Re: [Samba] nfs4 with Samba 4
On 29/01/12 08:17, steve wrote: On 29/01/12 07:32, Gémes Géza wrote: 2012-01-28 21:44 keltezéssel, steve írta: On 28/01/12 20:29, Gémes Géza wrote: 2012-01-28 18:41 keltezéssel, steve írta: On 28/01/12 12:21, steve wrote: On 28/01/12 11:03, Gémes Géza wrote: As the nfs4 is writeable without the krb5, that's why I thought it may be related to the S4 Kerbreros. Thanks for your patience, Steve Unfortunately I can't be of real help here (I don't remember anything similar from when I was using nfs4 with krb5) and it seems to be very nfs4 specific, the kerberos (samba4) part has done its job (obtaining machine ticket at mount time, and user ticket when you cd-ed into the mount. What goes on from then is nfs4s own business :-( . I would suggest to ask for help at (I don't know if there is one :-( ) a nfs4 mailing list/forum.Good Luck! Regards Geza Hi Thanks for the confirmation. There is a nfs list: linux-...@vger.kernel.org It's a high tension version of samba-technical, and there is a three headed dog guarding its entrance, but I've been courageous enough to subscribe and post there. Maybe they'll suggest I use cifs! Cheers, Steve Let's see if openSUSE can help. Must be worth a try. https://bugzilla.novell.com/show_bug.cgi?id=743976 Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba member server creates sambaDomainName LDAP entry
I have the following box setup as a file server # cat /etc/redhat-release CentOS release 6.2 (Final) # uname -r 2.6.32-220.4.1.el6.x86_64 # rpm -qa | grep samba samba-3.5.10-114.el6.x86_64 samba-winbind-clients-3.5.10-114.el6.x86_64 samba-client-3.5.10-114.el6.x86_64 samba-winbind-3.5.10-114.el6.x86_64 samba-common-3.5.10-114.el6.x86_64 I have created a Domain Member Server for a NT4 style Samba domain with an LDAP backend. I have PDC(samba-3.4.15+LDAP) installed on CentOS-5.7. After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. sambaDomainName=FS2 Where FS2 is the netbios name of the domain member server. # testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [install] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] dos charset = cp866 unix charset = utf8 display charset = utf8 workgroup = W3 server string = File server 2 security = DOMAIN passdb backend = ldapsam:ldap://pdc.w3.lan/; client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/samba.log max log size = 5 name resolve order = wins bcast hosts deadtime = 15 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No printcap name = /dev/null disable spoolss = Yes show add printer wizard = No os level = 8 lm announce = No local master = No domain master = No dns proxy = No wins server = 192.168.210.104 ldap admin dn = cn=root,dc=w3,dc=lan ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap suffix = dc=w3,dc=lan ldap ssl = no ldap user suffix = ou=users host msdfs = No idmap backend = ldap:ldap://pdc.w3.lan/; idmap uid = 5-50 idmap gid = 5-50 winbind trusted domains only = Yes [install] comment = Soft deployment path = /data/install/ valid users = @W3\w3-install write list = adomoradov All test on the domain member server works fine # wbinfo -p Ping to winbindd succeeded # wbinfo -t checking the trust secret for domain W3 via RPC calls succeeded # wbinfo -u | head -3 root nobody adomoradov # wbinfo -g | head -3 domain admins domain users domain guests # id adomoradov uid=1017(adomoradov) gid=512(Domain Admins) groups=512(Domain Admins),513(Domain Users),1027(w3-intdev),1336(w3-svn),1338(w3j-intdev) # wbinfo -a adomoradov%1234567 plaintext password authentication succeeded challenge/response password authentication succeeded Why does my domain member server create a sambaDomainName entry in LDAP? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TS licensing problem on samba domain
Hello, We have recently joined a Windows Server 2008 R1 on our samba domain as a domain member. The samba domain controller runs Samba version 3.4.9 on FreeBSD 8.2. We use the Windows Server as a terminal server for our domain users who need an accounting application called Acomba. Therefore we have added TS User CALs to the server in question. The TS Licensing Server was activated and the licenses were installed succesfully. The problem comes when we use the Licensing Diagnosis tool inside the TS Configuration application. It then reports that it cannot find the TS Licensing Server and that we are still within the grace period. For screenshots: https://plus.google.com/photos/100715566554708088795/albums/5703093746740210577 You might wonder why I am sending this question on the samba mailing list. I have found that when I put the Windows Server on a workgroup I then no longer get problems with the Licensing Diagnosis. The licensing server is detected and it reports correctly that I have 6 TS CALs. But I much prefer to have the server on the domain. I have also found other posts with people having the same problem: http://forums.techarena.in/windows-server-help/1386174.htm http://lists.samba.org/archive/samba/2009-September/150555.html We have posted the question on Microsoft's forums without getting an answer: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/e1eb6576-e3c2-4bca-86fc-ab5a91718e5a I have also called Microsoft and they have confirmed to me that this is a technical issue and that the licenses are correctly installed. I get the feeling however that when I tell them I use a Samba domain controller they won't be of any help. Thank you for your help, Ludovic Rouse-Lamarre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind group membership
