s3-libads: Print a message if no realm has been specified. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ead7d80a7fb8e3c9051ed498d6f4c414728cc6cb Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 15 10:19:46 2013 +0200 VERSION: Bump version number up to 4.0.10... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit c0bc3a3735aa9b5a44006e9dce2fb5e934b5e714 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 15 10:18:21 2013 +0200 VERSION: Disable git snapshots for the 4.0.9 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit b752b346c3293b79a85a6cbde32734c423445ee5 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 15 10:17:11 2013 +0200 WHATSNEW: Prepare release notes for Samba 4.0.9. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 114 - 2 files changed, 113 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6cb5cba..02c79f3 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 503aff0..8847406 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,114 @@ = + Release Notes for Samba 4.0.9 + August 20, 2013 + = + + +This is is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.9 include: + +o Fix crash of Winbind after ls -l /usr/local/samba/var/locks/sysvol + (bug #9820). +o Fix segmentation fault while reading incomplete session info (bug #10003). +o smbd: Fix a 100% loop at shutdown time (bug #10013). + + +Changes since 4.0.8: + + +o Michael Adam ob...@samba.org +* BUG 9930: smbd: Cleanup disonnected durable handles. + + +o Jeremy Allison j...@samba.org +* BUG 9992: Fix Windows error 0x800700FE when copying files with xattr names + containing :. +* BUG 10064: Linux kernel oplock breaks can miss signals. + + +o Andrew Bartlett abart...@samba.org +* BUG 9820: Fix crash of Winbind after ls -l + /usr/local/samba/var/locks/sysvol. +* BUG 10014: Fix excessive RID allocation. + + +o Björn Baumbach b...@sernet.de +* BUG 10003: s3-lib: Fix segmentation fault while reading incomplete + session info. + + +o Gregor Beck gb...@sernet.de +* BUG 9678: Windows 8 Roaming profiles fail. +* BUG 9930: smbd: Cleanup disonnected durable handles. + + +o Kai Blin k...@samba.org +* BUG 10015: Add debugclass for DNS server. + + +o Alexander Bokovoy a...@samba.org +* BUG 9779: Add UPN enumeration to passdb internal API. + + +o Günther Deschner g...@samba.org +* BUG 10043: Allow to change the default location for Kerberos credential + caches. +* BUG 10073: net ads join: Fix segmentation fault in + create_local_private_krb5_conf_for_domain. + + +o Volker Lendecke v...@samba.org +* BUG 10013: smbd: Fix a 100% loop at shutdown time. + + +o Stefan Metzmacher me...@samba.org +* BUG 9820: Fix crash of Winbind after ls -l + /usr/local/samba/var/locks/sysvol. +* BUG 10003: s3-lib: Fix segmentation fault while reading incomplete + session info. +* BUG 10015: Fix/improve debug options. + + +o Christof Schmitt christof.schm...@us.ibm.com +* BUG 9970: vfs_streams_xattr: Do not attempt to write empty attribute + twice. + + +o Andreas Schneider a...@samba.org +* BUG 9994: s3-winbind: Do not delete an existing valid credential cache. +* BUG 10073: net ads join: Fix segmentation fault in + create_local_private_krb5_conf_for_domain. + + +o Ralph Wuerthner ral...@de.ibm.com +* BUG 10064: Linux kernel oplock breaks can miss signals. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback.
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 16e6631 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). via 232fd8b waf: replace dependency to libintl with samba_intl via 202f7b9 waf: consolidate libintl related checks via 9a19757 waf: add --without-gettext option via 32dbdbe waf: fix build on AIX7 via af09311 s3:lib/system fix build on AIX 7 via 0d8f04a smbd: Fix async echo handler forking (Bug 10086) via 830eae7 Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba. via ec6b02d docs: Fix variable list in man vfs_crossrename. from ead7d80 VERSION: Bump version number up to 4.0.10... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 16e6631da9385604f98a89a662a9b2d75affcd7c Author: Günther Deschner g...@samba.org Date: Mon Aug 12 17:23:12 2013 +0200 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). Fallback to lsa named-pipe connection when tcp connection has failed twice (it could be a trusted domain connection where we cannot setup a secure channel). Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899 Signed-off-by: Günther Deschner g...@samba.org Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Tested-by: Christof Schmitt christof.schm...@us.ibm.com Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104 Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Aug 20 12:58:03 CEST 2013 on sn-devel-104 commit 232fd8ba0aa9728a3cabd6372fc1ecaaa38d416e Author: Christian Ambach a...@samba.org Date: Thu Aug 1 23:00:21 2013 +0200 waf: replace dependency to libintl with samba_intl Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104 (cherry picked from commit 20b64eae75b8809d67b8c2824616996bb4722612) The last 5 patches address bug #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++. commit 202f7b98abc2a01708a7ee1b1871b2e37d9beeca Author: Christian Ambach a...@samba.org Date: Thu Aug 1 22:28:05 2013 +0200 waf: consolidate libintl related checks consolidate the dealing with functions from libintl and the handling of checking if libiconv is required or not to a common place in lib/replace also add a new samba_intl subsystem that has dependencies on the appropriate set of libraries (libintl, libintl+libiconv or none) that can be used as a general dependency by code that depends on the internationalization libraries Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 07b3a048724a6b41282e1f673aea5ce2c1202a5e) commit 9a197573e246369b36cdcddeceb26e5d139b4adf Author: Christian Ambach a...@samba.org Date: Tue Jun 25 18:37:35 2013 +0200 waf: add --without-gettext option Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit a742e87b39bed97ac59f5ec8bff9bf3cedf8b68a) commit 32dbdbe75dfe2a34cf487395d29a7b12f6872cba Author: Christian Ambach a...