[Samba] Creating users difference between tbsam and smbpasswd backends
Hi, I have installed Samba 3.5.4 on a Sparc Solaris 10 system and when I try to create groups or users on the PDC, I get different results using smbpasswd or tdbsam backend. For an existing Unix user (or group), with smbpasswd backend, the RID is, as before, set to 2*UID+algorithmic_rid_base. For the same user, using tdbsam password backend, the RID is set to some value like 1000, 1001,... Is this correct or is there some hidden parameter incorrectly set in my smb.conf ? [global] unix charset = iso8859-1 workgroup = DCSD-T interfaces = bge0 map to guest = Bad Password passdb backend = tdbsam:/var/samba-3.5.4/private/passdb.tdb username map = /usr/local/samba-%v/lib/usermap log file = /var/samba-%v/log/samba-%m.log printcap name = /usr/local/samba-3.5.4/lib/printcap disable spoolss = Yes logon path = logon drive = Q: logon home = \\%L\%U domain logons = Yes os level = 32 preferred master = Yes domain master = Yes [netlogon] comment = Network Logon Service path = /var/samba-%v/netlogon browseable = No [profiles] comment = Profiles Service path = /var/samba-%v/profiles read only = No create mask = 0600 directory mask = 0700 [print$] comment = Printer Driver Download Area path = /var/samba-%v/drivers write list = root guest ok = Yes [printers] comment = All Printers path = /var/samba-%v/spool create mask = 0700 guest ok = Yes printable = Yes browseable = No [homes] comment = Home Directory read only = No create mask = 0640 directory mask = 0750 browseable = No Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Windows 7 and logon scripts
On Monday 13 September 2010 10:31:30 Moray Henderson wrote: Tony Molloy wrote: On Thursday 09 September 2010 18:11:38 c grassu wrote: You can try this. It works for me on vista and win7: net use m: /HOME The [homes] share is working fine. The problem is not with the actual script. The problem is that the script is not being run at login on Windows 7 wheras it is on WindowsXP Thanks, Tony Which versions of Windows 7 and Windows XP are you working with? Professional should work, but Home may have trouble. We have just migrated our labs from Windows Xp to Windows 7 Professional. So the home edition is not a problem I found (with samba3-3.4.8-42.el5, anyway) that XP would automatically map H: to the home drive, but 7 would not; I had to add a line to the logon script: if not exist H: net use H: \\LINUX\HOMES nul We're running samba3x-3.3.8-0.52.el5_5.x86_64 on CentOS 5. Funny that, In our case the homes share is being mapped ok at login from the parameters in the smb.conf file. Your net time line will only work for an Administrator. Yep. Remove the del X line at the end of your script, and see if you're getting error messages logged in X when you log in from 7. I'll try that and see if I get any errors. Thanks, Tony Moray. To err is human. To purr, feline On Thu, Sep 9, 2010 at 12:04 PM, Tony Molloy tony.mol...@ul.ie wrote: Hi, I'm trying to get Windows 7 to run a logon script which mounts a share at login. This works fine for Windows XP In my smb.conf I have the following logon script = %G.cmd logon path = \\%L\profiles\%U logon drive = H: logon home = \\YOUNGMUNSTER\homes The script is @echo @echoSetting System Policies: Please Wait. @echo off NET TIME \\janus /SET /YES X net use M: \\youngmunster\ug2010 /persistent:no X del X The homes share works fine but the logon script does not seem to be executed. Any ideas how to get this working. Thanks Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.5.5, 3.4.9 and 3.3.14 Security Releases Available
Release Announcements = These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. Changes --- o Jeremy Allison j...@samba.org * BUG 7669: Fix for CVE-2010-3069. o Andrew Bartlett abart...@samba.org * BUG 7669: Fix for CVE-2010-3069. ## Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.14.html http://www.samba.org/samba/ftp/history/samba-3.4.9.html http://www.samba.org/samba/ftp/history/samba-3.5.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbclient -L succeeded even network is down
Hello, no one dealt with this before? Short question, can I get smbclient -L //localhost -U% without authenticate against AD controller (when network down), if I'm local samba server root user. 2010/9/7 David Roid datar...@gmail.com Hello list, Accidentally I found that when network is down smbclient -L localhost -U% became slow however it still succeeded after like half a minute. This is weird because my Samba server is running inside AD, Q1. How can smbclient authenticate without talking to AD controller? I think in this case smbclient at least tried to (reach AD controller), otherwise shouldn't take it so long. Q2. Is there anyway I can suppress the authentication against AD controller if I'm root? Might be trivial questions, could anyone help? Bests -David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient fails with NT_STATUS_NO_SUCH_USER for trusted domains, ntlm_auth succeeds, wbinfo not caching
FYI The ntlm_auth command does work with users from the trusted domain. sambapdc# ntlm_auth --username WINDOMAIN\winuser password: NT_STATUS_OK: Success (0x0) sambapdc # (winuser is the user in the trusted Windows 2003 AD domain.) I also removed a trust relationship with a 2nd Windows domain that was no longer active- this fixed the slow wbinfo -u response but did not fix the smbclient authentication issue to the existing windows domain. From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Monday, September 13, 2010 3:55 PM To: samba@lists.samba.org Subject: NT_STATUS_NO_SUCH_USER for trusted domains I am running Samba 3.4.7 (compiled from source) on Solaris 10 as a PDC. I have trusted domains setup with a Windows 2003 Active Directory domain in 2003 native mode.Everything is in an LDAP backend (unix accounts for the Samba domain, idmap entries for trusted domains.) The Solaris 10 PDC is also an ldap/nfs server for linux and solaris clients. Assuming SAMBAPDC is the Solaris 10 PDC for the domain called SAMBADOMAIN. WINSERVER is the PDC for the Win 2003 AD domain called WINDOMAIN. winuser is a user in the WINDOMAIN domain. This was working for some time.Now, however, users in the Windows domain can no longer access resources on the samba domain. On a windows PC in the trs Smbclient on the PDC or on a linux workstation also fails, so this does not seem to be a mismatch in NTLM versions between windows and samba. Samba log files show NT_STATUS_NO_SUCH_USER. sambapdc #smbclient -U WINDOMAIN\winuser -L \\SAMBAPDC file:///\\SAMBAPDC session setup failed: NT_STATUS_LOGON_FAILURE wbinfo -u does list the users from the trusted Windows domain. The /etc/nsswitch.conf file has the following entries passwd: files ldap winbind group: files ldap winbind getent passwd command does list users from the trusted Windows domain. id WINDOMAIN/winuser command returns valid uid and gid values. wbinfo -s and winbinfo -n commands show matching name-to-sid and sid-to-name entries. Getent passwd lists unix accounts from ldap quickly. There is a delay of about 10 seconds before it starts listing winbind users (i.e. from the trusted domain.) I suspect that the names are not getting returned to samba fast enough. sambapdc# cat winserver.log . . [2010/09/13 08:02:04, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryD omain=[Windows Server 2003 R2 5.2] [2010/09/13 08:02:04, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[winuser] domain=[WINDOMAIN] workstation=[WINSERVER] len1=24 len2=24 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WINDOMAIN]\[li n...@[winserver] with the new password interface [2010/09/13 08:02:04, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [windomain]\[winus...@[winserver] [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [winuser] - [winuser] FAILED with e rror NT_STATUS_NO_SUCH_USER [2010/09/13 08:02:04, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_ FAILURE [2010/09/13 08:02:12, 2] smbd/process.c:1988(deadtime_fn) Closing idle connection [2010/09/13 08:02:12, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/09/13 08:02:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/13 08:02:12, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/09/13 08:02:12, 3] smbd/server.c:845(exit_server_common) Server exit (normal exit) # sambapdc #testparm -v | grep timeout passwd chat timeout = 2 name cache timeout = 660 cups connection timeout = 30 machine password timeout = 604800
Re: [Samba] Admin Privs When Joining Domain
On 9/10/2010 9:04 PM, Nicholas Betcher wrote: Hello, When I attempt to join the domain using YaST (openSUSE's system configuration tool) or 'net join DOMAIN,' it prompts me for a network admin's username/password. The IT network admin already manually joined the machine to the network's AD domain (server-side), but Samba still needs a username/password. The workstations are batch-installs and are unattended, so we need a way to allow the machine to authenticate users without providing the admin password each time. So my question is: why does Samba ask for a network username/password even though the machine was already manually joined by the network admin to the AD domain server? Is there a way to circumvent this while preserving the workstation's ability to authenticate network users? Part of the join is to setup the shared secrets between AD and the machine. (password on computer account in AD, and a krb5.keytab on the Unix side.) You said the AD admin did the server side, with the batch-installs being done at a different time. This would indicate that the install needs a way of using the same password the admin assigned to the computer account to create a krb5.keytab or, as it looks like in your situation, the batch-install want to reset the password and create a matching krb5.keytab file but this then requires AD admin authority. P.S. Yes, I did post about this already - and received no reply - but hopefully this email has less erroneous information. Thanks! Nick Betcher -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba question
On 9/12/2010 1:06 PM, brandon berumen wrote: i have a media player which is the one at this link: http://www.argosy.tw/product-detial.php?prod_id=154 they say i can use samba with this. my question is this, i already have a substantial amount of data stored on this hdd. if i were to install samba now would i lose my data? do i need to backup data elsewhere and install samba then migrate the data back after install or can i just install samba now without fear of losing any data? You won't lose any data. Samba simply makes your files available on the network. -- Guy Rouillier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbclient fails with NT_STATUS_NO_SUCH_USER for trusted domains, ntlm_auth succeeds