Hi. On 28.01.2012 15:03, Volker Lendecke wrote: id user can not work reliably without a successful authentication using wbinfo -a before. There are just too many group combinations to take care of, and certain trust scenarios just can never work due to insufficient access to the trusted domains. If you have a problem with id after having successfully logged in to the box, this is a problem that we will definitely chase. So, as I understand, I should try 'wbinfo -a username%password' ? Is this just for test, or should this be done for every username to refresh the groups the user is in ? Anyway, I tried id both ways and this doesn't change group list for the user. Should I report the bug ? P.S. Also, what can be possible reason of 'wbinfo -a' working in challenge/response only under the root account on some machines ? Plaintext authentication doesn't have this problem. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba member server creates sambaDomainName LDAP entry
On Sun, 2012-01-29 at 14:45 +0200, Alex Domoradov wrote: I have the following box setup as a file server After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. sambaDomainName=FS2 Where FS2 is the netbios name of the domain member server. security = DOMAIN passdb backend = ldapsam:ldap://pdc.w3.lan/; This is the why the entry is created. You have pointed your member server at the LDAP backend of the DC. The member server started to write it's own information there. Simply remove this line and use a local passdb for the local users - communication between Samba member servers and Samba3 DCs is not over LDAP. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.6.3 Security Release Available
Release Announcements = This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). o CVE-2012-0817: The Samba File Serving daemon (smbd) in Samba versions 3.6.0 to 3.6.2 is affected by a memory leak that can cause a server denial of service. Changes since 3.6.2: o Jeremy Allison j...@samba.org * BUG 8724: Fix memory leak in parent smbd on connection. o Ira Cooper sa...@ira.wakeful.net * BUG 8724: Fix memory leak in parent smbd on connection. ## Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.6 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.6.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba member server creates sambaDomainName LDAP entry
Thanks Andrew, I have removed passdb backend from smb.conf and deleted all tdb files on the member server. I again rejoined member server to the domain. After that all works fine # net rpc join -U adomoradov MEMBER Enter adomoradov's password: Joined domain W3. # smbpasswd -w 1234567 Setting stored password for cn=root,dc=w3,dc=lan in secrets.tdb # net getdomainsid SID for local machine FS2 is: S-1-5-21-734847482-1323587187-1959668561 SID for domain W3 is: S-1-5-21-250625134-237382211-2379110221 # net rpc info -U adomoradov Enter adomoradov's password: Domain Name: W3 Domain SID: S-1-5-21-250625134-237382211-2379110221 Sequence number: 1327870393 Num users: 398 Num domain groups: 39 Num local groups: 0 # ldapsearch -H ldap://pdc.w3.lan/ -LLL -x -b 'dc=w3,dc=lan' 'objectClass=sambaDomain' dn: sambaDomainName=W3,dc=w3,dc=lan sambaRefuseMachinePwdChange: 0 objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaSID: S-1-5-21-250625134-237382211-2379110221 sambaDomainName: W3 sambaLockoutDuration: 15 sambaLockoutObservationWindow: 10 sambaLockoutThreshold: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaNextRid: 1281 sambaAlgorithmicRidBase: 1000 gidNumber: 1353 sambaMaxPwdAge: -1 sambaPwdHistoryLength: 0 uidNumber: 1878 On Sun, Jan 29, 2012 at 10:31 PM, Andrew Bartlett abart...@samba.orgwrote: On Sun, 2012-01-29 at 14:45 +0200, Alex Domoradov wrote: I have the following box setup as a file server After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. sambaDomainName=FS2 Where FS2 is the netbios name of the domain member server. security = DOMAIN passdb backend = ldapsam:ldap://pdc.w3.lan/; This is the why the entry is created. You have pointed your member server at the LDAP backend of the DC. The member server started to write it's own information there. Simply remove this line and use a local passdb for the local users - communication between Samba member servers and Samba3 DCs is not over LDAP. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind craps out, NT_STATUS_PIPE_BROKEN
