The branch, v4-0-test has been updated
via ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
via f40de48 s4-dns: Fix format string vulnerability in an error message
(bug #9354)
via 5296386 lib/ldb: add missing newline in the output of
ldb_ldif_write_trace()
from e46a6cd s3:winbind: BUG 9386: Failover if netlogon pipe is not
available.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit ce8beb781f7456e53262bd331ab3fbb8a100356b
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 8 17:08:01 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-0-test): Thu Nov 15 11:17:55 CET 2012 on sn-devel-104
commit f40de482dac07db30e3b702d6853f5c8381e47c3
Author: Amitay Isaacs <ami...@gmail.com>
Date: Mon Nov 5 01:09:28 2012 +1100
s4-dns: Fix format string vulnerability in an error message (bug #9354)
Also, fixes few comments.
Thanks to Bruno Rohée <br...@rohee.org> for reporting and patch fix.
Signed-off-by: Amitay Isaacs <ami...@gmail.com>
Reviewed-By: Kai Blin <k...@samba.org>
Autobuild-User(master): Amitay Isaacs <ami...@samba.org>
Autobuild-Date(master): Sun Nov 4 16:58:13 CET 2012 on sn-devel-104
(cherry picked from commit 1f55865f2830d0fa36a3f4eeb846f66940b133cd)
commit 52963866a2e6527bbb093bbdb840b8c3f2cae9ad
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 12 11:42:52 2012 +0100
lib/ldb: add missing newline in the output of ldb_ldif_write_trace()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Nov 13 13:53:31 CET 2012 on sn-devel-104
Fix bug #9385 - add missing newline in the output of ldb_ldif_write_trace().
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_ldif.c | 2 +-
source3/smbd/posix_acls.c | 14 ++++++++++----
source4/dns_server/dlz_bind9.c | 9 +++++----
3 files changed, 16 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 419906b..a2e4488 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -333,7 +333,7 @@ static int ldb_ldif_write_trace(struct ldb_context *ldb,
if (in_trace && secret_attributes &&
ldb_attr_in_list(secret_attributes, msg->elements[i].name)) {
/* Deliberatly skip printing this password */
- ret = fprintf_fn(private_data, "# %s::: REDACTED SECRET
ATTRIBUTE",
+ ret = fprintf_fn(private_data, "# %s::: REDACTED SECRET
ATTRIBUTE\n",
msg->elements[i].name);
CHECK_RET;
continue;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index d437b28..5ce3bf3 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1369,7 +1369,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
- if (setting_acl && !is_default_acl) {
+ if (setting_acl) {
+ /*
+ * Ensure we have default parameters for the
+ * user (owner) even on default ACLs.
+ */
apply_default_perms(params, is_directory, pace,
S_IRUSR);
}
pace_user = pace;
@@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
pace->perms = pace_other->perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+ * Ensure we have default parameters for the
+ * user (owner) even on default ACLs.
+ */
+ apply_default_perms(params, is_directory, pace,
S_IRUSR);
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode,
S_IRUSR, S_IWUSR, S_IXUSR);
}
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index c3c4172..87d9245 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -379,7 +379,8 @@ static bool b9_parse(struct dlz_bind9_data *state,
/* we should be at the end of the buffer now */
if (strtok_r(NULL, "\t ", &saveptr) != NULL) {
- state->log(ISC_LOG_ERROR, "samba b9_parse: expected data at end
of string for '%s'");
+ state->log(ISC_LOG_ERROR, "samba b9_parse: unexpected data at
end of string for '%s'",
+ rdatastr);
return false;
}
@@ -387,7 +388,7 @@ static bool b9_parse(struct dlz_bind9_data *state,
}
/*
- send a resource recond to bind9
+ send a resource record to bind9
*/
static isc_result_t b9_putrr(struct dlz_bind9_data *state,
void *handle, struct dnsp_DnssrvRpcRecord *rec,
@@ -427,7 +428,7 @@ static isc_result_t b9_putrr(struct dlz_bind9_data *state,
/*
- send a named resource recond to bind9
+ send a named resource record to bind9
*/
static isc_result_t b9_putnamedrr(struct dlz_bind9_data *state,
void *handle, const char *name,
@@ -1451,7 +1452,7 @@ static bool b9_set_session_info(struct dlz_bind9_data
*state, const char *name)
return false;
}
- /* Do not use client credentials, if we not updating the client
specified name */
+ /* Do not use client credentials, if we're not updating the client
specified name */
if (strcmp(state->update_name, name) != 0) {
return true;
}
--
Samba Shared Repository