Maybe this is some issue with parsing the user name properly? I noticed that if I have a user in the Windows domain AND a user with the same name in the Samba domain, then the Windows user can access shares on the Samba domain.For example, I have an Administrator account in each domain.They do NOT have the same password. In the example below the user authenticates to the samba domain using the trusted Windows domain password. sambapdc # smbclient //spooky/dept_common -U WINDOMAIN \Administrator Enter WINDOMAIN Administrator's password: Domain=[SAMBADOMAIN] OS=[Unix] Server=[Samba 3.4.8] smb: \ quit sambapdc # So it seems like there are two steps - Verify that the user is legitimate (which seems to strip off the domain component and look for a local name) Then authenticate the user (which verifies the domain component.) I supposed the hack would be to create some dummy local accounts in the samba domain to represent each user in the trusted domain. FYI smb.conf includes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = no winbind trusted domains only = no winbindd.log keeps showing [2010/09/14 13:05:49, 3] winbindd/winbindd_pam.c:1779(winbindd_pam_auth_crap) [ 1293]: pam auth crap domain: [WINDOMAIN] user: winuser I have never got an answer for what pam auth crap domain means. Thanks From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Tuesday, September 14, 2010 9:19 AM To: samba@lists.samba.org Subject: smbclient fails with NT_STATUS_NO_SUCH_USER for trusted domains, ntlm_auth succeeds, wbinfo not caching FYI The ntlm_auth command does work with users from the trusted domain. sambapdc# ntlm_auth --username WINDOMAIN\winuser password: NT_STATUS_OK: Success (0x0) sambapdc # (winuser is the user in the trusted Windows 2003 AD domain.) I also removed a trust relationship with a 2nd Windows domain that was no longer active- this fixed the slow wbinfo -u response but did not fix the smbclient authentication issue to the existing windows domain. From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Monday, September 13, 2010 3:55 PM To: samba@lists.samba.org Subject: NT_STATUS_NO_SUCH_USER for trusted domains I am running Samba 3.4.7 (compiled from source) on Solaris 10 as a PDC. I have trusted domains setup with a Windows 2003 Active Directory domain in 2003 native mode.Everything is in an LDAP backend (unix accounts for the Samba domain, idmap entries for trusted domains.) The Solaris 10 PDC is also an ldap/nfs server for linux and solaris clients. Assuming SAMBAPDC is the Solaris 10 PDC for the domain called SAMBADOMAIN. WINSERVER is the PDC for the Win 2003 AD domain called WINDOMAIN. winuser is a user in the WINDOMAIN domain. This was working for some time.Now, however, users in the Windows domain can no longer access resources on the samba domain. On a windows PC in the trs Smbclient on the PDC or on a linux workstation also fails, so this does not seem to be a mismatch in NTLM versions between windows and samba. Samba log files show NT_STATUS_NO_SUCH_USER. sambapdc #smbclient -U WINDOMAIN\winuser -L \\SAMBAPDC file:///\\SAMBAPDC session setup failed: NT_STATUS_LOGON_FAILURE wbinfo -u does list the users from the trusted Windows domain. The /etc/nsswitch.conf file has the following entries passwd: files ldap winbind group: files ldap winbind getent passwd command does list users from the trusted Windows domain. id WINDOMAIN/winuser command returns valid uid and gid values. wbinfo -s and winbinfo -n commands show matching name-to-sid and sid-to-name entries. Getent passwd lists unix accounts from ldap quickly. There is a delay of about 10 seconds before it starts listing winbind users (i.e. from the trusted domain.) I suspect that the names are not getting returned to samba fast enough. sambapdc# cat winserver.log . . [2010/09/13 08:02:04, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryD omain=[Windows Server 2003 R2 5.2] [2010/09/13 08:02:04, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[winuser] domain=[WINDOMAIN] workstation=[WINSERVER] len1=24 len2=24 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/13 08:02:04, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/13
Build status as of Tue Sep 14 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-09-13 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-09-14 00:00:37.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Mon Sep 13 06:00:01 2010 +Build status as of Tue Sep 14 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -16,7 +16,7 @@ samba_3_current 32 32 4 samba_3_master 32 30 0 samba_3_next 32 31 5 -samba_4_0_waf 36 34 4 +samba_4_0_waf 36 33 3 talloc 32 6 0 tdb 30 8 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4c45e29 s3-waf: fix the build after privilege code changes. from 9271570 s3: Remove some unnecessary if-statements http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4c45e291a77ba300d88ca7a9f3fb3153b6e4b3dc Author: Günther Deschner g...@samba.org Date: Tue Sep 14 08:38:30 2010 +0200 s3-waf: fix the build after privilege code changes. Guenther --- Summary of changes: source3/wscript_build |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index 44deb38..734b64c 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -477,7 +477,7 @@ RPC_CLIENT_SCHANNEL_SRC = '''rpc_client/cli_pipe_schannel.c''' LOCKING_SRC = '''locking/locking.c locking/brlock.c locking/posix.c''' -PRIVILEGES_BASIC_SRC = '''lib/privileges_basic.c''' +PRIVILEGES_BASIC_SRC = '''../libcli/security/privileges.c''' PRIVILEGES_SRC = '''lib/privileges.c''' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dcadb90 subunit: Use RemoteError when passing errors to upstream subunit. via 8e328c4 param: Add prototype for lpcfg_private_dir(), used by openchange. via 1e5ea0b subunit.pm: Fold Subunit::Filter into Subunit, trim further. via c0923cf subunit.pm: Remove output_msg/control_msg functions. via 7d4968e selftest: Remove testsuite parsing. via d3960f6 subunit.pm: Simplify subunit handling in perl. via 49411fa subunit.pm: Pass through milliseconds in time reports. via 9f3a43c selftest: Report times in milliseconds rather than seconds. via d67eeaf subunit: Use standard subunit functions for reproducing subunit streams. via d2fb9ce subunit: Remove unused methods. via b61cc18 subunit: Use standard functions for addSuccess, addExpectedFail, addFailure, addSkip. via c1fe7b4 subunit: Use standard addError method implementation. via 881f610 subunit: Pass TestCase objects to startTest rather than test name strings. via 1626dc2 subunit: Use subunit standard functions for handling time and progress. via fb1c966 subunit: Use standard subunit test protocol client, use standard name for startTest. via 8530d5a subunit: Initial work on using the standard TestResult class. from 4c45e29 s3-waf: fix the build after privilege code changes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dcadb90bd3d678e45fa84c2899ec23bf604bffa8 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 14 03:47:04 2010 +0200 subunit: Use RemoteError when passing errors to upstream subunit. commit 8e328c4e329221011a2f018c5c050dc6b642db70 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 14 02:36:51 2010 +0200 param: Add prototype for lpcfg_private_dir(), used by openchange. commit 1e5ea0be8461ebde4fc52fedeebb0628e1eaf44d Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 14 00:22:55 2010 +0200 subunit.pm: Fold Subunit::Filter into Subunit, trim further. commit c0923cfac1a15efddaadfb851d0eab93eba31ef3 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 14 00:09:46 2010 +0200 subunit.pm: Remove output_msg/control_msg functions. commit 7d4968e161d5868b65dd5d8ef5bb0e391109c0b5 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 14 00:04:54 2010 +0200 selftest: Remove testsuite parsing. commit d3960f6b406272cc37820fad04aed6ddfd4e6cce Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 23:56:26 2010 +0200 subunit.pm: Simplify subunit handling in perl. commit 49411fa1079fc78cba4751d57a3c76096fc1b772 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 23:22:35 2010 +0200 subunit.pm: Pass through milliseconds in time reports. commit 9f3a43c0182b8b13b2f4ff615b5aca816f4f05b3 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 23:07:41 2010 +0200 selftest: Report times in milliseconds rather than seconds. commit d67eeafc4de2bd5a90b7865a2910b03d6c5c1fca Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 22:29:38 2010 +0200 subunit: Use standard subunit functions for reproducing subunit streams. commit d2fb9ce472909c9e481d7d81d699460c882480a9 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 22:13:15 2010 +0200 subunit: Remove unused methods. commit b61cc18972616f33397745e20150613928e683a2 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 22:09:46 2010 +0200 subunit: Use standard functions for addSuccess, addExpectedFail, addFailure, addSkip. commit c1fe7b498a680a4f9d94e3633e6d9c566fb61fe4 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 21:55:22 2010 +0200 subunit: Use standard addError method implementation. commit 881f610f06fc644bbbd146d939be5cd1adc19a73 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 21:42:32 2010 +0200 subunit: Pass TestCase objects to startTest rather than test name strings. commit 1626dc2bc95ef1c17221ba1a6404a72e21fcfc5b Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 21:31:08 2010 +0200 subunit: Use subunit standard functions for handling time and progress. commit fb1c96665201a8090bcf14db7a71a752e4cd7041 Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 21:17:05 2010 +0200 subunit: Use standard subunit test protocol client, use standard name for startTest. commit 8530d5afdee8fbc4d87398839d37c503dc05410d Author: Jelmer Vernooij jel...@samba.org Date: Mon Sep 13 20:53:54 2010 +0200 subunit: Initial work on using the standard TestResult class. --- Summary of changes: lib/torture/torture.c |3 +- selftest/Subunit.pm| 123 - selftest/Subunit/Filter.pm | 186 - selftest/filter-subunit|3 +-
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated
via fbfd370 WHATSNEW: Update release date.
via 60afcf8 WHATSNEW: Prepare 3.5.5 release notes.
via a34c3e9 Fix bug #7669.
from 160cbf1 WHATSNEW: Start release notes for 3.5.5.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable
- Log -
commit fbfd370cedcc3f29accc6c6999a682ed27e29ce3
Author: Karolin Seeger ksee...@samba.org
Date: Thu Sep 9 16:22:50 2010 +0200
WHATSNEW: Update release date.
Karolin
commit 60afcf886311b96ea4aa532275a57c7388f0c0fd
Author: Karolin Seeger ksee...@samba.org
Date: Thu Sep 9 15:57:36 2010 +0200
WHATSNEW: Prepare 3.5.5 release notes.
Karolin
commit a34c3e999bb1ea61da31c5b3e845b19663039358
Author: Jeremy Allison j...@samba.org
Date: Thu Sep 9 15:54:23 2010 +0200
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===
Description
===
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
---
Summary of changes:
WHATSNEW.txt | 23 ++-
libcli/security/dom_sid.c |4
libcli/security/dom_sid.h |4
source3/lib/util_sid.c|3 +++
source3/libads/ldap.c |4 +++-
source3/libsmb/cliquota.c |4 +++-
source3/smbd/nttrans.c| 17 ++---
7 files changed, 49 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 19f8875..0f52691 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,33 @@
=
Release Notes for Samba 3.5.5
- , 2010
+September 14, 2010
=
-This is the latest stable release of Samba 3.5.
+This is a security release in order to address CVE-2010-3069.
-Major enhancements in Samba 3.5.5 include:
- o
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
Changes since 3.5.4
+
+
+
+o Jeremy Allison j...@samba.org
+* BUG 7669: Fix for CVE-2010-3069.
+o Andrew Bartlett abart...@samba.org
+* BUG 7669: Fix for CVE-2010-3069.