Hi Jay, thanks for your comments on your workaround. I too come from an environment where there are 1000s of users to pick from who're unlikely to login. I found that using the command getent passwd username just came back empty when the aforementioned error shows in the log. I don't suppose you've noticed a point in time when the pipe breaks? I would be interested to find what causes the break, a change in AD or the server running winbind? If we could detect the break then we might be closer to the root cause. Many thanks, Matt On 26/01/2012 17:17, Jay Sullivan wrote: I'm not going to show you my code because everyone will make fun of me. But here is the 10 second version: I'm checking on the results of the `id` command from an array of usernames that don't frequently connect to my samba box. Most users in our AD are members of dozens or hundreds of groups, so I simply check on the length of the output from `id` and decide on whether or not to restart winbind. The output will typically be empty when winbind is down, but it'll occasionally report just a few groups instead of the usual hundreds. Why an array of infrequent users? I've found that once I do `id username1`, that user will be stuck in the winbind cache for a while and won't help me figure out if winbind is broken. Since I have the luxury(?) of thousands of users in our AD that will (probably) never connect to my samba box, I picked a sample and ran with it. It works _most_ of the time, but it's not a solution. I'm good at band aids, but suck at surgery. =( Please forward this to the samba mailing list for me. I just got a bounce from my mail server and it'll take some time to sort out: Your e-mail service was detected by mx.selfip.biz (NiX Spam) as spamming. Blacklisting is a necessary evil, I suppose... ~Jay -Original Message- From: Matthew Baker [mailto:matt.ba...@bristol.ac.uk] Sent: Thursday, January 26, 2012 11:41 AM To: Jay Sullivan Cc: samba@lists.samba.org Subject: Re: winbind craps out, NT_STATUS_PIPE_BROKEN -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jay, many thanks for your response. I have a similar set of scripts currently they only run wbinfo -t and a script to check net ads testjoin is sane. They don't catch this. I was thinking about processing the log with something like swatch but it's a kludge. I would be interested in seeing your sanity checks if you don't mind? Cheers, Matt On 26/01/12 16:32, Jay Sullivan wrote: I am still experiencing this problem. I've scripted out some winbind sanity checks that catch when it poops out and restart winbind automagically. I recently migrated our biggest samba host from Debian 5 to RHEL 6. The problem persists, albeit slightly less frequently (not very scientific, I know...). I typically only have problems with winbind when there are 200 users connected _or_ 500 open files as reported by smbstatus. Unfortunately for me, these conditions describe a typical samba load during off-peak hours. =( ~Jay -- Jay Sullivan Rochester Institute of Technology College of Imaging Arts and Sciences jay.sulli...@rit.edu -Original Message- From: Matthew Baker [mailto:matt.ba...@bristol.ac.uk] Sent: Tuesday, January 24, 2012 3:34 AM To: Jay Sullivan; samba@lists.samba.org Subject: Re: winbind craps out, NT_STATUS_PIPE_BROKEN Hi Jay/Samba peeps, Emailing in reference to http://lists.samba.org/archive/samba/2011-April/162277.html I have seen a very similar issue with a similar setup. Users fail to be verified with: getent passwd username Entry in the log at same time is: [2012/01/23 16:58:53.159761, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [18510]: request interface version [2012/01/23 16:58:53.159966, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [18510]: request location of privileged pipe [2012/01/23 16:58:53.160214, 3] winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send) getpwnam username [2012/01/23 16:58:53.162493, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-1117850145-1682116191-196506527-126617: NT_STATUS_PIPE_BROKEN Restarting winbindd solves the problem temporarily. I've attached a copy of the smb.conf. OS: Debian Squeeze 6.0.3 Kernel: 2.6.32-5-686-bigmem samba 2:3.5.6~dfsg-3squeeze5 winbind 2:3.5.6~dfsg-3squeeze5 Jay did you find a solution to your problem? Has anyone else on the list seen similar issues or have any ideas of what might be happening? Any advice or pointers would be very much appreciated. Thanks, Matt - -- Matthew Baker :: Senior Systems Administrator :: University of Bristol +--+ | Infrastructure, Systems and Operations it-sys...@bristol.ac.uk | | T: Berkeley Square: +44(0)117 3314325 (Mon, Thur Fri) | | T: Computer Centre: +44(0)117 3317467 (Tue, Wed) | | A: Uni of Bristol, Computer Centre, Tyndall Ave, Bristol. BS81UD |
Re: [Samba] TS licensing problem on samba domain
On Sun, 2012-01-29 at 12:02 -0500, Ludovic Rouse-Lamarre wrote: Hello, We have recently joined a Windows Server 2008 R1 on our samba domain as a domain member. The samba domain controller runs Samba version 3.4.9 on FreeBSD 8.2. We use the Windows Server as a terminal server for our domain users who need an accounting application called Acomba. Therefore we have added TS User CALs to the server in question. The TS Licensing Server was activated and the licenses were installed succesfully. The problem comes when we use the Licensing Diagnosis tool inside the TS Configuration application. It then reports that it cannot find the TS Licensing Server and that we are still within the grace period. I have also called Microsoft and they have confirmed to me that this is a technical issue and that the licenses are correctly installed. I get the feeling however that when I tell them I use a Samba domain controller they won't be of any help. Microsoft has gone to great technical lengths to support Samba3 domains. It may well be that some functionality of Microsoft products relies on an AD domain (which we are providing with Samba4), but do not assume that they will be hostile. If they claim an interoperability issue, we can refer that to the group within Microsoft that specifically deals with interoperability issues for us. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind craps out, NT_STATUS_PIPE_BROKEN