@samba.org Date: Thu Jun 20 18:26:04 2013 +0200 waf: fix build on AIX7 the same works for AIX 5,6,7 so leave away the version specifics (as autoconf build did) Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit ce8fbdf76ee2792d011d9da4d0116f04d9656886) commit af0931120b156092a6fece5a5b8dea210c11d803 Author: Christian Ambach a...@samba.org Date: Thu Jun 20 18:27:13 2013 +0200 s3:lib/system fix build on AIX 7 AIX uses struct stat64 with struct timespec64, so direct assignment does not work any more. Pair-Programmed-With: Volker Lendecke v...@samba.org Signed-off-by: Christian Ambach a...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Aug 2 09:47:43 CEST 2013 on sn-devel-104 (cherry picked from commit ba40d0d9d320e500621a6a8107a2ef0a34aeb6ba) commit 0d8f04a0a580daf2ac27258091b4a7fd884bab1f Author: Volker Lendecke v...@samba.org Date: Wed Aug 14 10:46:46 2013 + smbd: Fix async echo handler forking (Bug 10086) If SMB3 is chosen via an SMB1 negprot, we forked the echo handler because set_Protocol is called later, after the full protocol negotiation is done. Signed-off-by: Volker Lendecke v...@samba.org
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1a61c56 s3-libads: Print a message if no realm has been specified. via dea6282 s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing. from 9439729 Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1a61c5632c1a444eb916290342241660cbb59988 Author: Andreas Schneider a...@samba.org Date: Mon Aug 5 09:25:11 2013 +0200 s3-libads: Print a message if no realm has been specified. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104 (cherry picked from commit 6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81) The last 2 patches address bug #10073 - net ads join - segmentation fault in create_local_private_krb5_conf_for_domain. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Aug 13 12:16:48 CEST 2013 on sn-devel-104 commit dea6282d3b7bda6389c2f101c14159274472b780 Author: Günther Deschner g...@samba.org Date: Fri May 17 15:14:35 2013 +0200 s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 6dc7c63efa95d0c04b542667d9b6a6621c8139bf) --- Summary of changes: source3/libads/kerberos.c | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 50a409c..cac3474 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -838,6 +838,16 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return false; } + if (realm == NULL) { + DEBUG(0, (No realm has been specified! Do you really want to + join an Active Directory server?\n)); + return false; + } + + if (domain == NULL || pss == NULL || kdc_name == NULL) { + return false; + } + dname = lock_path(smb_krb5); if (!dname) { return false; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 9439729 Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. via f17721e Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals. via c3a6b78 Add torture tests to raw.eas to check sending Windows invalid names in the middle of an EA list. via fee1915 Reply with correct trans2 message on a setpathinfo with a bad EA name. via 050c42d Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE. via 515f122 Ensure we can't create a file using NTTRANS with an invalid EA list. via 6a5fed3 Ensure we can't create a file using TRANS2_OPEN with an invalid EA list. via 64e27e2 Add error map of STATUS_INVALID_EA_NAME - ERRDOS, ERRbadfile via 76996fe Add the ability to send an NTSTATUS result back with a trans2 reply so we can return a parameter block with an error code. via 2f76ebd Ensure we can't create a file using SMB2_CREATE with an invalid EA list. via f89d994 Ensure we never return an EA name to a Windows client it can't handle. via 8f40e36 Ensure set_ea cannot set invalid Windows EA names. via 1f902e4 Add ea_list_has_invalid_name() function. from c358417 Fix bug 9678 - Windows 8 Roaming profiles fail http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 9439729feefdd0b962f1a4b9012e973b231cc569 Author: Ralph Wuerthner ral...@de.ibm.com Date: Wed Jul 31 16:33:48 2013 -0700 Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. Ensures correct lease owner for signal delivery. Signed-off-by: Ralph Wuerthner ral...@de.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104 The last 2 patches address bug #10064 - Linux kernel oplock breaks can miss signals. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Aug 7 13:15:02 CEST 2013 on sn-devel-104 commit f17721ee7e3457d591497c2f62834a706d218794 Author: Jeremy Allison j...@samba.org Date: Wed Jul 31 16:32:20 2013 -0700 Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals. Remove workaround for Linux kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=43336 as we don't need to set capabilities when we're already root. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit c3a6b78ab1cec783d53d551fd9c063aad680f0fb Author: Jeremy Allison j...@samba.org Date: Tue Jul 9 16:37:48 2013 -0700 Add torture tests to raw.eas to check sending Windows invalid names in the middle of an EA list. Add torture tests to probe the set of invalid Windows EA names. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing : Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104 commit fee1915a2e24272506eef8272589a366c6b2711b Author: Jeremy Allison j...@samba.org Date: Tue Jul 16 09:14:12 2013 -0700 Reply with correct trans2 message on a setpathinfo with a bad EA name. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing : Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 050c42d282ddcd311a3484a6cf041b7172eca62b Author: Jeremy Allison j...@samba.org Date: Tue Jul 16 11:05:10 2013 -0700 Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing : Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 515f1227d42a7aa8adee6a11539eb2720508509a Author: Jeremy Allison j...@samba.org Date: Tue Jul 9 15:54:39 2013 -0700 Ensure we can't create a file using NTTRANS with an invalid EA list. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing : Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 6a5fed3e3492c5932f8c2e82a9288997a684b550 Author: Jeremy Allison j...@samba.org Date: Tue Jul 9 15:59:53 2013 -0700 Ensure we can't create a file using TRANS2_OPEN with an invalid EA list. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing : Signed-off-by: Jeremy