##
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 0c88900..350a14f 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -117,6 +117,10 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
if (sidstr[i] == '-') num_sub_auths++;
}
+ if (num_sub_auths MAXSUBAUTHS) {
+ return false;
+ }
+
ret-sid_rev_num = rev;
ret-id_auth[0] = 0;
ret-id_auth[1] = 0;
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index e892535..748e009 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -40,5 +40,9 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
const struct dom_sid *sid);
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
#endif /*_DOM_SID_H_*/
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 639269c..bea04d8 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -408,6 +408,9 @@ bool sid_parse(const char *inbuf, size_t len, DOM_SID *sid)
sid-sid_rev_num = CVAL(inbuf, 0);
sid-num_auths = CVAL(inbuf, 1);
+ if (sid-num_auths MAXSUBAUTHS) {
+ return false;
+ }
memcpy(sid-id_auth, inbuf+2, 6);
if (len 8 + sid-num_auths*4)
return False;
diff --git a/source3/libads/ldap.c
[SCM] Samba Shared Repository - annotated tag release-3-5-5 created
The annotated tag, release-3-5-5 has been created at 201e854bd017c6b15d4943c8f809b5295b10a227 (tag) tagging fbfd370cedcc3f29accc6c6999a682ed27e29ce3 (commit) replaces release-3-5-4 tagged by Karolin Seeger on Thu Sep 9 19:42:49 2010 +0200 - Log - tag release-3-5-5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBMiRylbzORW2Vot+oRAs7IAJ9JiHgzzBLXDP1CIg+S/aFGXZ6Y9ACfWxQ1 dsnQgmDLvId1os2FXRrwMzE= =tuGD -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #7669. Karolin Seeger (4): VERSION: Bump version number up to 3.5.5. WHATSNEW: Start release notes for 3.5.5. WHATSNEW: Prepare 3.5.5 release notes. WHATSNEW: Update release date. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated
via bfe7b2c WHATSNEW: Update release date.
via 48e67dc WHATSNEW: Fix typo.
via 8072e7c WHATSNEW: Prepare release notes for Samba 3.4.9.
via df20a30 Fix bug #7669.
from 7f51590 WHATSNEW: Start release notes for Samba 3.4.9.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -
commit bfe7b2cbeda80570320f357337918b5d66ff8b77
Author: Karolin Seeger ksee...@samba.org
Date: Thu Sep 9 16:23:21 2010 +0200
WHATSNEW: Update release date.
Karolin
commit 48e67dc84d206792afd0fed1fe9e848ad8675513
Author: Karolin Seeger ksee...@samba.org
Date: Thu Sep 9 15:58:31 2010 +0200
WHATSNEW: Fix typo.
Karolin
commit 8072e7cc7eeb91de9c6ea26e23d72f96fa60f27e
Author: Karolin Seeger ksee...@samba.org
Date: Thu Sep 9 15:52:37 2010 +0200
WHATSNEW: Prepare release notes for Samba 3.4.9.
Karolin
commit df20a300758bc12286820e31fcf573bdfc2147bc
Author: Jeremy Allison j...@samba.org
Date: Thu Sep 9 15:48:23 2010 +0200
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===
Description
===
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
---
Summary of changes:
WHATSNEW.txt | 22 ++
libcli/security/dom_sid.c |4
libcli/security/dom_sid.h |4
source3/lib/util_sid.c|3 +++
source3/libads/ldap.c |4 +++-
source3/libsmb/cliquota.c |4 +++-
source3/smbd/nttrans.c| 17 ++---
7 files changed, 49 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 385731f..5b25be3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,19 +1,33 @@
=
Release Notes for Samba 3.4.9
- , 2010
+September 14, 2010
=
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address CVE-2010-3069.
+
-Major enhancements in Samba 3.4.9 include:
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
- o
Changes since 3.4.8
---
+o Jeremy Allison j...@samba.org
+* BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett abart...@samba.org
+* BUG 7669: Fix for CVE-2010-3069.
##
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 0c88900..350a14f 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -117,6 +117,10 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
if (sidstr[i] == '-') num_sub_auths++;
}
+ if (num_sub_auths MAXSUBAUTHS) {
+ return false;
+ }
+
ret-sid_rev_num = rev;
ret-id_auth[0] = 0;
ret-id_auth[1] = 0;
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index e892535..748e009 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -40,5 +40,9 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
const struct dom_sid *sid);
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
#endif /*_DOM_SID_H_*/
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 97284af..52e8448 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -408,6 +408,9 @@ bool sid_parse(const char *inbuf, size_t len, DOM_SID *sid)
sid-sid_rev_num = CVAL(inbuf, 0);
sid-num_auths = CVAL(inbuf, 1);
+ if (sid-num_auths
[SCM] Samba Shared Repository - annotated tag release-3-4-9 created
The annotated tag, release-3-4-9 has been created at 1fd3441b04b9383b7c5193179cc08c5948063d4d (tag) tagging bfe7b2cbeda80570320f357337918b5d66ff8b77 (commit) replaces release-3-4-8 tagged by Karolin Seeger on Thu Sep 9 19:42:28 2010 +0200 - Log - tag release-3-4-9 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBMiRyQbzORW2Vot+oRAq5xAJ9I+2aOdAI1Q46PUFf3zceVuQ7vlACcDQT3 wtyO6ODBxNUimcuncj1xHnc= =wPWt -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #7669. Karolin Seeger (5): VERSION: Bump version up to 3.4.9. WHATSNEW: Start release notes for Samba 3.4.9. WHATSNEW: Prepare release notes for Samba 3.4.9. WHATSNEW: Fix typo. WHATSNEW: Update release date. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-stable updated
The branch, v3-3-stable has been updated via cdb6f49 WHATSNEW: Update release date. via df1c76e Fix bug #7669. via da9325d WHATSNEW: Prepare 3.3.14 release notes. via 293a867 VERSION: Raise version number up to 3.3.14. from d07d870 WHATSNEW: Prepare release notes for 3.3.13. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit cdb6f49d577fa5b24d294a50780604c89912c012 Author: Karolin Seeger ksee...@samba.org Date: Thu Sep 9 16:23:49 2010 +0200 WHATSNEW: Update release date. Karolin commit df1c76e2275068d1006e82a4a21d42b58175268b Author: Jeremy Allison j...@samba.org Date: Thu Sep 9 15:43:07 2010 +0200 Fix bug #7669. Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: === Description === All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). commit da9325d02038b5e65873593dece510fa09851772 Author: Karolin Seeger ksee...@samba.org Date: Thu Sep 9 15:41:40 2010 +0200 WHATSNEW: Prepare 3.3.14 release notes. Karolin commit 293a8676ee72a635096ff1a1b167ecf6fa525276 Author: Karolin Seeger ksee...@samba.org Date: Thu Sep 9 15:31:18 2010 +0200 VERSION: Raise version number up to 3.3.14. Karolin --- Summary of changes: WHATSNEW.txt | 59 - source/VERSION |2 +- source/lib/util_sid.c|3 ++ source/libads/ldap.c |4 ++- source/libsmb/cliquota.c |4 ++- source/smbd/nttrans.c| 17 +++-- 6 files changed, 81 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c63fd1f..a5026cd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,59 @@ == + Release Notes for Samba 3.3.14 +September 14, 2010 + == + + +This is a security release in order to address CVE-2010-3069. + + +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. + + +Changes since 3.3.13 + + + +o Jeremy Allison j...@samba.org +* BUG 7669: Fix for CVE-2010-3069. + + +o Andrew Bartlett abart...@samba.org +* BUG 7669: Fix for CVE-2010-3069. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.3.13 June 16, 2010 == @@ -39,8 +94,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.3.12 diff
[SCM] Samba Shared Repository - annotated tag release-3-3-14 created
The annotated tag, release-3-3-14 has been created at 043f61697e4cae1888bd3b12034ea8d2915f0511 (tag) tagging cdb6f49d577fa5b24d294a50780604c89912c012 (commit) replaces release-3-3-13 tagged by Karolin Seeger on Thu Sep 9 19:41:57 2010 +0200 - Log - tag release-3-3-14 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBMiRxzbzORW2Vot+oRAkvEAKCcxrP0sKJM4p3MB3UfYVdFeYmk8wCgt2w7 3Fav0xmCQ1A8nTL35owuCg0= =SqLK -END PGP SIGNATURE- Jeremy Allison (1): Fix bug #7669. Karolin Seeger (3): VERSION: Raise version number up to 3.3.14. WHATSNEW: Prepare 3.3.14 release notes. WHATSNEW: Update release date. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2f0fa47 Announce Samba 3.5.5, 3.4.9, 3.3.14. from 7104439 Add link to Russian translation of Samba 3 by Example. I'm working with the translator to get it to DocBook and contributed back to the Samba.org http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2f0fa472a997d2e621d1993436e52bcc5036dfe0 Author: Karolin Seeger ksee...@samba.org Date: Tue Sep 14 12:34:48 2010 +0200 Announce Samba 3.5.5, 3.4.9, 3.3.14. Karolin --- Summary of changes: devel/index.html| 10 +++-- history/header_history.html |3 ++ history/samba-3.3.14.html | 49 + history/samba-3.4.9.html| 49 + history/samba-3.5.5.html| 49 + history/security.html | 14 security/CVE-2010-2069.html | 73 +++ 7 files changed, 243 insertions(+), 4 deletions(-) create mode 100755 history/samba-3.3.14.html create mode 100755 history/samba-3.4.9.html create mode 100755 history/samba-3.5.5.html create mode 100644 security/CVE-2010-2069.html Changeset truncated at 500 lines: diff --git a/devel/index.html b/devel/index.html index d3e36c9..d1aaa56 100755 --- a/devel/index.html +++ b/devel/index.html @@ -67,20 +67,22 @@ Git for Samba Development/a./p li h4emv3-3-test/em/h4 pThis is the current branch for 3.3.x maintenance - (critical bug fixes and security fixes emonly/em)./p + (security fixes emonly/em)./p /li li h4emv3-3-stable/em/h4 pThis is the current branch for 3.3.x maintenance releases - (critical bug fixes and security fixes emonly/em)./p + (security fixes emonly/em)./p /li li h4emv3-4-test/em/h4 - pThis is the current branch for 3.4.x development./p + pThis is the current branch for 3.4.x maintenance releases +(critical fixes and security fixes emonly/em./p /li li h4emv3-4-stable/em/h4 - pThis is the current branch for 3.4.x production releases./p + pThis is the current branch for 3.4.x production releases/p +(critical fixes and security fixes emonly/em./p /li li h4emv3-5-test/em/h4 diff --git a/history/header_history.html b/history/header_history.html index 726c663..8a5f146 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,11 +9,13 @@ lia href=/samba/history/Release Notes/a li class=navSub ul + lia href=samba-3.5.5.htmlsamba-3.5.5/a/li lia href=samba-3.5.4.htmlsamba-3.5.4/a/li lia href=samba-3.5.3.htmlsamba-3.5.3/a/li lia href=samba-3.5.2.htmlsamba-3.5.2/a/li lia href=samba-3.5.1.htmlsamba-3.5.1/a/li lia href=samba-3.5.0.htmlsamba-3.5.0/a/li + lia href=samba-3.4.9.htmlsamba-3.4.9/a/li lia href=samba-3.4.8.htmlsamba-3.4.8/a/li lia href=samba-3.4.7.htmlsamba-3.4.7/a/li lia href=samba-3.4.6.htmlsamba-3.4.6/a/li @@ -23,6 +25,7 @@ lia href=samba-3.4.2.htmlsamba-3.4.2/a/li lia href=samba-3.4.1.htmlsamba-3.4.1/a/li lia href=samba-3.4.0.htmlsamba-3.4.0/a/li + lia href=samba-3.3.14.htmlsamba-3.3.14/a/li lia href=samba-3.3.13.htmlsamba-3.3.13/a/li lia href=samba-3.3.12.htmlsamba-3.3.12/a/li lia href=samba-3.3.11.htmlsamba-3.3.11/a/li diff --git a/history/samba-3.3.14.html b/history/samba-3.3.14.html new file mode 100755 index 000..a33860a --- /dev/null +++ b/history/samba-3.3.14.html @@ -0,0 +1,49 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.3.14 Available for Download/H2 + +p +pre + == + Release Notes for Samba 3.3.14 +September 14, 2010 + == + + +This is a security release in order to address CVE-2010-3069. + + +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 31cbb3e Update latest stable release. from 2f0fa47 Announce Samba 3.5.5, 3.4.9, 3.3.14. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 31cbb3e1ff50723ef468c30c157b2f02f25fbd71 Author: Karolin Seeger ksee...@samba.org Date: Tue Sep 14 12:49:37 2010 +0200 Update latest stable release. Karolin --- Summary of changes: latest_stable_release.html |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/latest_stable_release.html b/latest_stable_release.html index ac576df..3f858b8 100644 --- a/latest_stable_release.html +++ b/latest_stable_release.html @@ -1,5 +1,5 @@ p - a href=/samba/ftp/stable/samba-3.5.4.tar.gzSamba 3.5.4 (gzipped)/abr - a href=/samba/history/samba-3.5.4.htmlRelease Notes/a middot; - a href=/samba/ftp/stable/samba-3.5.4.tar.ascSignature/a + a href=/samba/ftp/stable/samba-3.5.5.tar.gzSamba 3.5.5 (gzipped)/abr + a href=/samba/history/samba-3.5.5.htmlRelease Notes/a middot; + a href=/samba/ftp/stable/samba-3.5.5.tar.ascSignature/a /p -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3db545e nss_winbind: Fix soname.