I see a tiny correlation when our (Winodws) domain controllers reboot. After patch MS patch Tuesday, I'm guaranteed at least one winbind failure when the DC that I'm presently connected to reboots. In my kerb config, I'm using a kdc address that round-robins to all of our DCs. When the DC reboots, it's taken out of the rotation, so that shouldn't cause any connection loss, right? Sometime next week we won't have any more 2003 domain controllers--all will be replaced with 2008. Maybe this will solve my problem? At the height of my issue, I was seeing winbind problems every 2 hours or so. This was on Debian 5 with Samba 3.4.latest. I've since moved to RHEL 6 and Samba 3.5.10.blah. Since moving to RHEL/Samba 3.5, I've experienced significantly less problems with winbind, maybe a few times a week (that I've detected). At the same time, some of our oldest 2003 domain controllers were retired, so this could be a case of correlation != causation. The symptoms are the same as Matthew. When I try 'getent usernamethatisnotincache', I get nothing. Cached users are fine. Similar results with 'id'. Restarting winbind fixes it. I started logging a bunch of stuff when my script picked up a winbind failure. Sometimes, but not always, there would be several extra winbindd processes running. I usually have 8 winbindd processes (we have a few trusted domains, it seems that increases the number of winbindd processes) running, but a snapshot of 'ps' before I restarted winbind would show maybe 10 or 12 winbindd processes. I also cranked up the log level for a while, but my untrained eye couldn't seem to make any correlation to a specific event before non-cached winbind lookups started to fail. ~Jay -Original Message- From: Matthew Baker [mailto:matt.ba...@bristol.ac.uk] Sent: Sunday, January 29, 2012 6:21 PM To: Jay Sullivan; samba@lists.samba.org Subject: Re: winbind craps out, NT_STATUS_PIPE_BROKEN Hi Jay, thanks for your comments on your workaround. I too come from an environment where there are 1000s of users to pick from who're unlikely to login. I found that using the command getent passwd username just came back empty when the aforementioned error shows in the log. I don't suppose you've noticed a point in time when the pipe breaks? I would be interested to find what causes the break, a change in AD or the server running winbind? If we could detect the break then we might be closer to the root cause. Many thanks, Matt On 26/01/2012 17:17, Jay Sullivan wrote: I'm not going to show you my code because everyone will make fun of me. But here is the 10 second version: I'm checking on the results of the `id` command from an array of usernames that don't frequently connect to my samba box. Most users in our AD are members of dozens or hundreds of groups, so I simply check on the length of the output from `id` and decide on whether or not to restart winbind. The output will typically be empty when winbind is down, but it'll occasionally report just a few groups instead of the usual hundreds. Why an array of infrequent users? I've found that once I do `id username1`, that user will be stuck in the winbind cache for a while and won't help me figure out if winbind is broken. Since I have the luxury(?) of thousands of users in our AD that will (probably) never connect to my samba box, I picked a sample and ran with it. It works _most_ of the time, but it's not a solution. I'm good at band aids, but suck at surgery. =( Please forward this to the samba mailing list for me. I just got a bounce from my mail server and it'll take some time to sort out: Your e-mail service was detected by mx.selfip.biz (NiX Spam) as spamming. Blacklisting is a necessary evil, I suppose... ~Jay -Original Message- From: Matthew Baker [mailto:matt.ba...@bristol.ac.uk] Sent: Thursday, January 26, 2012 11:41 AM To: Jay Sullivan Cc: samba@lists.samba.org Subject: Re: winbind craps out, NT_STATUS_PIPE_BROKEN -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jay, many thanks for your response. I have a similar set of scripts currently they only run wbinfo -t and a script to check net ads testjoin is sane. They don't catch this. I was thinking about processing the log with something like swatch but it's a kludge. I would be interested in seeing your sanity checks if you don't mind? Cheers, Matt On 26/01/12 16:32, Jay Sullivan wrote: I am still experiencing this problem. I've scripted out some winbind sanity checks that catch when it poops out and restart winbind automagically. I recently migrated our biggest samba host from Debian 5 to RHEL 6. The problem persists, albeit slightly less frequently (not very scientific, I know...). I typically only have problems with winbind when there are 200 users connected _or_ 500 open files as reported by smbstatus. Unfortunately for me, these conditions describe a