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 221cffa s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() via 85db68b s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr() via 93d4207 s4:server: avoid calling into nss_winbind from within 'samba' via 45349be s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) via a1a7349 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) via c257e3b service_stream: Log if the connection termination is deferred or not (bug #9820) via a629507 s4-winbind: Add special case for BUILTIN domain via 7ded0ce pam_winbind: update documentation for DIR krb5ccname pragma. via 7ce7020 s3-winbindd: support the DIR pragma for raw kerberos user pam authentication. via 98393f9 wbinfo: allow to define a custom krb5ccname for kerberized pam auth. from 64dce3c s3-netlogon: enumerate UPN suffixes from PASSDB when available http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 221cffa25510b6115490b5c48d60ec231357a068 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 24 10:19:26 2013 +1200 s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. (similar to commit e9ae36e9683372b86f1efbd29904722a33fea083) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104 (cherry picked from commit 077dfd0a89a854c21b91b0f871d034fd9fe82a9a) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Aug 5 11:54:46 CEST 2013 on sn-devel-104 commit 85db68b26c7572e7ea7bc820d14045658803f188 Author: Andrew Bartlett abart...@samba.org Date: Wed Jul 24 10:19:26 2013 +1200 s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit e9ae36e9683372b86f1efbd29904722a33fea083) commit 93d42071056980a9a438cfe4660154a6050226dc Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 10 14:48:18 2013 +0200 s4:server: avoid calling into nss_winbind from within 'samba' The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org The last 5 patches address bug #9820 - crash of winbind after ls -l /usr/local/samba/var/locks/sysvol. commit 45349be04011579f0a65ae687c13c90beaeda684 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104 (cherry picked from commit e6a58d370403e818bc2cfb8389751b78adcc14fd) commit a1a7349888e8f3709a6e98b2ca94be6a4dd13258 Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 27 11:28:03 2013 +1000 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 2505d48e4fbcd8a805a88ad0b05fb1a16a588197) commit c257e3bdf5ff719652ac6e6683c889e2fe449ccd Author: Andrew Bartlett
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f5bd128 VERSION: Bump version number up to 4.0.9. via 3b7e719 Merge tag 'samba-4.0.8' into v4-0-test via dbf87d3 WHATSNEW: Add release notes for Samba 4.0.8. via 03656a7 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via b4bfcdf Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS. via 4df0ef0 VERSION: Bump version number up to 4.0.8. from 221cffa s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f5bd1286f124dd03161dcd876681c3df1d4793f3 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:41:23 2013 +0200 VERSION: Bump version number up to 4.0.9. Signed-off-by: Karolin Seeger ksee...@samba.org commit 3b7e7196c6854cd549a0d2fab39165e0c13fa88f Merge: 221cffa25510b6115490b5c48d60ec231357a068 dbf87d3867c1771a09029b733c8de1e134e270e4 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 5 12:40:37 2013 +0200 Merge tag 'samba-4.0.8' into v4-0-test samba: tag release samba-4.0.8 --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 60 +- source3/smbd/nttrans.c | 12 source4/libcli/raw/raweas.c |7 +++- 4 files changed, 76 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index be94a07..6cb5cba 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6ab15c8..503aff0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ = + Release Notes for Samba 4.0.8 + August 05, 2013 + = + + +This is a security release in order to address +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + +o CVE-2013-4124: + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + + +Changes since 4.0.7: + + +o Jeremy Allison j...@samba.org +* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list + reading can cause server to loop with DOS. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.0.7 July 2, 2013 = @@ -103,8 +159,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 4.0.6 diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 54e475d..f70fb36 100644 --- a/source3/smbd/nttrans.c +++
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via c358417 Fix bug 9678 - Windows 8 Roaming profiles fail via 2d6b4f0 security.idl: add new security_secinfo bits from f5bd128 VERSION: Bump version number up to 4.0.9. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c358417214920a85736ffaaa8f4c8101ef26b0d3 Author: Gregor Beck gb...@sernet.de Date: Thu Aug 1 14:16:24 2013 +0200 Fix bug 9678 - Windows 8 Roaming profiles fail Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some dirs. Ignoring it makes roaming profiles work again. Just like w2k3 gracefully ignore all the other bits. Signed-off-by: Gregor Beck gb...@sernet.de Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Aug 5 22:00:52 CEST 2013 on sn-devel-104 commit 2d6b4f0525966050c9f028a82c74a1da3c60658a Author: Gregor Beck gb...@sernet.de Date: Wed Jul 31 15:28:51 2013 +0200 security.idl: add new security_secinfo bits [MS-DTYP].pdf 2.4.7 Signed-off-by: Gregor Beck gb...