from dcadb90 subunit: Use RemoteError when passing errors to upstream
subunit.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3db545ece4c48e7b14e9d9835bcc894253f627d1
Author: Jelmer Vernooij jel...@samba.org
Date: Tue Sep 14 12:48:57 2010 +0200
nss_winbind: Fix soname.
---
Summary of changes:
nsswitch/wscript_build |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 4b62695..eb3beb3 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -18,7 +18,7 @@ bld.SAMBA_BINARY('wbinfo',
deps='LIBSAMBA-UTIL LIBCLI_AUTH popt POPT_SAMBA LIBWINBIND-CLIENT
LIBWBCLIENT tevent UTIL_TEVENT LIBASYNC_REQ UID_WRAPPER LIBSECURITY_COMMON
LIBNDR NDR_SECURITY'
)
-bld.SAMBA_LIBRARY('nsswinbind',
+bld.SAMBA_LIBRARY('nss_winbind',
source='../nsswitch/winbind_nss_linux.c',
deps='LIBWINBIND-CLIENT',
realname='libnss_winbind.so.2',
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4c3e6a5 tdb: add ABI/tdb-1.2.4.sigs
from 3db545e nss_winbind: Fix soname.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4c3e6a59af9c58c8140a2f9498a9e150f09eee10
Author: Stefan Metzmacher me...@samba.org
Date: Tue Sep 14 13:10:05 2010 +0200
tdb: add ABI/tdb-1.2.4.sigs
metze
---
Summary of changes:
lib/tdb/ABI/{tdb-1.2.2.sigs = tdb-1.2.4.sigs} |0
1 files changed, 0 insertions(+), 0 deletions(-)
copy lib/tdb/ABI/{tdb-1.2.2.sigs = tdb-1.2.4.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/ABI/tdb-1.2.2.sigs b/lib/tdb/ABI/tdb-1.2.4.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.2.2.sigs
copy to lib/tdb/ABI/tdb-1.2.4.sigs
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 73edd66 s4-smbtorture: try to fix spoolss winreg Form tests on
bigendian machines.
from 4c3e6a5 tdb: add ABI/tdb-1.2.4.sigs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 73edd661eaec3b1f0d8705d545160ff4a2d97948
Author: Günther Deschner g...@samba.org
Date: Tue Sep 14 15:23:45 2010 +0200
s4-smbtorture: try to fix spoolss winreg Form tests on bigendian machines.
Guenther
---
Summary of changes:
source4/torture/rpc/spoolss.c | 51 +
1 files changed, 36 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index 25c410a..c1079af 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -2681,21 +2681,31 @@ static bool test_Forms_args(struct torture_context
*tctx,
if (winreg_handle hive_handle W_ERROR_IS_OK(expected_add_result))
{
+ struct spoolss_FormInfo1 i1;
+
torture_assert(tctx,
test_GetForm_winreg(tctx, winreg_handle, hive_handle,
TOP_LEVEL_CONTROL_FORMS_KEY, form_name, w_type, w_size, w_length, w_data),
failed to get form via winreg);
+ i1.size.width = IVAL(w_data, 0);
+ i1.size.height = IVAL(w_data, 4);
+ i1.area.left= IVAL(w_data, 8);
+ i1.area.top = IVAL(w_data, 12);
+ i1.area.right = IVAL(w_data, 16);
+ i1.area.bottom = IVAL(w_data, 20);
+ /* skip index here */
+ i1.flags= IVAL(w_data, 28);
+
torture_assert_int_equal(tctx, w_type, REG_BINARY, unexpected
type);
torture_assert_int_equal(tctx, w_size, 0x20, unexpected size);
torture_assert_int_equal(tctx, w_length, 0x20, unexpected
length);
- torture_assert_mem_equal(tctx, w_data[0],
add_info.info1-size.width, 4, width mismatch);
- torture_assert_mem_equal(tctx, w_data[4],
add_info.info1-size.height, 4, height mismatch);
- torture_assert_mem_equal(tctx, w_data[8],
add_info.info1-area.left, 4, left mismatch);
- torture_assert_mem_equal(tctx, w_data[12],
add_info.info1-area.top, 4, top mismatch);
- torture_assert_mem_equal(tctx, w_data[16],
add_info.info1-area.right, 4, right mismatch);
- torture_assert_mem_equal(tctx, w_data[20],
add_info.info1-area.bottom, 4, bottom mismatch);
- /* skip index here */
- torture_assert_mem_equal(tctx, w_data[28],
add_info.info1-flags, 4, flags mismatch);
+ torture_assert_int_equal(tctx, i1.size.width,
add_info.info1-size.width, width mismatch);
+ torture_assert_int_equal(tctx, i1.size.height,
add_info.info1-size.height, height mismatch);
+ torture_assert_int_equal(tctx, i1.area.left,
add_info.info1-area.left, left mismatch);
+ torture_assert_int_equal(tctx, i1.area.top,
add_info.info1-area.top, top mismatch);
+ torture_assert_int_equal(tctx, i1.area.right,
add_info.info1-area.right, right mismatch);
+ torture_assert_int_equal(tctx, i1.area.bottom,
add_info.info1-area.bottom, bottom mismatch);
+ torture_assert_int_equal(tctx, i1.flags, add_info.info1-flags,
flags mismatch);
}
if (!print_server W_ERROR_IS_OK(expected_add_result)) {
@@ -2712,14 +2722,25 @@ static bool test_Forms_args(struct torture_context
*tctx,
torture_assert_int_equal(tctx, info.info1.flags,
add_info.info1-flags, flags mismatch);
if (winreg_handle hive_handle) {
- torture_assert_mem_equal(tctx, w_data[0],
info.info1.size.width, 4, width mismatch);
- torture_assert_mem_equal(tctx, w_data[4],
info.info1.size.height, 4, height mismatch);
- torture_assert_mem_equal(tctx, w_data[8],
info.info1.area.left, 4, left mismatch);
- torture_assert_mem_equal(tctx, w_data[12],
info.info1.area.top, 4, top mismatch);
- torture_assert_mem_equal(tctx, w_data[16],
info.info1.area.right, 4, right mismatch);
- torture_assert_mem_equal(tctx, w_data[20],
info.info1.area.bottom, 4, bottom mismatch);
+
+ struct spoolss_FormInfo1 i1;
+
+ i1.size.width = IVAL(w_data, 0);
+ i1.size.height = IVAL(w_data, 4);
+ i1.area.left= IVAL(w_data, 8);
+ i1.area.top = IVAL(w_data, 12);
+ i1.area.right = IVAL(w_data, 16);
+ i1.area.bottom = IVAL(w_data, 20);
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated
via c06c99b Fix CVE number, it's 3069, not 2069
from 31cbb3e Update latest stable release.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -
commit c06c99b5ec1d3c31b926166241a8ed0342152f1a
Author: Simo Sorce i...@samba.org
Date: Tue Sep 14 09:48:05 2010 -0400
Fix CVE number, it's 3069, not 2069
---
Summary of changes:
history/security.html | 10 +-
.../{CVE-2010-2069.html = CVE-2010-3069.html} |0
2 files changed, 5 insertions(+), 5 deletions(-)
rename security/{CVE-2010-2069.html = CVE-2010-3069.html} (100%)
Changeset truncated at 500 lines:
diff --git a/history/security.html b/history/security.html
index f3ef89a..f0ee28a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -23,16 +23,16 @@ link to full release notes for each release./p
tr
td14 Sep 2010/td
- tda
href=/samba/ftp/patches/security/samba-3.3.13-CVE-2010-2069.patch
+ tda
href=/samba/ftp/patches/security/samba-3.3.13-CVE-2010-3069.patch
patch for Samba 3.3.13/a
- a href=/samba/ftp/patches/security/samba-3.4.8-CVE-2010-2069.patch
+ a href=/samba/ftp/patches/security/samba-3.4.8-CVE-2010-3069.patch
patch for Samba 3.4.8/a
- a href=/samba/ftp/patches/security/samba-3.5.4-CVE-2010-2069.patch
+ a href=/samba/ftp/patches/security/samba-3.5.4-CVE-2010-3069.patch
patch for Samba 3.5.4/a
tdBuffer Overrun Vulnerability/td
tdall current releases/td
- tda
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2069;CVE-2010-2069/a/td
- tda href=/samba/security/CVE-2010-2069.htmlAnnouncement/a/td
+ tda
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369;CVE-2010-3069/a/td
+ tda href=/samba/security/CVE-2010-3069.htmlAnnouncement/a/td
/tr
tr
diff --git a/security/CVE-2010-2069.html b/security/CVE-2010-3069.html
similarity index 100%
rename from security/CVE-2010-2069.html
rename to security/CVE-2010-3069.html
--
Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ac5be36 Fix typo from c06c99b Fix CVE number, it's 3069, not 2069 http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ac5be36eaa61864039006fdae6a8069251b6fb00 Author: Simo Sorce i...@samba.org Date: Tue Sep 14 09:50:08 2010 -0400 Fix typo --- Summary of changes: history/security.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index f0ee28a..b1c7882 100755 --- a/history/security.html +++ b/history/security.html @@ -31,7 +31,7 @@ link to full release notes for each release./p patch for Samba 3.5.4/a tdBuffer Overrun Vulnerability/td tdall current releases/td - tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-369;CVE-2010-3069/a/td + tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069;CVE-2010-3069/a/td tda href=/samba/security/CVE-2010-3069.htmlAnnouncement/a/td /tr -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 08e2cfa Fix one more place where 2069 was used instead of 3069 from ac5be36 Fix typo http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 08e2cfa1164329f09a0e6423a0e89c06565b4c7c Author: Simo Sorce i...@samba.org Date: Tue Sep 14 10:06:30 2010 -0400 Fix one more place where 2069 was used instead of 3069 --- Summary of changes: security/CVE-2010-3069.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2010-3069.html b/security/CVE-2010-3069.html index 898e183..8683b91 100644 --- a/security/CVE-2010-3069.html +++ b/security/CVE-2010-3069.html @@ -8,7 +8,7 @@ body - H2CVE-2010-2069: /H2 + H2CVE-2010-3069: /H2 p pre -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 48976ac rpc_server: Remove unnecessary dependency on server
modules, build system will take care of that.