[Announce] Samba 3.6.3 Security Release Available
Release Announcements = This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). o CVE-2012-0817: The Samba File Serving daemon (smbd) in Samba versions 3.6.0 to 3.6.2 is affected by a memory leak that can cause a server denial of service. Changes since 3.6.2: o Jeremy Allison j...@samba.org * BUG 8724: Fix memory leak in parent smbd on connection. o Ira Cooper sa...@ira.wakeful.net * BUG 8724: Fix memory leak in parent smbd on connection. ## Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.6 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.6.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f6fb55a libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED from 965b831 s3-selftest: Add test for posix large reads and writes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f6fb55aeae12b6832a1cbd11195958fc9e0d8e45 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 29 11:26:24 2012 +0100 libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104 --- Summary of changes: libcli/util/nterr.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/util/nterr.c b/libcli/util/nterr.c index bd07baf..4513e5c 100644 --- a/libcli/util/nterr.c +++ b/libcli/util/nterr.c @@ -570,7 +570,7 @@ const nt_err_code_struct nt_errs[] = { NT_STATUS_RPC_PIPE_EMPTY, NT_STATUS_RPC_PIPE_EMPTY }, { NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED, NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED }, { NT_STATUS_OBJECTID_NOT_FOUND, NT_STATUS_OBJECTID_NOT_FOUND }, - { NT_STATUS_NETWORK_SESSION_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED }, + { NT_STATUS_NETWORK_SESSION_EXPIRED, NT_STATUS_NETWORK_SESSION_EXPIRED }, { NT_STATUS_ALL_SIDS_FILTERED, NT_STATUS_ALL_SIDS_FILTERED }, { NT_STATUS_DOWNGRADE_DETECTED, NT_STATUS_DOWNGRADE_DETECTED }, { NT_STATUS_NO_S4U_PROT_SUPPORT, NT_STATUS_NO_S4U_PROT_SUPPORT }, -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-01-29-1625/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-01-29-1625/samba3.stderr http://git.samba.org/autobuild.flakey/2012-01-29-1625/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-01-29-1625/samba4.stderr http://git.samba.org/autobuild.flakey/2012-01-29-1625/samba4.stdout The top commit at the time of the failure was: commit f6fb55aeae12b6832a1cbd11195958fc9e0d8e45 Author: Stefan Metzmacher me...@samba.org Date: Sun Jan 29 11:26:24 2012 +0100 libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0db7086 s3: Fix unused variable warnings from f6fb55a libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0db70861ef1ebd9273d161231a4499a1eb07c4ff Author: Volker Lendecke v...@samba.org Date: Sun Jan 29 14:58:43 2012 +0100 s3: Fix unused variable warnings Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Sun Jan 29 16:33:29 CET 2012 on sn-devel-104 --- Summary of changes: source3/passdb/machine_account_secrets.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index a2bd8be..4a6642e 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -88,7 +88,9 @@ bool secrets_clear_domain_protection(const char *domain) bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid) { +#if _SAMBA_BUILD_ == 4 char *protect_ids; +#endif bool ret; #if _SAMBA_BUILD_ == 4 @@ -132,7 +134,9 @@ bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid) bool secrets_store_domain_guid(const char *domain, struct GUID *guid) { +#if _SAMBA_BUILD_ == 4 char *protect_ids; +#endif fstring key; #if _SAMBA_BUILD_ == 4 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 9646202 s3-smbd: Fix bug #8724. via 677f557 WHATSNEW: Add release notes for 3.6.3. via a3dd55e VERSION: Bump version up to 3.6.3. from a3dcfb6 WHATSNEW: Add another change. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 964620240c83024bea8bbce0bc282b0851513808 Author: Ira Cooper i...@wakeful.net Date: Sun Jan 29 20:36:05 2012 +0100 s3-smbd: Fix bug #8724. Fix bug #8724 - Memory leak in parent smbd on connection. This is CVE-2012-0817. Patch have been created by Ira Cooper i...@wakeful.net and Jeremy Allison j...@samba.org. commit 677f5573570ad1cbd4c1e1d920f67a0d20edea25 Author: Karolin Seeger ksee...@samba.org Date: Sun Jan 29 20:33:38 2012 +0100 WHATSNEW: Add release notes for 3.6.3. Karolin commit a3dd55e40cc905a4535d1786f2d53cda221fb3e2 Author: Karolin Seeger ksee...@samba.org Date: Sun Jan 29 20:33:15 2012 +0100 VERSION: Bump version up to 3.6.3. Karolin --- Summary of changes: WHATSNEW.txt | 54 - source3/VERSION |2 +- source3/lib/substitute.c |9 ++- source3/smbd/server.c|6 + 4 files changed, 66 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b3e5008..2868320 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ = + Release Notes for Samba 3.6.3 + January 29, 2012 + = + + +This is a security release in order to address +CVE-2012-0817 (Memory leak/Denial of service). + +o CVE-2012-0817: + The Samba File Serving daemon (smbd) in Samba versions + 3.6.0 to 3.6.2 is affected by a memory leak that can + cause a server denial of service. + + +Changes since 3.6.2: + + + +o Jeremy Allison j...@samba.org +* BUG 8724: Fix memory leak in parent smbd on connection. + + +o Ira Cooper sa...@ira.wakeful.net +* BUG 8724: Fix memory leak in parent smbd on connection. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + = Release Notes for Samba 3.6.2 January 25, 2012 = @@ -174,8 +223,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + = Release Notes for Samba 3.6.1 diff --git a/source3/VERSION b/source3/VERSION index 7fcffce..f496624 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # Bug fix releases use a letter for the patch revision # diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index e72a8c3..68328e5 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name) } static char sub_peeraddr[INET6_ADDRSTRLEN]; -static const char *sub_peername = ; +static const char *sub_peername = NULL; static char sub_sockaddr[INET6_ADDRSTRLEN]; void sub_set_socket_ids(const char *peeraddr, const char *peername, @@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername, } strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr)); + if (sub_peername != NULL + sub_peername != sub_peeraddr) { +
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 71e7cdc s3-smbd: Fix bug #8724. via 3f117d2 WHATSNEW: Add release notes for 3.6.3. via e35523c VERSION: Bump version up to 3.6.3. from b0cd2e5 WHATSNEW: Add another change. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 71e7cdcce26c1ed7504760a94cf51e79b2ec570c Author: Ira Cooper i...@wakeful.net Date: Sun Jan 29 20:36:05 2012 +0100 s3-smbd: Fix bug #8724. Fix bug #8724 - Memory leak in parent smbd on connection. This is CVE-2012-0817. Patch have been created by Ira Cooper i...@wakeful.net and Jeremy Allison j...@samba.org. (cherry picked from commit 964620240c83024bea8bbce0bc282b0851513808) commit 3f117d2bcf33913e7cc3e4b0e01ac98f649fa078 Author: Karolin Seeger ksee...@samba.org Date: Sun Jan 29 20:33:38 2012 +0100 WHATSNEW: Add release notes for 3.6.3. Karolin (cherry picked from commit 677f5573570ad1cbd4c1e1d920f67a0d20edea25) commit e35523c33ab626a8dee8e037aa2027cdc5ad01a6 Author: Karolin Seeger ksee...@samba.org Date: Sun Jan 29 20:33:15 2012 +0100 VERSION: Bump version up to 3.6.3. Karolin (cherry picked from commit a3dd55e40cc905a4535d1786f2d53cda221fb3e2) --- Summary of changes: WHATSNEW.txt | 54 - source3/VERSION |2 +- source3/lib/substitute.c |9 ++- source3/smbd/server.c|6 + 4 files changed, 66 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b3e5008..2868320 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ = + Release Notes for Samba 3.6.3 + January 29, 2012 + = + + +This is a security release in order to address +CVE-2012-0817 (Memory leak/Denial of service). + +o CVE-2012-0817: + The Samba File Serving daemon (smbd) in Samba versions + 3.6.0 to 3.6.2 is affected by a memory leak that can + cause a server denial of service. + + +Changes since 3.6.2: + + + +o Jeremy Allison j...@samba.org +* BUG 8724: Fix memory leak in parent smbd on connection. + + +o Ira Cooper sa...@ira.wakeful.net +* BUG 8724: Fix memory leak in parent smbd on connection. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + = Release Notes for Samba 3.6.2 January 25, 2012 = @@ -174,8 +223,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + = Release Notes for Samba 3.6.1 diff --git a/source3/VERSION b/source3/VERSION index e8a1992..9ba1b54 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # Bug fix releases use a letter for the patch revision # diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index e72a8c3..68328e5 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name) } static char sub_peeraddr[INET6_ADDRSTRLEN]; -static const char *sub_peername = ; +static const char *sub_peername = NULL; static char sub_sockaddr[INET6_ADDRSTRLEN]; void sub_set_socket_ids(const char *peeraddr, const char *peername, @@ -208,6 +208,11 @@ void sub_set_socket_ids(const char
[SCM] Samba Shared Repository - annotated tag samba-3.6.3 created
The annotated tag, samba-3.6.3 has been created at efd7e8a94054021d0331ba11ae8b6b6be6cf469c (tag) tagging 71e7cdcce26c1ed7504760a94cf51e79b2ec570c (commit) replaces samba-3.6.2 tagged by Karolin Seeger on Sun Jan 29 20:41:47 2012 +0100 - Log - tag samba-3.6.3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBPJaEdbzORW2Vot+oRAlUFAJ480DclBiQfy8j4Ulj1T6FDZzBlpwCgjWxM ulEOK6uu2YTQbnRTMxsypGg= =H6m+ -END PGP SIGNATURE- Ira Cooper (1): s3-smbd: Fix bug #8724. Karolin Seeger (2): VERSION: Bump version up to 3.6.3. WHATSNEW: Add release notes for 3.6.3. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2e6773c Announce Samba 3.6.3. from 9190d58 Fix release date. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2e6773c8d60f2fce8207429b4fa1b92649700d08 Author: Karolin Seeger ksee...@samba.org Date: Sun Jan 29 21:17:31 2012 +0100 Announce Samba 3.6.3. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 18 generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 18 history/header_history.html |1 + history/samba-3.6.3.html| 43 + history/security.html | 10 latest_stable_release.html |6 +- security/CVE-2012-0817.html | 78 +++ 8 files changed, 155 insertions(+), 23 deletions(-) create mode 100755 history/samba-3.6.3.html create mode 100644 security/CVE-2012-0817.