@sernet.de --- Summary of changes: librpc/idl/security.idl |3 +++ source3/smbd/nttrans.c |9 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 33085c4..4f0e900 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -600,6 +600,9 @@ interface security SECINFO_DACL = 0x0004, SECINFO_SACL = 0x0008, SECINFO_LABEL= 0x0010, + SECINFO_ATTRIBUTE= 0x0020, + SECINFO_SCOPE= 0x0040, + SECINFO_BACKUP = 0x0001, SECINFO_UNPROTECTED_SACL = 0x1000, SECINFO_UNPROTECTED_DACL = 0x2000, SECINFO_PROTECTED_SACL = 0x4000, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f70fb36..5595af2 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -889,13 +889,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, /* Ensure we have at least one thing set. */ if ((security_info_sent (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { - if (security_info_sent SECINFO_LABEL) { - /* Only consider SECINFO_LABEL if no other - bits are set. Just like W2K3 we don't - store this. */ - return NT_STATUS_OK; - } - return NT_STATUS_INVALID_PARAMETER; + /* Just like W2K3 */ + return NT_STATUS_OK; } /* Ensure we have the rights to do this. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 64dce3c s3-netlogon: enumerate UPN suffixes from PASSDB when available via 38d13bb PASSDB: add support to set and enumerate UPN suffixes associated with our forest via 5dee63c s3-waf: filter out ldapsam internal init functions via 6d3aa05 wafsamba: fix samba_abi for default catch-all case via b2c597f s3-winbind: Do not delete an existing valid credential cache. from ed120ed lib/param: sync debug related options with source3/param http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 64dce3c7b3e92bb3a182b8c469436385b953910e Author: Alexander Bokovoy a...@samba.org Date: Wed Apr 3 16:52:45 2013 +0300 s3-netlogon: enumerate UPN suffixes from PASSDB when available Optionally append list of UPN suffixes if PDB module returns non-empty one. Refactor fill_forest_trust_array() in source3 to allow reuse of the code between _netr_DsRGetForestTrustInformation() and _netr_GetForestTrustInformation() Implement a special case of _netr_DsRGetForestTrustInformation in smbd when trusted_domain_name is NULL (covered by test_DsrEnumerateDomainTrusts() in rpc.netlogon torture tests, see comment in source4/torture/rpc/netlogon.c). Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Tue Apr 9 22:19:34 CEST 2013 on sn-devel-104 The last 4 patches address bug #9779 - add UPN enumeration to passdb internal API. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Jul 18 21:53:53 CEST 2013 on sn-devel-104 commit 38d13bb58cafc54043d7c195402036303e10d357 Author: Alexander Bokovoy a...@samba.org Date: Wed Apr 3 16:37:00 2013 +0300 PASSDB: add support to set and enumerate UPN suffixes associated with our forest Samba PDC may manage a forest containing DNS domains in addition to the primary one. Information about them is advertised via netr_DsRGetForestTrustInformation when trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and via netr_GetForestTrustInformation. This changeset only expands PASSDB API; how suffixes are maintained is left to specific PDB modules. Set function is added so that suffixes could be managed through 'net' and other Samba utilities, if possible. One possible implementation is available for ipasam module in FreeIPA: http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4 Reviewed-by: Andreas Schneider a...@samba.org commit 5dee63cf304a8ddc67863938aac4ed1467c35d2b Author: Alexander Bokovoy a...@samba.org Date: Wed Apr 3 16:01:34 2013 +0300 s3-waf: filter out ldapsam internal init functions pdb_ldapsam_init* functions (init and init_common) are used in pdb_ipa.c and pdb_nds.c which are always linked together with pdb_ldap.c where pdb_ldapsam_init* functions reside. Tested with both ldapsam integrated (into libpdb) and as a separate module. Reviewed-by: Andreas Schneider a...@samba.org commit 6d3aa059040463b6e6e7289398c1d73a3c53c245 Author: Alexander Bokovoy a...@samba.org Date: Wed Apr 3 15:52:06 2013 +0300 wafsamba: fix samba_abi for default catch-all case Only filter out the symbol when positive match was not found and there is negative match. ABI signature file generator worked incorrectly for cases when mixture of positive and negative matches were provided. This resulted in generating empty signature file for libpdb since there was no catch-all positive match anymore. Commit 9ba44cc610426fb558b49aa9680b5bdf55c29082 removed explicit '*' positive match and corresponding vscript generator adds '*' by default if global match list is empty, so this commit introduces feature parity into signature generator. Reviewed-by: Andreas Schneider a...@samba.org commit b2c597f57f19c821e1fb6c6f16e828e5c71909a4 Author: Andreas Schneider a...@samba.org Date: Thu Jul 11 13:44:53 2013 +0200 s3-winbind: Do not delete an existing valid credential cache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994 Thanks to David Woodhouse dw...@infradead.org. Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104 (cherry picked from commit 0529b59fbe3f96509893fc4e93a75d6928b5a532) --- Summary of changes: buildtools/wafsamba/samba_abi.py|4 +- source3/include/passdb.h| 18 - source3/passdb/ABI/pdb-0.sigs |2
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via ed120ed lib/param: sync debug related options with source3/param via ba584a5 lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10 via 42cb71b lib/ldb-samba: make use of DBGC_LDB via 89644f4 lib/util: add 'ldb' debug class via 580740d debug: Add debugclass for DNS server via a56ccfb dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly via afab702 smbd: Fix a 100% loop at shutdown time via f31f55b s3-smbstatus: display [u|g]id of -1 as -1 in connection list via c286950 s3-lib: hide incomplete smbXsrv_tcon_global records via d15f6a8 s3-lib: fix segf while reading incomplete session info (bug #10003) from 0b80e93 vfs_streams_xattr: Do not attempt to write empty attribute twice http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ed120ed4fc6e86d35a40206ad69813dee308d727 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 4 18:11:02 2013 +0200 lib/param: sync debug related options with source3/param The most important change is debug hires timestamp = Yes and syslog = 1. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Jul 9 17:15:15 CEST 2013 on sn-devel-104 (cherry picked from commit cd36a3e902813c065e14059d325f7628b06595aa) The last 5 patches address bug #10015 - Fix/Improve debug options. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Jul 15 22:56:13 CEST 2013 on sn-devel-104 commit ba584a5ce8e7795b3359435860b5f213fcfc87e4 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:56:35 2013 +0200 lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de (cherry picked from commit 5f93822ede7ec3dc79a8057174342b2c6bb94a3b) commit 42cb71be5da8788c0294d960bcb541b627c24076 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:56:08 2013 +0200 lib/ldb-samba: make use of DBGC_LDB Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de (cherry picked from commit 8e0752f4d6feea35304377222d3dd487355e4120) commit 89644f40d77a71b25c0a5f50f8ae6bfbe0ddd2db Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:55:44 2013 +0200 lib/util: add 'ldb' debug class Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de (cherry picked from commit baecc863de0ceb64187c6eb3545bf28706bd84fc) commit 580740dd7fe8fcdf6fa307744087344f7533cfab Author: Kai Blin k...@samba.org Date: Mon Jan 14 01:13:47 2013 +0100 debug: Add debugclass for DNS server Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com (cherry picked from commit 4b010997486b059b90be1f69783a451f400d7df7) commit a56ccfbe9786c57ba0b02440a957a6b6b6334b65 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 22 19:30:50 2013 +1000 dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly A patch by Cove Schneider cov...@yahoo.com who reports: I noticed that the RID numbers seem to increase incrementally, then will suddenly jump by 124501. Unless I'm misunderstanding, shouldn't RID pool allocations just be 500 at a time? e.g. Adding accounts one after another on a single test instance here's how they're incrementing (from 4.0.6): 1596 1597 1598 1599 126100 126101 126102 ... 126599 251100 ... 251599 376100 ... The problem is that this complicates using sssd's AD integration, as that it doesn't expect the RIDs to increase in a single domain so quickly. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jul 4 20:13:05 CEST 2013 on sn-devel-104 (cherry picked from commit 2763cad409430c183f7f1f6f57bc6b38ae616ed9) Fix bug #10014 - Excessive RID allocation. commit afab702a7d319a9dd6ba4e6f607d3868a4f8dbb8 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 16:22:26 2013 +0200 smbd: Fix a 100% loop at shutdown time In the destructor of fsp-aio_requests[0] we put another request into fsp-aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104 (cherry picked
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 0b80e93 vfs_streams_xattr: Do not attempt to write empty attribute twice via f695430 Initialize the file descriptor in the files_struct before trying to close it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF. from 9f7cbc7 s3:smbd:smb2: fix setting of scavenge timeout when reconnecting durable handles http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0b80e9376daf07089dac6221a51dff1ffee6cbac Author: Christof Schmitt christof.schm...@us.ibm.com Date: Wed Jun 12 14:55:15 2013 -0700 vfs_streams_xattr: Do not attempt to write empty attribute twice The create disposition FILE_OVERWRITE_IF is mapped to the flags O_CREAT|O_TRUNC. In vfs_streams_xattr, this triggers two calls to SMB_VFS_SETXATTR. The second can fail if O_EXCL is also set, resulting in an unnecessary error. Merge the identical code to handle O_CREAT and O_TRUNC to avoid setting an empty attribute twice. Also add the flags parameter to the debug message. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 4cd7e1d283f060e794023d5b0a48a7ec97d33820) The last two patches address bug #9970 - Backport vfs_streams_xattr fixes to 4.0 and 4.1. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jul 3 12:22:43 CEST 2013 on sn-devel-104 commit f695430ffb7bb036ffbfdbc5baafb8e8698670e8 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Wed Jun 12 14:49:53 2013 -0700 Initialize the file descriptor in the files_struct before trying to close it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe rsha...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Jun 13 01:43:18 CEST 2013 on sn-devel-104 (cherry picked from commit 5c488cfb79873287e769622fd5da43b7a735e29c) --- Summary of changes: source3/modules/vfs_streams_xattr.c | 43 +- 1 files changed, 12 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index dd1135d..6650021 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -367,8 +367,8 @@ static int streams_xattr_open(vfs_handle_struct *handle, int baseflags; int hostfd = -1; - DEBUG(10, (streams_xattr_open called for %s\n, - smb_fname_str_dbg(smb_fname))); + DEBUG(10, (streams_xattr_open called for %s with flags 0x%x\n, + smb_fname_str_dbg(smb_fname), flags)); if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); @@ -452,40 +452,20 @@ static int streams_xattr_open(vfs_handle_struct *handle, goto fail; } - if (!NT_STATUS_IS_OK(status)) { + if ((!NT_STATUS_IS_OK(status) (flags O_CREAT)) || + (flags O_TRUNC)) { /* -* The attribute does not exist +* The attribute does not exist or needs to be truncated */ -if (flags O_CREAT) { - /* -* Darn, xattrs need at least 1 byte -*/ -char null = '\0'; + /* +* Darn, xattrs need at least 1 byte +*/ + char null = '\0'; - DEBUG(10, (creating attribute %s on file %s\n, - xattr_name, smb_fname-base_name)); + DEBUG(10, (creating or truncating attribute %s on file %s\n, + xattr_name, smb_fname-base_name)); - if (fsp-base_fsp-fh-fd != -1) { - if (SMB_VFS_FSETXATTR( - fsp-base_fsp, xattr_name, - null, sizeof(null), - flags O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; - } - } else { - if (SMB_VFS_SETXATTR( - handle-conn, smb_fname-base_name, - xattr_name, null, sizeof(null), -