via 8209198 waf: work around circular dependency finder erroneously
removing dependency of gensec on dcerpc.
via d286b17 selftest: Error out rather than die() when setting up an
environment fails.
via d98754c selftest: If setting up environment fails, mark testsuites
that use it as errorring, don't skip it.
from 73edd66 s4-smbtorture: try to fix spoolss winreg Form tests on
bigendian machines.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 48976ac4978e3a0ff419755e1f77f60345480663
Author: Jelmer Vernooij jel...@samba.org
Date: Tue Sep 14 15:15:43 2010 +0200
rpc_server: Remove unnecessary dependency on server modules, build
system will take care of that.
commit 8209198998270e6374c0d7da2598c20dd9c4d8b3
Author: Jelmer Vernooij jel...@samba.org
Date: Tue Sep 14 15:00:50 2010 +0200
waf: work around circular dependency finder erroneously removing dependency
of gensec on dcerpc.
commit d286b1755cc95c24acf51324638311de93f86819
Author: Jelmer Vernooij jel...@samba.org
Date: Tue Sep 14 14:41:42 2010 +0200
selftest: Error out rather than die() when setting up an environment
fails.
commit d98754ca93bae4740a84118dc4e33e07b4d16e09
Author: Jelmer Vernooij jel...@samba.org
Date: Tue Sep 14 14:36:56 2010 +0200
selftest: If setting up environment fails, mark testsuites that use it as
errorring, don't skip it.
---
Summary of changes:
selftest/selftest.pl | 17 +---
selftest/target/Samba4.pm| 172 ++
source4/dsdb/wscript_build |5 +-
source4/rpc_server/wscript_build |2 +-
4 files changed, 127 insertions(+), 69 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 42852a1..090e87b 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -156,7 +156,6 @@ my $ldap = undef;
my $opt_analyse_cmd = undef;
my $opt_resetup_env = undef;
my $opt_bindir = undef;
-my $opt_no_lazy_setup = undef;
my $opt_load_list = undef;
my @testlists = ();
@@ -351,7 +350,6 @@ my $result = GetOptions (
'testenv' = \$opt_testenv,
'ldap:s' = \$ldap,
'analyse-cmd=s' = \$opt_analyse_cmd,
- 'no-lazy-setup' = \$opt_no_lazy_setup,
'resetup-environment' = \$opt_resetup_env,
'bindir:s' = \$opt_bindir,
'image=s' = \$opt_image,
@@ -613,8 +611,6 @@ my @todo = ();
my $testsdir = $srcdir/selftest;
-my %required_envs = ();
-
sub should_run_test($)
{
my $name = shift;
@@ -646,7 +642,6 @@ sub read_testlist($)
my $cmdline = IN;
$cmdline =~ s/\n//g;
if (should_run_test($name) == 1) {
- $required_envs{$env} = 1;
push (@ret, [$name, $env, $cmdline,
$supports_loadlist]);
}
} else {
@@ -907,16 +902,14 @@ sub teardown_env($)
# This 'global' file needs to be empty when we start
unlink($prefix_abs/dns_host_file);
-if ($opt_no_lazy_setup) {
- setup_env($_) foreach (keys %required_envs);
-}
-
if ($opt_testenv) {
my $testenv_name = $ENV{SELFTEST_TESTENV};
$testenv_name = $testenv_default unless defined($testenv_name);
my $testenv_vars = setup_env($testenv_name);
+ die(Unable to setup environment $testenv_name) unless ($testenv_vars);
+
$ENV{PIDDIR} = $testenv_vars-{PIDDIR};
my $envvarstr = exported_envvars_str($testenv_vars);
@@ -945,7 +938,8 @@ $envvarstr
my $envvars = setup_env($envname);
if (not defined($envvars)) {
- Subunit::skip_testsuite($name,
+ Subunit::start_testsuite($name);
+ Subunit::end_testsuite($name, error,
unable to set up environment $envname);
next;
}
@@ -960,8 +954,7 @@ $envvarstr
$cmd .= --load-list=$listid_file;
}
- run_testsuite($envname, $name, $cmd, $i, $suitestotal,
- );
+ run_testsuite($envname, $name, $cmd, $i, $suitestotal);
if (defined($opt_analyse_cmd)) {
system($opt_analyse_cmd \$name\);
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b581901..1754501 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -53,10 +53,10 @@ sub slapd_start($$)
system($ENV{OPENLDAP_SLAPD} -d0 -F
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33da33c ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings. from 48976ac rpc_server: Remove unnecessary dependency on server modules, build system will take care of that. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33da33c59e431f6f097bdd143fb48db465607669 Author: Günther Deschner g...@samba.org Date: Tue Sep 14 17:57:23 2010 +0200 ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings. Guenther --- Summary of changes: librpc/idl/ntlmssp.idl |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl index e26dc31..b9be7da 100644 --- a/librpc/idl/ntlmssp.idl +++ b/librpc/idl/ntlmssp.idl @@ -105,10 +105,10 @@ interface ntlmssp [charset(DOS),value(NTLMSSP)] uint8 Signature[8]; [value(NtLmNegotiate)] ntlmssp_MessageType MessageType; NEGOTIATE NegotiateFlags; - [value(strlen(DomainName))] uint16 DomainNameLen; + [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen; [value(DomainNameLen)] uint16 DomainNameMaxLen; [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName; - [value(strlen(Workstation))] uint16 WorkstationLen; + [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen; [value(WorkstationLen)] uint16 WorkstationMaxLen; [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation; [switch_is(NegotiateFlags NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9c00fb4 libreplace: use CLOCK_HIGHRES when available from 33da33c ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9c00fb4aa68ac7b044e954906e5ed20e039373a3 Author: Björn Jacke b...@sernet.de Date: Tue Sep 14 14:08:44 2010 +0200 libreplace: use CLOCK_HIGHRES when available in Solaris 8 CLOCK_HIGHRES was the (only) name for CLOCK_MONOTONIC --- Summary of changes: lib/replace/system/time.h |8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/system/time.h b/lib/replace/system/time.h index 3605d26..5fce4db 100644 --- a/lib/replace/system/time.h +++ b/lib/replace/system/time.h @@ -73,10 +73,12 @@ typedef int clockid_t; int rep_clock_gettime(clockid_t clk_id, struct timespec *tp); #endif /* make sure we have a best effort CUSTOM_CLOCK_MONOTONIC we can rely on */ -#ifndef CLOCK_MONOTONIC -#define CUSTOM_CLOCK_MONOTONIC CLOCK_REALTIME -#else +#if defined(CLOCK_MONOTONIC) #define CUSTOM_CLOCK_MONOTONIC CLOCK_MONOTONIC +#elif defined(CLOCK_HIGHRES) +#define CUSTOM_CLOCK_MONOTONIC CLOCK_HIGHRES +#else +#define CUSTOM_CLOCK_MONOTONIC CLOCK_REALTIME #endif #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5f6a145 s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID
from 9c00fb4 libreplace: use CLOCK_HIGHRES when available
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5f6a145800a9e67c638f3ee05e43bb12fafffb48
Author: Björn Jacke b...@sernet.de
Date: Tue Sep 14 22:17:47 2010 +0200
s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID
that clock is a CPU burnometer but we need a chronometer for profiling.
---
Summary of changes:
source3/include/proto.h |1 -
source3/lib/util.c| 17 -
source3/profile/profile.c | 18 --
3 files changed, 0 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 73fe868..f089c69 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1230,7 +1230,6 @@ char *procid_str(TALLOC_CTX *mem_ctx, const struct
server_id *pid);
char *procid_str_static(const struct server_id *pid);
bool procid_valid(const struct server_id *pid);
bool procid_is_local(const struct server_id *pid);
-int this_is_smp(void);
bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t
off);
char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t
off);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 315f389..3303894 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2737,23 +2737,6 @@ bool procid_is_local(const struct server_id *pid)
#endif
}
-int this_is_smp(void)
-{
-#if defined(HAVE_SYSCONF)
-
-#if defined(SYSCONF_SC_NPROC_ONLN)
-return (sysconf(_SC_NPROC_ONLN) 1) ? 1 : 0;
-#elif defined(SYSCONF_SC_NPROCESSORS_ONLN)
-return (sysconf(_SC_NPROCESSORS_ONLN) 1) ? 1 : 0;
-#else
- return 0;
-#endif
-
-#else
- return 0;
-#endif
-}
-
/
Check if offset/length fit into bufsize. Should probably be
merged with is_offset_safe, but this would require a rewrite
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
index 4a61753..3e0df15 100644
--- a/source3/profile/profile.c
+++ b/source3/profile/profile.c
@@ -145,24 +145,6 @@ static void init_clock_gettime(void)
have_profiling_clock = False;
-#ifdef HAVE_CLOCK_PROCESS_CPUTIME_ID
- /* CLOCK_PROCESS_CPUTIME_ID is sufficiently fast that the
-* always profiling times is plausible. Unfortunately on Linux
-* it is only accurate if we can guarantee we will not be scheduled
-* scheduled onto a different CPU between samples. Until there is
-* some way to set processor affinity, we can only use this on
-* uniprocessors.