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 1071ffc..06268ce 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,12 @@ + h5a name=3.6.329 January 2012/a/h5 + p class=headlineSamba 3.6.3 Security Release Available for Download/p + pThis is a security release in order to address a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0817;CVE-2012-0817 (Memory leak/Denial of service)/a./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.6.3.tar.gz;downloaded +now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.2-3.6.3.diffs.gz;patch against Samba 3.6.2/a is also available. See the a href=http://samba.org/samba/history/samba-3.6.3.html;release notes/a for more info./p + h5a name=3.6.225 January 2012/a/h5 p class=headlineSamba 3.6.2 Available for Download/p pThis is the latest stable release of the Samba 3.6 series./p @@ -82,12 +91,3 @@ enhanced library components./p using GnuPG (ID 6568B7EA). The source code can be a href=http://samba.org/samba/ftp/stable/samba-3.6.0.tar.gz;downloaded now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.11-3.6.0.diffs.gz;patch against Samba 3.5.11/a is also available. See a href=http://samba.org/samba/history/samba-3.6.0.html;the release notes for more info/a./p - - h5a name=3.5.1104 August 2011/a/h5 - p class=headlineSamba 3.5.11 Available for Download/p - pThis is the latest stable release of the Samba 3.5 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.5.11.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.10-3.5.11.diffs.gz;patch against Samba 3.5.10/a is also available. See a href=http://samba.org/samba/history/samba-3.5.11.html;the release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 05cf7ba..f8b235c 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 29 January 2012 a href=#3.6.3Samba 3.6.3 Security Release Available for Download/a/li + li 25 January 2012 a href=#3.6.2Samba 3.6.2 Available for Download/a/li li 17 January 2012 a href=http://lwn.net/SubscriberLink/475592/8ed5bac474ed9f8a/;A Samba 4 update/a featured by a href=http://LWN.net/LWN.net/a./li @@ -16,6 +18,4 @@ li 09 August 2011 a href=/samba/news/releases/3.6.0.htmlThe highlights of Samba 3.6/a/li li 09 August 2011 a href=#3.6.0Samba 3.6.0 Available for Download/a/li - - li 04 August 2011 a href=#3.5.11Samba 3.5.11 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 4ec8153..7376bf6 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,12 @@ + h5a name=3.6.329 January 2012/a/h5 + p class=headlineSamba 3.6.3 Security Release Available for Download/p + pThis is a security release in order to address a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0817;CVE-2012-0817 (Memory leak/Denial of service)/a./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.6.3.tar.gz;downloaded +now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.2-3.6.3.diffs.gz;patch against Samba 3.6.2/a is also available. See the a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 697a6e9 auth: provide private pointer and do not return original PAC signatures from 0db7086 s3: Fix unused variable warnings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 697a6e9504d9f3eefd97c7c822e90feddd9b9a3b Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 30 08:00:28 2012 +1100 auth: provide private pointer and do not return original PAC signatures There is no need to return the PAC signatures via the special-purpose torture element. Instead, use a private pointer on the auth_context in conjunction with the private PAC processing method. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104 --- Summary of changes: auth/common_auth.h |3 ++ librpc/idl/auth.idl |2 - source4/torture/rpc/remote_pac.c | 74 - 3 files changed, 43 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/common_auth.h b/auth/common_auth.h index 40f7da4..3991c40 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -102,6 +102,9 @@ struct auth4_context { /* SAM database for this local machine - to fill in local groups, or to authenticate local NTLM users */ struct ldb_context *sam_ctx; + /* Private data for the callbacks on this auth context */ + void *private_data; + NTSTATUS (*check_password)(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl index 3b4853b..2451d2b 100644 --- a/librpc/idl/auth.idl +++ b/librpc/idl/auth.idl @@ -57,8 +57,6 @@ interface auth /* Number SIDs from the DC netlogon validation info */ uint32 num_dc_sids; [size_is(num_dc_sids)] dom_sid dc_sids[*]; - PAC_SIGNATURE_DATA *pac_srv_sig; - PAC_SIGNATURE_DATA *pac_kdc_sig; } auth_user_info_torture; typedef [public] struct { diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index 625dfe7..0e70cab 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -42,6 +42,11 @@ #define TEST_MACHINE_NAME_S2U4SELF_BDC tests2u4selfbdc #define TEST_MACHINE_NAME_S2U4SELF_WKSTA tests2u4selfwk +struct pac_data { + struct PAC_SIGNATURE_DATA *pac_srv_sig; + struct PAC_SIGNATURE_DATA *pac_kdc_sig; +}; + /* A helper function which avoids touching the local databases to * generate the session info, as we just want to verify the PAC * details, not the full local token */ @@ -56,20 +61,21 @@ static NTSTATUS test_generate_session_info_pac(struct auth4_context *auth_ctx, { NTSTATUS nt_status; struct auth_user_info_dc *user_info_dc; - struct PAC_SIGNATURE_DATA *pac_srv_sig = NULL; - struct PAC_SIGNATURE_DATA *pac_kdc_sig = NULL; TALLOC_CTX *tmp_ctx; - + struct