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 9f7cbc7 s3:smbd:smb2: fix setting of scavenge timeout when reconnecting durable handles via e309d2e s3:smbd: call scavenger_schedule_disconnected() from close normal file for durable handles via f688ed3 s3:smbd: add a scavenger process for disconnected durable handles via 888694d s3:locking: add function share_mode_cleanup_disconnected() via 4e423bc s3:locking: improve debug output of parse_share_modes() via 73f7c56 s3:locking: no need to make a file_id passed by value a constant via 1446ff4 s3:locking:brlock: add function brl_cleanup_disconnected() via 66eedcd s3:locking:brlock: explain the lockdb_clean semantic better in brl_reconnect_disconnected() via b25d4ae s3:locking:brlock: let validate_lock_entries keep entries for disconnected servers in traverses via 383e20d s3:locking:brlock: improve the comment for the brl self cleaning code via ff5e657 s3:locking:brlock: use serverids_exist to validate_lock_entries via 9fa4365 s3:smbXsrv_open: add function smbXsrv_open_cleanup() via db0325f s3:smbXsrv_open: factor out smbXsrv_open_global_parse_record via 17106d7 s3:smbXsrv_open: add smbXsrv_open_global_traverse() via e5c3875 lib: Add prctl_set_comment to utils. via 5eccfbf s3:smbd:smb2: fix segfault (access after free) in durable disconnect code via af17545 s3:smbd: add debugging to close code (regarding disconnect of a durable) via 6a8cd1c s3:smbd: use smbXsrv_open_close() instead of smbXsrv_open_update() from 5c8e5ba VERSION: Bump version number up to 4.0.8... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 9f7cbc7e8916268da7fa6e2e7bd4e1a1154ab1ab Author: Michael Adam ob...@samba.org Date: Thu Apr 18 13:11:03 2013 +0200 s3:smbd:smb2: fix setting of scavenge timeout when reconnecting durable handles The bug fixed with this commit led to reconnected durable handles having a disconnect timeout of 0 msec. This fix re-establishes the original timeout for the reconnected handle. Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Michael Adam ob...@samba.org (cherry picked from commit beb9a27180e5570337381d03fac55bbe6d1637e0) The last 18 patches address bug #9930 - smbd did not cleanup disonnected durable handles. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jul 2 12:45:17 CEST 2013 on sn-devel-104 commit e309d2e3cf1e32b1302a38915fc5e3165626e9f3 Author: Gregor Beck gb...@sernet.de Date: Wed Mar 20 10:01:43 2013 +0100 s3:smbd: call scavenger_schedule_disconnected() from close normal file for durable handles Signed-off-by: Gregor Beck gb...@sernet.de Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit c2ef5182e32fafeb3e279d9fc3a2a409e4aa0543) commit f688ed37faa5c4e8979c0ae6e18859e9b0dc020b Author: Gregor Beck gb...@sernet.de Date: Thu Feb 7 15:26:37 2013 +0100 s3:smbd: add a scavenger process for disconnected durable handles Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 1ed22ba4b7998c1fc29476e931bd463f2bc1ba7e) Conflicts: source3/Makefile.in commit 888694d3b15c54696e9ccde4b37a4eb1e98f2e65 Author: Gregor Beck gb...@sernet.de Date: Wed Mar 13 11:35:37 2013 +0100 s3:locking: add function share_mode_cleanup_disconnected() For a given file, clean share mode entries for a given persistent file id. Pair-Programmed-With: Michael Adam ob...@samba.org Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org (cherry picked from commit f608bedfca4118b7e3606802df40e266bcc099d8) commit 4e423bc59703994842d6c271203894c485e9faa3 Author: Gregor Beck gb...@sernet.de Date: Wed Mar 20 10:22:06 2013 +0100 s3:locking: improve debug output of parse_share_modes() Signed-off-by: Gregor Beck gb...@sernet.de Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 0ac0b35dad796d10cf04ab77a53a926420cc0589) commit 73f7c56e1c890d9e50665b0bdd23234925d48112 Author: Gregor Beck gb...@sernet.de Date: Tue Mar 12 15:10:51 2013 +0100 s3:locking: no need to make a file_id passed by value a constant Signed-off-by: Gregor Beck gb...@sernet.de Reviewed-by: Michael
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5c8e5ba VERSION: Bump version number up to 4.0.8... via 5e3a301 VERSION: Disable git snapshots for the 4.0.7 release. from 67a77db WHATSNEW: Add release notes for Samba 4.0.7. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5c8e5bad4ebe100277c72f1770b3aff4302e1eb3 Author: Karolin Seeger ksee...@samba.org Date: Fri Jun 28 10:54:57 2013 +0200 VERSION: Bump version number up to 4.0.8... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit 5e3a3012f3083c40e70f89c1d96ffa6be91aa72a Author: Karolin Seeger ksee...@samba.org Date: Fri Jun 28 10:47:42 2013 +0200 VERSION: Disable git snapshots for the 4.0.7 release. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0eb98b6..be94a07 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 67a77db WHATSNEW: Add release notes for Samba 4.0.7. from cc13903 torture: Add tests for LDAP substring search with no strings provided http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 67a77db2693dd50ea5ebc722dee1b74f2352e725 Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 27 10:18:24 2013 +0200 WHATSNEW: Add release notes for Samba 4.0.7. Signed-off-by: Karolin Seeger ksee...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jun 28 10:30:31 CEST 2013 on sn-devel-104 --- Summary of changes: WHATSNEW.txt | 112 - 1 files changed, 110 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c8f08da..6ab15c8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,112 @@ = + Release Notes for Samba 4.0.7 + July 2, 2013 + = + + +This is is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.7 include: + +o Fix a core dump with invalid lock order while opening/editing + or copying MS files (bug #9794). +o Fix crash bug from search of mail= (bug #9967). +o winbind4: talloc use after free (bug #9832). + + +Changes since 4.0.6: + + +o Michael Adam ob...@samba.org +* BUG 9909: build: Add missing new line to replaced python shebang line. + + +o Jeremy Allison j...