-*/
- if (!this_is_smp()) {
- if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, ts) == 0) {
- DEBUG(10, (Using CLOCK_PROCESS_CPUTIME_ID
- for profile_clock\n));
- __profile_clock = CLOCK_PROCESS_CPUTIME_ID;
- have_profiling_clock = True;
- }
- }
-#endif
-
#ifdef HAVE_CLOCK_MONOTONIC
if (!have_profiling_clock
clock_gettime(CLOCK_MONOTONIC, ts) == 0) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4e8d6a7 s3/profile: remove the magical clock initialization from
the profile code
from 5f6a145 s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4e8d6a779c9aa9b9418b4f835d831ad4492c3f6c
Author: Björn Jacke b...@sernet.de
Date: Tue Sep 14 22:40:51 2010 +0200
s3/profile: remove the magical clock initialization from the profile code
there's no point in not profiling times if no monotonic clock is found -
monotonic and realtime clock are equally fast. Just use clock_gettime_mono
instead.
---
Summary of changes:
source3/include/smbprofile.h | 11 ++--
source3/profile/profile.c| 56 --
2 files changed, 3 insertions(+), 64 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
index 6076479..5015d2a 100644
--- a/source3/include/smbprofile.h
+++ b/source3/include/smbprofile.h
@@ -894,18 +894,13 @@ extern bool do_profile_times;
#define DEC_PROFILE_COUNT(x) profile_p-x--
#define ADD_PROFILE_COUNT(x,y) profile_p-x += (y)
-extern clockid_t __profile_clock;
-
static inline uint64_t profile_timestamp(void)
{
struct timespec ts;
- /* FIXME: On a single-CPU system, or a system where we have bound
-* daemon threads to single CPUs (eg. using cpusets or processor
-* affinity), it might be preferable to use CLOCK_PROCESS_CPUTIME_ID.
-*/
-
- clock_gettime(__profile_clock, ts);
+ /* we might prefer to use the _COARSE clock variant of CLOCK_MONOTONIC
+ that one is faster but cached and just tick-wise precise */
+ clock_gettime_mono(ts);
return (ts.tv_sec * 100) + (ts.tv_nsec / 1000); /* usec */
}
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
index 3e0df15..59b409d 100644
--- a/source3/profile/profile.c
+++ b/source3/profile/profile.c
@@ -29,8 +29,6 @@
#ifdef WITH_PROFILE
static int shm_id;
static bool read_only;
-clockid_t __profile_clock;
-bool have_profiling_clock = False;
#endif
struct profile_header *profile_h;
@@ -59,19 +57,6 @@ void set_profile_level(int level, struct server_id src)
(int)procid_to_pid(src)));
break;
case 2: /* turn on complete profiling */
-
-#if defined(HAVE_CLOCK_GETTIME)
- if (!have_profiling_clock) {
- do_profile_flag = True;
- do_profile_times = False;
- DEBUG(1,(INFO: Profiling counts turned ON from
- pid %d\n, (int)procid_to_pid(src)));
- DEBUGADD(1,(INFO: Profiling times disabled
- due to lack of a suitable clock\n));
- break;
- }
-#endif
-
do_profile_flag = True;
do_profile_times = True;
DEBUG(1,(INFO: Full profiling turned ON from pid %d\n,
@@ -135,53 +120,12 @@ static void reqprofile_message(struct messaging_context
*msg_ctx,
/***
open the profiling shared memory area
**/
-
-/* Find a clock. Just because the definition for a particular clock ID is
- * present doesn't mean the system actually supports it.
- */
-static void init_clock_gettime(void)
-{
- struct timespec ts;
-
- have_profiling_clock = False;
-
-#ifdef HAVE_CLOCK_MONOTONIC
- if (!have_profiling_clock
- clock_gettime(CLOCK_MONOTONIC, ts) == 0) {
- DEBUG(10, (Using CLOCK_MONOTONIC for profile_clock\n));
- __profile_clock = CLOCK_MONOTONIC;
- have_profiling_clock = True;
- }
-#endif
-
-#ifdef HAVE_CLOCK_REALTIME
- /* POSIX says that CLOCK_REALTIME should be defined everywhere
-* where we have clock_gettime...
-*/
- if (!have_profiling_clock
- clock_gettime(CLOCK_REALTIME, ts) == 0) {
- __profile_clock = CLOCK_REALTIME;
- have_profiling_clock = True;
-
- SMB_WARN(__profile_clock != CLOCK_REALTIME,
- (forced to use a slow profiling clock));
- }
-
-#endif
-
- SMB_WARN(have_profiling_clock == True,
- (could not find a working clock for profiling));
- return;
-}
-
bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
{
struct shmid_ds shm_ds;
read_only = rdonly;
- init_clock_gettime();
-
again:
/* try to use an existing key */
shm_id = shmget(PROF_SHMEM_KEY, 0, 0);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 55b3150 Fix string_to_sid() to allow non '
via 15abd86 s3-torture Add tests to show that the dom_sid parsing was
faulty.
via 1892df6 s3-util_sid Use the NDR parser to parse struct dom_sid
via 46f585e libcli/security Use sid_append_rid() in dom_sid_append_rid()
via 51ecf79 libcli/security Merge source3/ string_to_sid() to common
code
via 72a8ea4 s3-util_sid use ARRAY_SIZE() to ensure we never overflow
the dom_sid
via 9d44688 s3-util_sid Accept S-1-5 as a SID
via ce1e273 s3-dom_sid Use C99 types in dom_sid handling
from 4e8d6a7 s3/profile: remove the magical clock initialization from
the profile code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 55b315094ef8a8ed691f9717c28cab301e17ef25
Author: Jeremy Allison j...@samba.org
Date: Tue Sep 14 14:45:45 2010 -0700
Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like
FOO/S-1-5--/BAR.
Jeremy.
commit 15abd86d54c582edfec29dfd55c256b6565da569
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:13:31 2010 +1000
s3-torture Add tests to show that the dom_sid parsing was faulty.
Andrew Bartlett
commit 1892df6ca803aed94e91cbd7a12ca1b8470dfc89
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:11:46 2010 +1000
s3-util_sid Use the NDR parser to parse struct dom_sid
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
commit 46f585e364fc1640cf01ba0c738c6c5559f0b4fd
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:10:31 2010 +1000
libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
commit 51ecf796549287b7f10092778ffb52e018ae32fe
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:09:17 2010 +1000
libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
commit 72a8ea4d1545190bad85ee9f2216499e78b3625a
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:05:59 2010 +1000
s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.
Andrew Bartlett
commit 9d44688681bc196baf1bccbdf84092ffc0510bb7
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:05:30 2010 +1000
s3-util_sid Accept S-1-5 as a SID
commit ce1e273a47105fcef71d054c0192b7985fd5b4f2
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:04:55 2010 +1000
s3-dom_sid Use C99 types in dom_sid handling
Andrew Bartlett
---
Summary of changes:
libcli/security/dom_sid.c | 134 +++--
source3/lib/util_sid.c| 120 +++-
source3/torture/torture.c | 98 +
3 files changed, 198 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index ef534e3..93f8871 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -85,60 +85,110 @@ bool dom_sid_equal(const struct dom_sid *sid1, const
struct dom_sid *sid2)
return dom_sid_compare(sid1, sid2) == 0;
}
-/* Yes, I did think about multibyte issues here, and for all I can see there's
- * none of those for parsing a SID. */
-#undef strncasecmp
+/*
+ Add a rid to the end of a sid
+*/
-bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
+bool sid_append_rid(struct dom_sid *sid, uint32_t rid)
{
- unsigned int rev, ia, num_sub_auths, i;
- char *p;
+ if (sid-num_auths ARRAY_SIZE(sid-sub_auths)) {
+ sid-sub_auths[sid-num_auths++] = rid;
+ return true;
+ }
+ return false;
+}
- if (strncasecmp(sidstr, S-, 2)) {
- return false;
+/*
+ Convert a string to a SID. Returns True on success, False on fail.
+*/
+
+bool string_to_sid(struct dom_sid *sidout, const char *sidstr)
+{
+ const char *p;
+ char *q;
+ /* BIG NOTE:
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via c4a31cf Fix string_to_sid() to allow non '
via ea8f73f s3-torture Add tests to show that the dom_sid parsing was
faulty.
via b45b538 s3-util_sid Use the NDR parser to parse struct dom_sid
via dad0b14 libcli/security Use sid_append_rid() in dom_sid_append_rid()
via 4ac32a5 libcli/security Merge source3/ string_to_sid() to common
code
via 9e31c9a s3-util_sid use ARRAY_SIZE() to ensure we never overflow
the dom_sid
via 1ac4f6a s3-util_sid Accept S-1-5 as a SID (cherry picked from
commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
via 0dc0a81 s3-dom_sid Use C99 types in dom_sid handling
from f4c8bda Fix bug 7409 - Thousands of reduce_name: couldn't get
realpath.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit c4a31cf4d6b1a7c342ed223bdbab3dbd21073f5d
Author: Jeremy Allison j...@samba.org
Date: Tue Sep 14 14:45:45 2010 -0700
Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like
FOO/S-1-5--/BAR.
Jeremy.
(cherry picked from commit 55b315094ef8a8ed691f9717c28cab301e17ef25)
commit ea8f73f2eac760ac723d1b7ef1ab66f40095e286
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:13:31 2010 +1000
s3-torture Add tests to show that the dom_sid parsing was faulty.
Andrew Bartlett
(cherry picked from commit 15abd86d54c582edfec29dfd55c256b6565da569)
commit b45b538198480c8fe75ad2445a365da3abd80eb5
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:11:46 2010 +1000
s3-util_sid Use the NDR parser to parse struct dom_sid
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
(cherry picked from commit 1892df6ca803aed94e91cbd7a12ca1b8470dfc89)
commit dad0b141403fdc576d4fb2e3735a861effa50bc2
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:10:31 2010 +1000
libcli/security Use sid_append_rid() in dom_sid_append_rid()
This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.
Andrew Bartlett
(cherry picked from commit 46f585e364fc1640cf01ba0c738c6c5559f0b4fd)
commit 4ac32a574bc00df3826d20efc4fcfd00c75ed866
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:09:17 2010 +1000
libcli/security Merge source3/ string_to_sid() to common code
The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.
Andrew Bartlett
(cherry picked from commit 51ecf796549287b7f10092778ffb52e018ae32fe)
commit 9e31c9a34a806bebd67f6bd722a7fdfeeede2e8f
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:05:59 2010 +1000
s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.