pac_data *pac_data; + tmp_ctx = talloc_named(mem_ctx, 0, gensec_gssapi_session_info context); NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); - pac_srv_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); - if (!pac_srv_sig) { + auth_ctx-private_data = pac_data = talloc_zero(auth_ctx, struct pac_data); + + pac_data-pac_srv_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); + if (!pac_data-pac_srv_sig) { talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } - pac_kdc_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); - if (!pac_kdc_sig) { + pac_data-pac_kdc_sig = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); + if (!pac_data-pac_kdc_sig) { talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } @@ -78,13 +84,16 @@ static NTSTATUS test_generate_session_info_pac(struct auth4_context *auth_ctx, *pac_blob, smb_krb5_context-krb5_context, user_info_dc, - pac_srv_sig, - pac_kdc_sig); + pac_data-pac_srv_sig, + pac_data-pac_kdc_sig); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } + talloc_steal(pac_data, pac_data-pac_srv_sig); + talloc_steal(pac_data, pac_data-pac_kdc_sig);
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7c6713e tdb2: make --enable-tdb2 the default. via e1665c9 tdb2: add -1 and -2 options to tdbtorture via 1023082 tdb2:tdbtorture: use TEST_DATA_PREFIX for files via 45ae436 tdb2: name tools the same as TDB1 tools. via 23f1f5e tdb2: tools/tdb2backup via 641beb3 samdb: use compat wrappers for tdb_fetch(). via dd1d573 tdb_compat: only use hashsize attribute when O_CREAT via ae62d46 ldb_wrap.c: fix TDB2-incompatible API usage. via efbf52b tdb2: copy tdb1's changed expansion logic. via 205e198 tdb2: careful on wrap. from 697a6e9 auth: provide private pointer and do not return original PAC signatures http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7c6713e78ff22ebf0aa1caa10697bad9d4cc885e Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 15:59:18 2012 +1030 tdb2: make --enable-tdb2 the default. We still use the tdb1 on-disk format, but we do so via the tdb2 library. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Autobuild-User: Rusty Russell ru...@rustcorp.com.au Autobuild-Date: Mon Jan 30 08:02:43 CET 2012 on sn-devel-104 commit e1665c94ac290e030321f7d243e3e70661874778 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 15:59:16 2012 +1030 tdb2: add -1 and -2 options to tdbtorture (For now, -1 is the default). commit 10230829df5c5624edaa5fabaf84c9ac5bc31285 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 15:31:05 2012 +1030 tdb2:tdbtorture: use TEST_DATA_PREFIX for files TDB2 version of commit b83672b36c1ea8c35833c40c3919b63809f16624. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 45ae436b19925930b4a60fd8078edcec9ef45e96 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 10:07:18 2012 +1030 tdb2: name tools the same as TDB1 tools. Otherwise, when we switch everyone's scripts will break (including our own tests!). Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 23f1f5e0e3516092c47e942c03cef42f4256bf2a Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 10:07:17 2012 +1030 tdb2: tools/tdb2backup Minor changes from tdb/tools/tdbbackup.c. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 641beb35bff243bab5651a1cab8aa4b305ecefa4 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 10:07:17 2012 +1030 samdb: use compat wrappers for tdb_fetch(). TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() - tdb_errorstr_compat(). Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit dd1d57370d6d83473a7ada3ceb8d250d357ff429 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 10:06:55 2012 +1030 tdb_compat: only use hashsize attribute when O_CREAT tdb2 complains if you specify a tdb1 hashsize, and you're not actually trying to create a new database. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit ae62d46a9fcfee9db177ddb3d0f1f2c28c889a35 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 09:25:50 2012 +1030 ldb_wrap.c: fix TDB2-incompatible API usage. Auditing revealed one place still expecting a -1 return on failure: tdb2 returns the (negative) errcode directly, so the portable way to do this is to check for != 0. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit efbf52b4fe62eeed085961d7e2689b869bae63dc Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 09:24:50 2012 +1030 tdb2: copy tdb1's changed expansion logic. TDB2 uses the same expansion logic as TDB1, which got factored out recently. So update TDB2 to match. Signed-off-by: Rusty Russell ru...@rustcorp.com.au (Imported from CCAN commit c438ec17d7b2efe76e56e5fc5ab88bd4a02735e8) commit 205e198471a481b849d05b5756261f1739c0c8b2 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jan 30 09:23:50 2012 +1030 tdb2: careful on wrap. It's much harder to wrap a 64-bit tdb2 than a 32-bit tdb1, but we should still take care against bugs. Also, we should *not* cast the length to a size_t when comparing it to the stat result, in case size_t is 32 bit. Signed-off-by: Rusty Russell ru...@rustcorp.com.au (Imported from CCAN commit 6f7cb26e589cea081e71c59801eae87178967861) --- Summary of changes: lib/ldb-samba/ldb_wrap.c |2 +- lib/tdb2/check.c |4 +- lib/tdb2/free.c| 57 + lib/tdb2/io.c | 29 +++-- lib/tdb2/open.c|2 +-