The branch, v4-0-test has been updated via ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. via f40de48 s4-dns: Fix format string vulnerability in an error message (bug #9354) via 5296386 lib/ldb: add missing newline in the output of ldb_ldif_write_trace() from e46a6cd s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit ce8beb781f7456e53262bd331ab3fbb8a100356b Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 8 17:08:01 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Thu Nov 15 11:17:55 CET 2012 on sn-devel-104 commit f40de482dac07db30e3b702d6853f5c8381e47c3 Author: Amitay Isaacs <ami...@gmail.com> Date: Mon Nov 5 01:09:28 2012 +1100 s4-dns: Fix format string vulnerability in an error message (bug #9354) Also, fixes few comments. Thanks to Bruno Rohée <br...@rohee.org> for reporting and patch fix. Signed-off-by: Amitay Isaacs <ami...@gmail.com> Reviewed-By: Kai Blin <k...@samba.org> Autobuild-User(master): Amitay Isaacs <ami...@samba.org> Autobuild-Date(master): Sun Nov 4 16:58:13 CET 2012 on sn-devel-104 (cherry picked from commit 1f55865f2830d0fa36a3f4eeb846f66940b133cd) commit 52963866a2e6527bbb093bbdb840b8c3f2cae9ad Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 12 11:42:52 2012 +0100 lib/ldb: add missing newline in the output of ldb_ldif_write_trace() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Tue Nov 13 13:53:31 CET 2012 on sn-devel-104 Fix bug #9385 - add missing newline in the output of ldb_ldif_write_trace(). ----------------------------------------------------------------------- Summary of changes: lib/ldb/common/ldb_ldif.c | 2 +- source3/smbd/posix_acls.c | 14 ++++++++++---- source4/dns_server/dlz_bind9.c | 9 +++++---- 3 files changed, 16 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c index 419906b..a2e4488 100644 --- a/lib/ldb/common/ldb_ldif.c +++ b/lib/ldb/common/ldb_ldif.c @@ -333,7 +333,7 @@ static int ldb_ldif_write_trace(struct ldb_context *ldb, if (in_trace && secret_attributes && ldb_attr_in_list(secret_attributes, msg->elements[i].name)) { /* Deliberatly skip printing this password */ - ret = fprintf_fn(private_data, "# %s::: REDACTED SECRET ATTRIBUTE", + ret = fprintf_fn(private_data, "# %s::: REDACTED SECRET ATTRIBUTE\n", msg->elements[i].name); CHECK_RET; continue; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d437b28..5ce3bf3 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1369,7 +1369,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { - if (setting_acl && !is_default_acl) { + if (setting_acl) { + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ apply_default_perms(params, is_directory, pace, S_IRUSR); } pace_user = pace; @@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, pace->perms = pace_other->perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index c3c4172..87d9245 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -379,7 +379,8 @@ static bool b9_parse(struct dlz_bind9_data *state, /* we should be at the end of the buffer now */ if (strtok_r(NULL, "\t ", &saveptr) != NULL) { - state->log(ISC_LOG_ERROR, "samba b9_parse: expected data at end of string for '%s'"); + state->log(ISC_LOG_ERROR, "samba b9_parse: unexpected data at end of string for '%s'", + rdatastr); return false; } @@ -387,7 +388,7 @@ static bool b9_parse(struct dlz_bind9_data *state, } /* - send a resource recond to bind9 + send a resource record to bind9 */ static isc_result_t b9_putrr(struct dlz_bind9_data *state, void *handle, struct dnsp_DnssrvRpcRecord *rec, @@ -427,7 +428,7 @@ static isc_result_t b9_putrr(struct dlz_bind9_data *state, /* - send a named resource recond to bind9 + send a named resource record to bind9 */ static isc_result_t b9_putnamedrr(struct dlz_bind9_data *state, void *handle, const char *name, @@ -1451,7 +1452,7 @@ static bool b9_set_session_info(struct dlz_bind9_data *state, const char *name) return false; } - /* Do not use client credentials, if we not updating the client specified name */ + /* Do not use client credentials, if we're not updating the client specified name */ if (strcmp(state->update_name, name) != 0) { return true; } -- Samba Shared Repository