Andrew Bartlett
(cherry picked from commit 72a8ea4d1545190bad85ee9f2216499e78b3625a)
commit 1ac4f6a4042962aae95c7ac00845035e0abfc646
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:05:30 2010 +1000
s3-util_sid Accept S-1-5 as a SID
(cherry picked from commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
commit 0dc0a81c424a6a11ae8ae52086164dc37e4b3691
Author: Andrew Bartlett abart...@samba.org
Date: Sat Sep 4 14:04:55 2010 +1000
s3-dom_sid Use C99 types in dom_sid handling
Andrew Bartlett
(cherry picked from commit ce1e273a47105fcef71d054c0192b7985fd5b4f2)
---
Summary of changes:
libcli/security/dom_sid.c | 134 +++--
source3/lib/util_sid.c| 120 +++-
source3/torture/torture.c | 98 +
3 files changed, 198 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index ef534e3..93f8871 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -85,60 +85,110 @@ bool dom_sid_equal(const struct dom_sid *sid1, const
struct dom_sid *sid2)
return dom_sid_compare(sid1, sid2) == 0;
}
-/* Yes, I did think about multibyte issues here, and for all I can see there's
- * none of those for parsing a SID. */
-#undef strncasecmp
+/*
+ Add a rid to the end of a sid
+*/
-bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
+bool sid_append_rid(struct dom_sid *sid, uint32_t rid)
{
-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0b270f0 Ensure incoming timespec values correctly wrap at nsecs.
from 55b3150 Fix string_to_sid() to allow non '
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0b270f014f67b8ff49b70fb41b2cceac121f337e
Author: Jeremy Allison j...@samba.org
Date: Tue Sep 14 14:53:17 2010 -0700
Ensure incoming timespec values correctly wrap at nsecs.
Jeremy.
---
Summary of changes:
lib/util/time.c|7 +++
source3/lib/time.c |4
2 files changed, 11 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/time.c b/lib/util/time.c
index ed3b4f8..6fbeb97 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -91,8 +91,15 @@ _PUBLIC_ time_t time_mono(time_t *t)
time_t convert_timespec_to_time_t(struct timespec ts)
{
+ /* Ensure tv_nsec is less than 1sec. */
+ while (ts.tv_nsec 10) {
+ ts.tv_sec += 1;
+ ts.tv_nsec -= 10;
+ }
+
/* 1 ns == 1,000,000,000 - one thousand millionths of a second.
increment if it's greater than 500 millionth of a second. */
+
if (ts.tv_nsec 5) {
return ts.tv_sec + 1;
}
diff --git a/source3/lib/time.c b/source3/lib/time.c
index fad5d97..eba358f 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -409,6 +409,10 @@ void round_timespec_to_usec(struct timespec *ts)
{
struct timeval tv = convert_timespec_to_timeval(*ts);
*ts = convert_timeval_to_timespec(tv);
+ while (ts-tv_nsec 10) {
+ ts-tv_sec += 1;
+ ts-tv_nsec -= 10;
+ }
}
/
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 79cc078 Ensure incoming timespec values correctly wrap at nsecs.
from c4a31cf Fix string_to_sid() to allow non '
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 79cc0785353e14461ece45ae02c0a1477304e1ba
Author: Jeremy Allison j...@samba.org
Date: Tue Sep 14 14:53:17 2010 -0700
Ensure incoming timespec values correctly wrap at nsecs.
Jeremy.
(cherry picked from commit 0b270f014f67b8ff49b70fb41b2cceac121f337e)
---
Summary of changes:
lib/util/time.c|7 +++
source3/lib/time.c |4
2 files changed, 11 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/time.c b/lib/util/time.c
index ed3b4f8..6fbeb97 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -91,8 +91,15 @@ _PUBLIC_ time_t time_mono(time_t *t)
time_t convert_timespec_to_time_t(struct timespec ts)
{
+ /* Ensure tv_nsec is less than 1sec. */
+ while (ts.tv_nsec 10) {
+ ts.tv_sec += 1;
+ ts.tv_nsec -= 10;
+ }
+
/* 1 ns == 1,000,000,000 - one thousand millionths of a second.
increment if it's greater than 500 millionth of a second. */
+
if (ts.tv_nsec 5) {
return ts.tv_sec + 1;
}
diff --git a/source3/lib/time.c b/source3/lib/time.c
index 8b28de6..81106a7 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -409,6 +409,10 @@ void round_timespec_to_usec(struct timespec *ts)
{
struct timeval tv = convert_timespec_to_timeval(*ts);
*ts = convert_timeval_to_timespec(tv);
+ while (ts-tv_nsec 10) {
+ ts-tv_sec += 1;
+ ts-tv_nsec -= 10;
+ }
}
/
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via eeb24af Allows changing the maximum number of simultaneous clients
in winbindd through an smb.conf option.
from 0b270f0 Ensure incoming timespec values correctly wrap at nsecs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit eeb24afd78a6448e808aaf96dbd7d5abf51bbd40
Author: Pierre Carrier pcarr...@redhat.com
Date: Tue Sep 14 16:43:39 2010 -0700
Allows changing the maximum number of simultaneous clients in winbindd
through an smb.conf option.
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
docs-xml/smbdotconf/winbind/winbindmaxclients.xml | 14 ++
source3/include/local.h |3 ---
source3/include/proto.h |1 +
source3/param/loadparm.c | 13 -
source3/winbindd/winbindd.c |8 +++-
5 files changed, 30 insertions(+), 9 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/winbindmaxclients.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/winbindmaxclients.xml
b/docs-xml/smbdotconf/winbind/winbindmaxclients.xml
new file mode 100644
index 000..ae49e45
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/winbindmaxclients.xml
@@ -0,0 +1,14 @@
+samba:parameter name=winbind max clients
+ context=G
+type=integer
+ advanced=1 developer=1
+ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
+description
+ paraThis parameter specifies the maximum number of clients
+ the citerefentryrefentrytitlewinbindd/refentrytitle
+ manvolnum8/manvolnum/citerefentry daemon can connect with.
+ /para
+/description
+
+value type=default200/value
+/samba:parameter
diff --git a/source3/include/local.h b/source3/include/local.h
index a3baf64..93ec4cc 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -239,9 +239,6 @@
/* Number in seconds for winbindd to wait for the mutex. Make this 2 * smbd
wait time. */
#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) *
((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
-/* Max number of simultaneous winbindd socket connections. */
-#define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200
-
/* Buffer size to use when printing backtraces */
#define BACKTRACE_STACK_SIZE 64
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f089c69..e1751e8 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3539,6 +3539,7 @@ int lp_smb_encrypt(int );
char lp_magicchar(const struct share_params *p );
int lp_winbind_cache_time(void);
int lp_winbind_reconnect_delay(void);
+int lp_winbind_max_clients(void);
const char **lp_winbind_nss_info(void);
int lp_algorithmic_rid_base(void);
int lp_name_cache_timeout(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index e3fc2d8..bb6e132 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -262,7 +262,7 @@ struct global {
int oplock_break_wait_time;
int winbind_cache_time;
int winbind_reconnect_delay;
- int winbind_max_idle_children;
+ int winbind_max_clients;
char **szWinbindNssInfo;
int iLockSpinTime;
char *szLdapMachineSuffix;
@@ -4606,6 +4606,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
+ .label = winbind max clients,
+ .type = P_INTEGER,
+ .p_class= P_GLOBAL,
+ .ptr= Globals.winbind_max_clients,
+ .special= NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
.label = winbind enum users,
.type = P_BOOL,
.p_class= P_GLOBAL,
@@ -5299,6 +5308,7 @@ static void init_globals(bool reinit_globals)
Globals.winbind_cache_time = 300; /* 5 minutes */
Globals.winbind_reconnect_delay = 30; /* 30 seconds */
+ Globals.winbind_max_clients = 200;
Globals.bWinbindEnumUsers = False;
Globals.bWinbindEnumGroups = False;
Globals.bWinbindUseDefaultDomain = False;
@@ -5877,6 +5887,7 @@ FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time)
FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, Globals.winbind_reconnect_delay)
+FN_GLOBAL_INTEGER(lp_winbind_max_clients, Globals.winbind_max_clients)
FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, Globals.AlgorithmicRidBase)
[SCM] CTDB repository - branch 1.2 updated - ctdb-1.0.114-331-gc8a985d
The branch, 1.2 has been updated via c8a985d4a01aa146f25472d7d2937d73cafcfb0b (commit) from 478e3d29f2682f7f3ac684eaaa4aafd61da1358b (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.2 - Log - commit c8a985d4a01aa146f25472d7d2937d73cafcfb0b Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 15 14:56:57 2010 +1000 adda GETPUBLICIPS control to libctdb and use this in the test example enhance the test example to show the new releaseip/takeip messages --- Summary of changes: include/ctdb.h | 72 ++ include/ctdb_private.h |8 --- include/ctdb_protocol.h | 16 +++ libctdb/control.c | 48 libctdb/messages.c |2 +- libctdb/sync.c | 19 libctdb/tst.c | 110 --- 7 files changed, 250 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index 92f4626..1c6cf35 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -444,6 +444,43 @@ bool ctdb_getnodemap_recv(struct ctdb_connection *ctdb, struct ctdb_request *req, struct ctdb_node_map **nodemap); /** + * ctdb_getpublicips_send - read the public ip list from a node. + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @callback: the callback when ctdb replies to our message (typesafe) + * @cbdata: the argument to callback() + * + * This control returns the list of public ips known to the local node. + * Deamons only know about those ips that are listed in the local + * public addresses file, which means the returned list of ips may + * be only a subset of all ips across the entire cluster. + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + */ +struct ctdb_request * +ctdb_getpublicips_send(struct ctdb_connection *ctdb, +uint32_t destnode, +ctdb_callback_t callback, +void *cbdata); +/** + * ctdb_getpublicips_recv - read the public ip list from a node + * @ctdb: the ctdb_connection from ctdb_connect. + * @req: the completed request. + * @ips: a pointer to the returned public ip list + * + * This returns false if something went wrong. + * If the command failed, it guarantees to set ips to NULL. + * A non-NULL value for nodemap means the command was successful. + * + * A non-NULL value of the nodemap must be release released/freed + * by ctdb_free_publicips(). + */ +bool ctdb_getpublicips_recv(struct ctdb_connection *ctdb, + struct ctdb_request *req, struct ctdb_all_public_ips **ips); + +/** * ctdb_getrecmaster_send - read the recovery master of a node * @ctdb: the ctdb_connection from ctdb_connect. * @destnode: the destination node (see below) @@ -612,6 +649,37 @@ bool ctdb_getnodemap(struct ctdb_connection *ctdb, void ctdb_free_nodemap(struct ctdb_node_map *nodemap); +/** + * ctdb_getpublicips - read the public ip list from a node. + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @ips: a pointer to the returned public ip list + * + * This control returns the list of public ips known to the local node. + * Deamons only know about those ips that are listed in the local + * public addresses file, which means the returned list of ips may + * be only a subset of all ips across the entire cluster. + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + * + * This returns false if something went wrong. + * If the command failed, it guarantees to set ips to NULL. + * A non-NULL value for nodemap means the command was successful. + * + * A non-NULL value of the nodemap must be release released/freed + * by ctdb_free_publicips(). + */ +bool ctdb_getpublicips(struct ctdb_connection *ctdb, +uint32_t destnode, struct ctdb_all_public_ips **ips); + +/* + * This function is used to release/free the public ip structure returned + * by ctdb_getpublicips() and ctdb_getpublicips_recv() + */ +void ctdb_free_publicips(struct ctdb_all_public_ips *ips); + /* These ugly macro wrappers make the callbacks typesafe. */ #include ctdb_typesafe_cb.h @@ -669,4 +737,8 @@ void ctdb_free_nodemap(struct ctdb_node_map *nodemap); ctdb_getnodemap_send((ctdb), (destnode),\ ctdb_sendcb((cb), (cbdata)), (cbdata)) +#define ctdb_getpublicips_send(ctdb, destnode, cb, cbdata) \ + ctdb_getpublicips_send((ctdb), (destnode), \ +ctdb_sendcb((cb), (cbdata)), (cbdata))
