The branch, v4-0-test has been updated via fe880b5 WHATSNEW: Remove default values. via 3cebcfc WHATSNEW: Add more changes since rc1. via a7c4372 s4-dns: fix a non handled memory out of memory via 3d3acf0 s3fs-smbd: Move housekeeping to the background process. via b74ed15 Fix service control for non-internal services. via 6d184c0 s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). via 9525921 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx(). via 3058755 s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable from a92e4e5 docs-xml: fix build of winbindd- and krb5 locator-related manpages
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit fe880b5bdb7b4663460033053f3e82a1568c9f11 Author: Karolin Seeger <ksee...@samba.org> Date: Tue Oct 2 09:23:45 2012 +0200 WHATSNEW: Remove default values. Karolin Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Tue Oct 2 11:05:25 CEST 2012 on sn-devel-104 commit 3cebcfc0ad456cfde4023deb561f0dcc758f17d8 Author: Karolin Seeger <ksee...@samba.org> Date: Tue Oct 2 09:20:00 2012 +0200 WHATSNEW: Add more changes since rc1. Karolin commit a7c437285f15f8a1e46a4f6d57d6b6986720ed84 Author: Matthieu Patou <m...@matws.net> Date: Mon Oct 1 21:43:11 2012 -0700 s4-dns: fix a non handled memory out of memory Fix bug #9233 - internal dns server has a non handled out of memory case. commit 3d3acf04da37d99aceb4759849a42a8ecae2333f Author: Andreas Schneider <a...@samba.org> Date: Thu Sep 27 19:01:15 2012 +0200 s3fs-smbd: Move housekeeping to the background process. If you add 200 printers using lpadmin. Then you wait for the printcap cache to expire. As soon as this expires we notify all deamons that they should reload the printers. This mean we need to create the default registry keys for each printer. If you do e.g. a 'smbclient -L' during that time you will get a lot of timeouts. This lets the housekeeping function of the printcap cache do the task of creating the default registry keys in background queue process. When it is done with the task it will tell all smbd childs to reload the printers and the 200 printers appear. (cherry picked from commit aa6a7a97803b1106d2200c889a2260f81059c450) Signed-off-by: Andreas Schneider <a...@samba.org> Fix bug #9231 - NT_STATUS_IO_TIMEOUT during slow import of printers into registry. commit b74ed1511753bd9b51c91a02e0cb4ea42e3ea37e Author: Vladimir Marek <vladimir.ma...@oracle.com> Date: Mon Sep 17 13:50:55 2012 -0700 Fix service control for non-internal services. Signed-off-by: Jeremy Allison <j...@samba.org> (cherry picked from commit a4e8869f7c93f30dd7014ff83d6d2f2b5afc2d64) Signed-off-by: Andreas Schneider <a...@samba.org> Fix bug #9192 - svcctl list option prohibits smbd to start. commit 6d184c07438328ff88b7de942b0c39ce44a20d0a Author: Günther Deschner <g...@samba.org> Date: Fri Sep 28 18:04:07 2012 +0200 s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). Guenther Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Sat Sep 29 00:34:04 CEST 2012 on sn-devel-104 Fix bug #9185 - Winbind cannot resolve AD DC in a different subnet. commit 9525921d8d5a6d2e51e55171d26908fd1d6d7503 Author: Günther Deschner <g...@samba.org> Date: Fri Sep 28 18:03:25 2012 +0200 s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx(). Guenther commit 3058755280fa7a8d35a13cdd459be3e1db2a373a Author: Sumit Bose <sb...@redhat.com> Date: Tue Sep 11 13:28:35 2012 +0200 s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable Signed-off-by: Günther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 70 ++++++++++++++++++---------- source3/printing/queue_process.c | 9 ++++ source3/rpc_server/lsa/srv_lsa_nt.c | 5 ++ source3/rpc_server/svcctl/srv_svcctl_reg.c | 4 -- source3/winbindd/winbindd_cm.c | 11 ++++- source3/winbindd/winbindd_rpc.c | 68 +++++++++++++++++++-------- source3/winbindd/winbindd_util.c | 4 +- source4/dns_server/dns_server.c | 1 + 8 files changed, 119 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c62676e..02232c4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -102,29 +102,29 @@ Changes smb.conf changes ---------------- - Parameter Name Description Default - -------------- ----------- ------- + Parameter Name Description + -------------- ----------- - allow dns updates New disabled + allow dns updates New announce as Removed announce version Removed - cldap port New 0 + cldap port New client max protocol New client min protocol New - client signing Changed default default + client signing Changed default dcerpc endpoint servers New - dgram port New 0 + dgram port New display charset Removed dns forwarder New dns update command New - homedir map Changed default auto.home - kernel share modes New Yes - kpasswd port New 0 - krb5 port New 0 + homedir map Changed default + kernel share modes New + kpasswd port New + krb5 port New max protocol Removed min protocol Removed - nbt client socket address New 0.0.0.0 - nbt port New 0 + nbt client socket address New + nbt port New nsupdate command New ntp signd socket directory New ntvfs handler New @@ -132,19 +132,19 @@ smb.conf changes pid directory New printer admin Removed rndc command New - rpc big endian New No + rpc big endian New samba kcc command New send spnego principal Removed - server max protocol New SMB3 - server min protocol New LANMAN1 - server role New auto + server max protocol New + server min protocol New + server role New server services New - server signing Changed default default + server signing Changed default share backend New share modes Removed - smb2 max read Changed default 1048576 - smb2 max write Changed default 1048576 - smb2 max trans Changed default 1048576 + smb2 max read Changed default + smb2 max write Changed default + smb2 max trans Changed default socket address Removed spn update command New time offset Removed @@ -152,12 +152,12 @@ smb.conf changes tls certfile New tls crlfile New tls dh params file New - tls enabled New No + tls enabled New tls keyfile New - unicode New Yes - web port New 0 + unicode New + web port New winbindd privileged socket directory New - winbind sealed pipes New No + winbind sealed pipes New winbindd socket directory New @@ -181,8 +181,19 @@ o Christian Ambach <a...@samba.org> * BUG 9197: Only do 'printing_subsystem_update' when printing is enabled. +o Andrew Bartlett <abart...@samba.org> + * BUG 9228: Fix build on systems without ldap development headers. + + o Alexander Bokovoy <a...@samba.org> * BUG 9157: Cleanup idmap_ldap build dependencies. + * BUG 9228: Make smbldaphelper subsystem an internal library. + * BUG 9229: Fix build of winbindd- and krb5 locator-related manpages. + + +o Sumit Bose <sb...@redhat.com> + * BUG 9185: Allow DNS resolution of trusted domains if DNS name is + available. o Ira Cooper <i...@samba.org> @@ -190,6 +201,10 @@ o Ira Cooper <i...@samba.org> * BUG 9173: Compound requests should continue processing. +o Günther Deschner <g...@samba.org> + * BUG 9185: Winbind cannot resolve AD DC in a different subnet. + + o Björn Jacke <b...@sernet.de> * BUG 9162: Fix the build of the ACL VFS modules. * BUG 9172: Fix reporting of gfs2 quotas. @@ -200,6 +215,10 @@ o Volker Lendecke <v...@samba.org> on read-only shares. +o Vladimir Marek <vladimir.ma...@oracle.com> + * BUG 9192: Fix service control for non-internal services. + + o Stefan Metzmacher <me...@samba.org> * BUG 9173: Make the SMB2 compound request create/delete_on_close/ close work as Windows. @@ -213,12 +232,15 @@ o Stefan Metzmacher <me...@samba.org> o Matthieu Patou <m...@matws.net> * BUG 9199: Fix usage of "panic action". + * BUG 9233: Fix a non handled memory out of memory. o Andreas Schneider <a...@samba.org> * BUG 8632: Fix builtin forms order to match Windows again. * BUG 9159: Fix generating idmap manpages. * BUG 9218: Don't segfault if user specified ports out for range. + * BUG 9231: Fix NT_STATUS_IO_TIMEOUT during slow import of printers into + registry. KNOWN ISSUES diff --git a/source3/printing/queue_process.c b/source3/printing/queue_process.c index cf3becd..3d142dd 100644 --- a/source3/printing/queue_process.c +++ b/source3/printing/queue_process.c @@ -41,6 +41,15 @@ extern pid_t start_spoolssd(struct event_context *ev_ctx, static void reload_pcap_change_notify(struct tevent_context *ev, struct messaging_context *msg_ctx) { + /* + * Reload the printers first in the background process so that + * newly added printers get default values created in the registry. + * + * This will block the process for some time (~1 sec per printer), but + * it doesn't block smbd's servering clients. + */ + delete_and_reload_printers(ev, msg_ctx); + message_send_all(msg_ctx, MSG_PRINTER_PCAP, NULL, 0, NULL); } diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index fc403df..f4dc4af 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -3940,9 +3940,14 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struct pipes_struct *p, } for (i=0; i<count; i++) { + init_lsa_StringLarge(&entries[i].domain_name, + domains[i]->domain_name); init_lsa_StringLarge(&entries[i].netbios_name, domains[i]->netbios_name); entries[i].sid = &domains[i]->security_identifier; + entries[i].trust_direction = domains[i]->trust_direction; + entries[i].trust_type = domains[i]->trust_type; + entries[i].trust_attributes = domains[i]->trust_attributes; } if (*r->in.resume_handle >= count) { diff --git a/source3/rpc_server/svcctl/srv_svcctl_reg.c b/source3/rpc_server/svcctl/srv_svcctl_reg.c index c3ce43f..930c327 100644 --- a/source3/rpc_server/svcctl/srv_svcctl_reg.c +++ b/source3/rpc_server/svcctl/srv_svcctl_reg.c @@ -392,10 +392,6 @@ static bool svcctl_add_service(TALLOC_CTX *mem_ctx, } } - if (ipath == NULL || dname == NULL || description == NULL) { - goto done; - } - /* Default to an external service if we haven't found a match */ if (builtin_svcs[i].servicename == NULL) { struct rcinit_file_information *init_info = NULL; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index c08530e..0639be1 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1286,10 +1286,17 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, iplist_size = 0; } - /* Try standard netbios queries if no ADS */ + /* Try standard netbios queries if no ADS and fall back to DNS queries + * if alt_name is available */ if (*num_dcs == 0) { get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, - False); + false); + if (iplist_size == 0) { + if (domain->alt_name != NULL) { + get_sorted_dc_list(domain->alt_name, NULL, &ip_list, + &iplist_size, true); + } + } for ( i=0; i<iplist_size; i++ ) { char addr[INET6_ADDRSTRLEN]; diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 8a11cb2..a3faf42 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -972,29 +972,44 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, do { struct lsa_DomainList dom_list; + struct lsa_DomainListEx dom_list_ex; + bool has_ex = false; uint32_t i; /* * We don't run into deadlocks here, cause winbind_off() is * called in the main function. */ - status = dcerpc_lsa_EnumTrustDom(b, - mem_ctx, - lsa_policy, - &enum_ctx, - &dom_list, - (uint32_t) -1, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (!NT_STATUS_IS_OK(result)) { - if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - return result; + status = dcerpc_lsa_EnumTrustedDomainsEx(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list_ex, + (uint32_t) -1, + &result); + if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) && + dom_list_ex.count > 0) { + count += dom_list_ex.count; + has_ex = true; + } else { + status = dcerpc_lsa_EnumTrustDom(b, + mem_ctx, + lsa_policy, + &enum_ctx, + &dom_list, + (uint32_t) -1, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + return result; + } } - } - count += dom_list.count; + count += dom_list.count; + } array = talloc_realloc(mem_ctx, array, @@ -1004,21 +1019,32 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - for (i = 0; i < dom_list.count; i++) { + for (i = 0; i < count; i++) { struct netr_DomainTrust *trust = &array[i]; struct dom_sid *sid; ZERO_STRUCTP(trust); - trust->netbios_name = talloc_move(array, - &dom_list.domains[i].name.string); - trust->dns_name = NULL; - sid = talloc(array, struct dom_sid); if (sid == NULL) { return NT_STATUS_NO_MEMORY; } - sid_copy(sid, dom_list.domains[i].sid); + + if (has_ex) { + trust->netbios_name = talloc_move(array, + &dom_list_ex.domains[i].netbios_name.string); + trust->dns_name = talloc_move(array, + &dom_list_ex.domains[i].domain_name.string); + + sid_copy(sid, dom_list_ex.domains[i].sid); + } else { + trust->netbios_name = talloc_move(array, + &dom_list.domains[i].name.string); + trust->dns_name = NULL; + + sid_copy(sid, dom_list.domains[i].sid); + } + trust->sid = sid; } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index c36ae0b..25ef750 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -108,9 +108,9 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } } - /* ignore alt_name if we are not in an AD domain */ + /* use alt_name if available to allow DNS lookups */ - if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { + if (alt_name && *alt_name) { alternative_name = alt_name; } diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index c88ea83..21bd3b3 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -810,6 +810,7 @@ static void dns_task_init(struct task_server *task) z = talloc_zero(dns, struct dns_server_zone); if (z == NULL) { + task_server_terminate(task, "dns failed to allocate memory", true); } z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL); -- Samba Shared Repository