@samba.org +* BUG 9794: Fix a core dump with invalid lock order while opening/editing + or copying MS files. + + +o Andrew Bartlett abart...@samba.org +* BUG 9465: s3-rpc_server: Ensure we are root when starting and using + gensec. +* BUG 9906: Doc fixes for 4.0. +* BUG 9907: Build fixes for 4.0 found during autoconf or debian packaging + work. +* BUG 9967: Fix crash bug from search of mail=. +* BUG 9968: Fix build with system Heimdal of samba4kgetcred. + + +o Björn Baumbach b...@sernet.de +* BUG 9947: Check for netbios aliases in ad_get_referrals. + + +o Kai Blin k...@samba.org +* BUG 9485: Add support for MX queries. +* BUG 9559: dns: Delete dnsNode objects when they are empty. +* BUG 9632: dns: Support larger queries when asking forwarder. + + +o David Disseldorp dd...@samba.org +* BUG 8997: Change libreplace GPL source to LGPL. +* BUG 9900: is_printer_published GUID retrieval. +* BUG 9910: PIE builds not supported. + + +o Peng Haitao pen...@cn.fujitsu.com +* BUG 9941: Fix a bug of drvupgrade of smbcontrol. + + +o Björn Jacke b...@sernet.de +* BUG 9880: Use of wrong RFC2307 primary group field. + + +o Volker Lendecke v...@samba.org +* BUG 9832: winbind4: talloc use after free. +* BUG 9953: Fix tevent_poll on 32-bit machines (Coverity ID 989236). + + +o Stefan Metzmacher me...@samba.org +* BUG 9805: s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST. +* BUG 9929: s4:winbind: Don't leak libnet_context into the main event + context. + + +o Andreas Schneider a...@samba.org +* BUG 9881: Check for system libtevent. + + +o Michael Wood esiot...@gmail.com +* BUG 9964: docs: Avoid mentioning a possibly misleading option. + + +o Vadim Zhukov persg...@gmail.com +* BUG 9888: More generic check for OpenBSD platform. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.0.6 May 21, 2013 = @@ -96,8 +204,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: -
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via cc13903 torture: Add tests for LDAP substring search with no strings provided via 51f19c4 libcli/ldap: Cope with substring match with no chunks in ldap_push_filter via 980ecbf ldb: bump version to allow a depencency on the substring crash fix via 1650e8a ldb: Cope with substring match with no chunks in ldb_filter_from_tree via df6574c ldb: Ensure not to segfault on a filter such as (mail=) via b67c906 heimdal_build: Add missing dep on samba4kgetcred from 4b25860 docs: Avoid mentioning a possibly misleading option. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit cc139035600923af4e8837548f5f210f191c3b38 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 22 16:55:08 2013 +1000 torture: Add tests for LDAP substring search with no strings provided Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Jun 24 23:55:07 CEST 2013 on sn-devel-104 (cherry picked from commit 7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e) The last 5 patches address bug #9967 - Fix crash bug from search of mail=. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jun 25 13:35:05 CEST 2013 on sn-devel-104 commit 51f19c4e8517148030efbdd7830b5739bfc82328 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 22 17:01:42 2013 +1000 libcli/ldap: Cope with substring match with no chunks in ldap_push_filter Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 70cb7fd214041e8ffacc98de4dbde3ecd77bba85) commit 980ecbf13d6b29bdb280b024d4bcb9243159ded5 Author: Andrew Bartlett abart...@samba.org Date: Mon Jun 24 15:28:39 2013 +1000 ldb: bump version to allow a depencency on the substring crash fix Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 4ca963926938917bf32af4eead61ded2a8275139) commit 1650e8a9a244d0ea029dc0ce88eda277cf2be261 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 22 17:01:02 2013 +1000 ldb: Cope with substring match with no chunks in ldb_filter_from_tree Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit 1a279f74b72018f0742fc407e0574c9dbd7b7883) commit df6574ce0f73b9574a95d927c67774a31d07fa6a Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 15 16:00:42 2013 +1000 ldb: Ensure not to segfault on a filter such as (mail=) As reported by Robin McCorkell xenopat...@gmail.com triggered by Mozilla Thunderbird as an LDAP client. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Matthieu Patou m...@matws.net Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Jun 22 09:33:14 CEST 2013 on sn-devel-104 (cherry picked from commit 0ee8650d778736a130e914df9e14734ef18e0fb5) commit b67c906b20f4658bb1c1bfd3bebef521c7063916 Author: Andrew Bartlett abart...@samba.org Date: Sun Jun 16 14:02:57 2013 +1000 heimdal_build: Add missing dep on samba4kgetcred This started to fail on current Debian Sid with system Heimdal after a binutils update. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-By: Jelmer Vernooij jel...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Jun 25 02:30:59 CEST 2013 on sn-devel-104 (cherry picked from commit 48ae86f74c5ed2ae2612d61e232bfcf93d44c7f8) Fix bug #9968 - fix build with system Heimdal of samba4kgetcred. --- Summary of changes: lib/ldb/ABI/{ldb-1.1.14.sigs = ldb-1.1.16.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.16.sigs} |0 lib/ldb/common/ldb_match.c |5 + lib/ldb/common/ldb_parse.c |2 +- lib/ldb/wscript|2 +- libcli/ldap/ldap_message.c | 41 source4/heimdal_build/wscript_build|2 +- source4/torture/ldap/basic.c | 110 8 files changed, 140 insertions(+), 22 deletions(-) copy lib/ldb/ABI/{ldb-1.1.14.sigs = ldb-1.1.16.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs = pyldb-util-1.1.16.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.16.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.1.14.sigs copy to