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-316-g21cc578
The branch, master has been updated via 21cc57883e6c02b0e037211b26d1d866d5d7f03d (commit) from c386f2c62f06f1c60047b7d4b1ec7a9eec11873c (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 21cc57883e6c02b0e037211b26d1d866d5d7f03d Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 15 14:56:57 2010 +1000 adda GETPUBLICIPS control to libctdb and use this in the test example enhance the test example to show the new releaseip/takeip messages --- Summary of changes: include/ctdb.h | 72 ++ include/ctdb_private.h |8 --- include/ctdb_protocol.h | 16 +++ libctdb/control.c | 48 libctdb/messages.c |2 +- libctdb/sync.c | 19 libctdb/tst.c | 110 --- 7 files changed, 250 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index 92f4626..1c6cf35 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -444,6 +444,43 @@ bool ctdb_getnodemap_recv(struct ctdb_connection *ctdb, struct ctdb_request *req, struct ctdb_node_map **nodemap); /** + * ctdb_getpublicips_send - read the public ip list from a node. + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @callback: the callback when ctdb replies to our message (typesafe) + * @cbdata: the argument to callback() + * + * This control returns the list of public ips known to the local node. + * Deamons only know about those ips that are listed in the local + * public addresses file, which means the returned list of ips may + * be only a subset of all ips across the entire cluster. + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + */ +struct ctdb_request * +ctdb_getpublicips_send(struct ctdb_connection *ctdb, +uint32_t destnode, +ctdb_callback_t callback, +void *cbdata); +/** + * ctdb_getpublicips_recv - read the public ip list from a node + * @ctdb: the ctdb_connection from ctdb_connect. + * @req: the completed request. + * @ips: a pointer to the returned public ip list + * + * This returns false if something went wrong. + * If the command failed, it guarantees to set ips to NULL. + * A non-NULL value for nodemap means the command was successful. + * + * A non-NULL value of the nodemap must be release released/freed + * by ctdb_free_publicips(). + */ +bool ctdb_getpublicips_recv(struct ctdb_connection *ctdb, + struct ctdb_request *req, struct ctdb_all_public_ips **ips); + +/** * ctdb_getrecmaster_send - read the recovery master of a node * @ctdb: the ctdb_connection from ctdb_connect. * @destnode: the destination node (see below) @@ -612,6 +649,37 @@ bool ctdb_getnodemap(struct ctdb_connection *ctdb, void ctdb_free_nodemap(struct ctdb_node_map *nodemap); +/** + * ctdb_getpublicips - read the public ip list from a node. + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @ips: a pointer to the returned public ip list + * + * This control returns the list of public ips known to the local node. + * Deamons only know about those ips that are listed in the local + * public addresses file, which means the returned list of ips may + * be only a subset of all ips across the entire cluster. + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + * + * This returns false if something went wrong. + * If the command failed, it guarantees to set ips to NULL. + * A non-NULL value for nodemap means the command was successful. + * + * A non-NULL value of the nodemap must be release released/freed + * by ctdb_free_publicips(). + */ +bool ctdb_getpublicips(struct ctdb_connection *ctdb, +uint32_t destnode, struct ctdb_all_public_ips **ips); + +/* + * This function is used to release/free the public ip structure returned + * by ctdb_getpublicips() and ctdb_getpublicips_recv() + */ +void ctdb_free_publicips(struct ctdb_all_public_ips *ips); + /* These ugly macro wrappers make the callbacks typesafe. */ #include ctdb_typesafe_cb.h @@ -669,4 +737,8 @@ void ctdb_free_nodemap(struct ctdb_node_map *nodemap); ctdb_getnodemap_send((ctdb), (destnode),\ ctdb_sendcb((cb), (cbdata)), (cbdata)) +#define ctdb_getpublicips_send(ctdb, destnode, cb, cbdata) \ + ctdb_getpublicips_send((ctdb), (destnode), \ +ctdb_sendcb((cb), (cbdata)),
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ba726b5 s4: Fix two typos
from eeb24af Allows changing the maximum number of simultaneous clients
in winbindd through an smb.conf option.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ba726b5580a7e946eb02631b0a03f9b2d2164a9b
Author: Volker Lendecke v...@samba.org
Date: Tue Sep 14 18:20:08 2010 +0200
s4: Fix two typos
---
Summary of changes:
source4/auth/gensec/spnego.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 612216a..4902cd8 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -421,7 +421,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
if (spnego_state-state_position == SPNEGO_SERVER_START) {
for (i=0; all_sec all_sec[i].op; i++) {
- /* optomisitic token */
+ /* optimistic token */
if (strcmp(all_sec[i].oid, mechType[0]) == 0) {
nt_status =
gensec_subcontext_start(spnego_state,
gensec_security,
@@ -459,7 +459,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
}
}
- /* Having tried any optomisitc token from the client (if we
+ /* Having tried any optimistic token from the client (if we
* were the server), if we didn't get anywhere, walk our list
* in our preference order */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5a0bb22 cldap: prevent crashes when freeing cldap socket via ea223ba s4-server: check the return of irpc_binding_handle_by_name via beb9c6b s4-finddcs: ensure we free previous cldap requests before starting a new one via fcf576f s4-selftest: enable logging in valgrind server xterm via a498ab9 s4-rpc: fixed double free in RPC proxy via 0212800 tsocket: we return -1 on error, not fd via 0009d17 s4-libnet: print the domain name on domain open failure via c18e956 s4-libnet: force IDL printing for high debug levels via 66460c9 s4-resolve: the file backend should not look at the name type via 6012f31 s4-finddcs: show required server type bits on failure via 6c45eeb s4-repl: use consistent API calls for getting DN GUID via 52ae578 s4-netlogon: fixed logic for setting DS_SERVER_WRITABLE via 59d415f4 s4-finddc: use NBT lookup for a 1C name if joining a short domain name via 99f514f s4-selftest: use the full domain name in joins via 4e9f449 s4-join: give a clear error when using short domain form via 011978e s4-rodc: use python finddc code to avoid the need for --server via 2e92484 s4-pynet: added finddc call via 58d59a0 s4-libcli: change finddcs.h - finddc.h via 7f029aa s4-finddcs: rename finddcs to finddcs_nbt via ee61568 s4-winbind: use finddcs_cldap() in winbind via 0c447e3 s4-libnet: use finddcs_cldap() in libnet_lookup via fede78f s4-cldap: don't set the writable bit when we are a RODC via 898674c s4-finddcs: added finddcs_cldap() via 5bbfe2b s4-secrets: fixed shadowed variable warning via 4ff4521 cldap: use ipv4 not up for unbound cldap sockets via dbc9b18 s4-resolve: added resolve_name_multiple_recv() via fa7fd4f s4-dns: fixed lookup of SRV records using dns_ex via ce2004d s4: fixed some printf format errors via 041c699 s4-libnet: converted finddcs call to tevent_req via 94fb612 s4-secrets: fetch secure channel type with domain SID via bd51d30 s4-auth: when we are a DC enable winbind auth via 67ac855 s4-auth: set the RODC bit for RODC schannel via 52445e1 s4-schannel: fixed reference to context after free via 5b02cf1 s4-auth: allow multiple active auth backends via 890a33c s4-smb: serialise session setup operations via ba2c394 talloc: fixed spelling errors in comment via 13a8745 s4-rodc: add a trigger message for REPL_SECRET to auth_sam via f6d85be s4-messaging: add support for no_reply in irpc messages via b9393e4 s4-kcc: removed redundent loop check via 2fbf10e s4-smb: smbsrv_blob_push_string() can return -1 via a17da70 s4-dsdb: check for invalid backend type via 3e88f3c s4-rootdse: setup length after NULL check via d00cb8b s4-dsdb: fixed use after free for RODC via 597372d s4-dsdb: free right context on failure via cbd8297 s4-dsdb: defer ac-msg after check for NULL ac via 5a4a11c s4-anr: check for allocation failure before use from ba726b5 s4: Fix two typos http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a0bb2234e86c6718c9dbfd7a087ab7c1b7f6bb4 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 15 14:24:51 2010 +1000 cldap: prevent crashes when freeing cldap socket As a callback may destroy the cldap socket we need to ensure we don't reference the cldap structure after the callback Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit ea223baabc599415bf8da14a53cb77632343bc82 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 15 13:14:42 2010 +1000 s4-server: check the return of irpc_binding_handle_by_name Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit beb9c6be70bcbd04c087c8352cf480e4f869448f Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 15 12:22:48 2010 +1000 s4-finddcs: ensure we free previous cldap requests before starting a new one commit fcf576f002cc2b6dc7e3ecc3533572adcfcb1ffe Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 15 12:16:00 2010 +1000 s4-selftest: enable logging in valgrind server xterm when running with valgrind on the server, enable logging in the xterm so you get a permanent record of any errors commit a498ab90fbad872c36900a86fe7ccada64c3c4a7 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 15 11:23:15 2010 +1000 s4-rpc: fixed double free in RPC proxy the unbind method is only called when the dcesrv_connection_context is being destroyed (its called from the destructor). That means that priv is either already free, or is about to be freed, so don't free it again commit 0212800de8c6367c9da7939fc43a1fa23c7da2bf Author: Andrew