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4b25860 docs: Avoid mentioning a possibly misleading option. from a46a6be tevent: Fix Coverity ID 989236 Operands don't affect result http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4b258609cd4c47d164f73b4f8dc93e466e5ee1c3 Author: Michael Wood esiot...@gmail.com Date: Sat Jun 1 10:35:56 2013 +0200 docs: Avoid mentioning a possibly misleading option. Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 5528551ea39686194837a8083c85b71dedbe6f0e) Fix bug #9964 - For v4-0-test: docs: Avoid mentioning a possibly misleading option. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jun 21 11:41:46 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/smbdotconf/domain/allowdnsupdates.xml |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/domain/allowdnsupdates.xml b/docs-xml/smbdotconf/domain/allowdnsupdates.xml index fc7d3e8..1563d29 100644 --- a/docs-xml/smbdotconf/domain/allowdnsupdates.xml +++ b/docs-xml/smbdotconf/domain/allowdnsupdates.xml @@ -8,8 +8,8 @@ paraDNS updates can either be disallowed completely by setting it to constantdisabled/constant, enabled over secure connections only by - setting it to constantsecure/constant or allowed in all cases - by setting it to constantenabled/constant or constantnonsecure/constant. + setting it to constantsecure only/constant or allowed in all cases + by setting it to constantnonsecure/constant. /para /description -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a46a6be tevent: Fix Coverity ID 989236 Operands don't affect result from 45ba921 Bug 8997: change libreplace GPL source to LGPL http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a46a6be123c1e8d754d1e81c71bd11c14e9c63d4 Author: Volker Lendecke v...@samba.org Date: Thu Jun 13 20:35:32 2013 +0200 tevent: Fix Coverity ID 989236 Operands don't affect result unsigned could be less than uint64_t, so idx==UINT64_MAX is always false. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org (cherry picked from commit dd0e38b5feb51c8aa44e76bb6c84202bf8373005) Fix bug #9953 - tevent_poll on 32-bit machines broken. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jun 18 13:00:57 CEST 2013 on sn-devel-104 --- Summary of changes: lib/tevent/tevent_poll.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c index 92fcc44..f433dab 100644 --- a/lib/tevent/tevent_poll.c +++ b/lib/tevent/tevent_poll.c @@ -546,7 +546,7 @@ static int poll_event_loop_poll(struct tevent_context *ev, the handler to remove itself when called */ for (fde = ev-fd_events; fde; fde = fde-next) { - unsigned idx = fde-additional_flags; + uint64_t idx = fde-additional_flags; struct pollfd *pfd; uint16_t flags = 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 45ba921 Bug 8997: change libreplace GPL source to LGPL via 897bfd1 s4-dfs_server: check for netbios aliases in ad_get_referrals (bug #9947) from 57a6c8f dns: Support larger queries when asking forwarder http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 45ba92168ae958948986dab56e9024252370d2b6 Author: David Disseldorp dd...@samba.org Date: Mon Jun 3 13:00:31 2013 +0200 Bug 8997: change libreplace GPL source to LGPL libreplace currently includes socket.c and getifaddrs.c both of which are GPL licensed. Although not required, talloc and tdb build alongside this source, leading to some ambiguity regarding their LGPL licences. The following copyright holders have agreed to the GPL-LGPL change: lib/replace/getifaddrs.c Copyright (C) Andrew Tridgell 1998 Copyright (C) Jeremy Allison 2007 Copyright (C) Jelmer Vernooij jel...@samba.org 2007 lib/replace/test/getifaddrs.c lib/replace/socket.c * Copyright (C) Michael Adam ob...@samba.org 2008 Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 8a6743e4edcdff1c7860d150720483f19f3b33bb) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jun 14 10:53:57 CEST 2013 on sn-devel-104 commit 897bfd1db60baf0690471b32b6b68b61cee3e2df Author: Björn Baumbach b...@sernet.de Date: Wed Jun 5 15:01:14 2013 +0200 s4-dfs_server: check for netbios aliases in ad_get_referrals (bug #9947) Without this patch ad_get_referrals checks for netbios, dns names and ip, but not for netbios aliases set by netbios aliases option, whether the requested name is our dns name. Pair-programmed-with: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Baumbach b...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Tue Jun 11 01:12:08 CEST 2013 on sn-devel-104 (cherry picked from commit 424a990e34278fae4888b00affb530ed1fbcb354) --- Summary of changes: dfs_server/dfs_server_ad.c| 35 +++ lib/replace/getifaddrs.c | 28 lib/replace/socket.c | 22 +- lib/replace/test/getifaddrs.c | 24 ++-- 4 files changed, 78 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c index ceabe05..8fa143d 100644 --- a/dfs_server/dfs_server_ad.c +++ b/dfs_server/dfs_server_ad.c @@ -751,6 +751,7 @@ NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx, const char *dns_domain; const char *netbios_name; const char *dns_name; + const char **netbios_aliases; if (!lpcfg_host_msdfs(lp_ctx)) { return NT_STATUS_FS_DRIVER_REQUIRED; @@ -827,6 +828,40 @@ NTSTATUS dfs_server_ad_get_referrals(struct loadparm_context *lp_ctx, return NT_STATUS_NOT_FOUND; } + netbios_aliases = lpcfg_netbios_aliases(lp_ctx); + while (netbios_aliases *netbios_aliases) { + const char *netbios_alias = *netbios_aliases; + char *dns_alias; + int cmp; + + cmp = strcasecmp_m(server_name, netbios_alias); + if (cmp == 0) { + /* +* If it is not domain related do not +* handle it here. +*/ + return NT_STATUS_NOT_FOUND; + } + + dns_alias = talloc_asprintf(r, %s.%s, + netbios_alias, + dns_domain); + if (dns_alias == NULL) { + return NT_STATUS_NO_MEMORY; + } + + cmp = strcasecmp_m(server_name, dns_alias); + talloc_free(dns_alias); + if (cmp == 0) { + /* +* If it is not domain related do not +* handle it here. +*/ + return NT_STATUS_NOT_FOUND; + } + netbios_aliases++; + } + if ((strcasecmp_m(server_name, netbios_domain) != 0) (strcasecmp_m(server_name, dns_domain) != 0)) { /* diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c index 84d7906..8da022f 100644 --- a/lib/replace/getifaddrs.c +++ b/lib/replace/getifaddrs.c @@ -4,19 +4,23 @@