Re: [Samba] I cannot access my shares in samba4 alpha 19
You did!?: Just browse to your share as administrator from a windows client. Right click on file or folder/share and select Properties from the Context Menu. From the Security tab click Edit. Select a user or group from the permission (top) window. Now under the Permission section you can check the rights which you want to grant --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von timothy mcdaniel Gesendet: Dienstag, 10. April 2012 00:58 An: samba@lists.samba.org Betreff: [Samba] I cannot access my shares in samba4 alpha 19 I cannot access my shares in samba4 alpha 19, I get a element not found error message when I try to go to my server in windows explorer when they are mapped as network drives they work fine but when I try to access them from the \\your.realm.com it gives me the element not found error message also when I try to access the shares through \\your.realm.com I can access netlogon and sysvol fine but the other shares I cannot access because it gives me the above error message(element not found). could someone please help me fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
Le Mon, 9 Apr 2012 10:02:20 -0700 vous écriviez: I think it's seen a lot of improvements recently w.r.t. multiple outstanding reads/writes, but I'm not sure what kernel version this went into. Dramatic improvement indeed: kernel 2.6.35 writing with dd if=/dev/zero bs=1M: 1073741824 octets (1,1 GB) copés, 15,393 s, 69,8 MB/s reading with dd: 2147483648 octets (2,1 GB) copiés, 62,5917 s, 34,3 MB/s kernel 3.2.14 writing: 1073741824 octets (1,1 GB) copiés, 9,83073 s, 109 MB/s reading: 2147483648 octets (2,1 GB) copiés, 18,2867 s, 117 MB/s read This was done with the same client and the same server. The client simply was rebooted from a kernel to the other. cheers! -- Emmanuel Florac | Direction technique | Intellique | eflo...@intellique.com | +33 1 78 94 84 02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap config range problem
Hi everyone after upgrading to the current samba version I found some idmap uid deprecated messages in my logs or when I used smbstatus. I found out I need to use idmap config now. Now my questions; - when setting idmap config * : range = 1000 - 2000 I get following log messages: no backend defined for idmap config DOM idmap range not specified for domain DOM wbinfo --allocate-uid works net rpc user add works too - when I set idmap config DOM : range = 1000 - 2000 idmap config DOM : backend = tdb I get tons of log messages saying idmap range not specified for domain * wbinfo --allocate-uid: failed to call wbcAllocateUid: WBC_ERR_DOMAIN_NOT_FOUND - when I set idmap config * : range = 12000 - 2 idmap config DOM : range = 9 - 9 idmap config DOM : backend = tdb log message: nothing wbinfo --allocate-uid: failed to call wbcAllocateUid: WBC_ERR_DOMAIN_NOT_FOUND Could not allocate a uid net rpc user add name: Failed to add user 'name' with error: A device attached to the system is not functioning.. After these changes and before restarting winbindd I deleted the winbindd-idmap.tdb file. This gave the log message: Upgrading winbindd_idmap.tdb from an old version After reading the man page I understood that the first version should be sufficient. But apparently it's not - though it's still the best working solution. The howtos on the samba page still use the old idmap gid range version. I could not find anything on this. Anyway how do I know which name for DOM do I need to use? I use samba 3.6.3 from debian squeeze-backports and debian stable. my smb.conf: [global] workgroup = DOM netbios name = DOMServer interfaces = eth0 127.0.0.1 bind interfaces only = true server string = DOM Samba Server # domain settings domain master = yes domain logons = yes # become local master browser os level = 100 preferred master = yes # maybe wins support - needs changes to dhcp server wins support = no # ldap settings passdb backend = ldapsam ldap suffix = dc=domain,dc=de ldap admin dn = cn=samba,dc=domain,dc=de ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmaps ldap ssl = no ldapsam:trusted = yes ldapsam:editposix = yes # winbind settings idmap config * : range = 12000 - 2 idmap config DOM : backend = tdb idmap config DOM : range = 9 - 9 # logon logon path = \\%N\profiles\%U\%a logon script = logon.bat logon drive = i: # create mask create mask = 740 directory mode = 750 force create mode = 020 force directory mode = 020 # logging log file = /var/log/samba/log.smbd.%m log level = 1 syslog = 0 # max log size = 5000 default # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d # printing - disabled load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes time server = yes unix extensions = false # vfs module vfs_acl_xattr - all NT ACL are saved vfs object = acl_xattr Thanks for any help Regards Sebastian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trust relationship between this workstation and the primary domain failed
Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. Thanks, Clinton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, Apr 10, 2012 at 6:01 AM, Emmanuel Florac eflo...@intellique.com wrote: kernel 2.6.35 writing with dd if=/dev/zero bs=1M: 1073741824 octets (1,1 GB) copés, 15,393 s, 69,8 MB/s kernel 3.2.14 writing: 1073741824 octets (1,1 GB) copiés, 9,83073 s, 109 MB/s that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
Le Tue, 10 Apr 2012 08:26:48 -0500 Chris Weiss cwe...@gmail.com écrivait: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Most distros have recent kernels available in their repositories AFAIK. I personnally prefer to compile my own kernels from vanilla unpatched source. BTW I've tested with 3.1.10 too, and it falls in between 2.6.35 and 3.2 : writes fast at 100 MB/s like 3.2 but reads slowly at 35 MB/s like 2.6.35. -- Emmanuel Florac | Direction technique | Intellique | eflo...@intellique.com | +33 1 78 94 84 02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 7:47 AM On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 6:01 AM, Emmanuel Florac eflo...@intellique.com wrote: kernel 2.6.35 writing with dd if=/dev/zero bs=1M: 1073741824 octets (1,1 GB) copés, 15,393 s, 69,8 MB/s kernel 3.2.14 writing: 1073741824 octets (1,1 GB) copiés, 9,83073 s, 109 MB/s that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.comwrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements = Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the root user. Changes: o Stefan Metzmacher me...@samba.org *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). ## Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.4.html http://www.samba.org/samba/ftp/history/samba-3.5.14.html http://www.samba.org/samba/ftp/history/samba-3.4.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 15:43:53 +0200 Emmanuel Florac eflo...@intellique.com wrote: Le Tue, 10 Apr 2012 08:26:48 -0500 Chris Weiss cwe...@gmail.com écrivait: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Most distros have recent kernels available in their repositories AFAIK. I personnally prefer to compile my own kernels from vanilla unpatched source. BTW I've tested with 3.1.10 too, and it falls in between 2.6.35 and 3.2 : writes fast at 100 MB/s like 3.2 but reads slowly at 35 MB/s like 2.6.35. That's because async write support went in first (3.0?) and then async read support went into 3.2 or 3.3. 3.4 will get async write support for strictcache writes (when the client doesn't have an oplock and is writing around the cache). I'm currently working on a set of patches to do async reads around the cache as well when we don't have an oplock, and at that point I'll propose to make strictcache the default (as the protocol mandates). -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 16:36:56 +0200 Volker Lendecke volker.lende...@sernet.de wrote: On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. The patches involved here are pretty invasive. Backporting them is not for the faint-of-heart. Async write support went into RHEL 6.2. So far, no one has piped up to request async read support in RHEL6 yet, but we may backport it there at some point if someone requests it. -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 9:09 AM On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.com wrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. Please forget my advice. I thought you had a different problem. I should not reply to posts while distracted.. I do not know how to solve your issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID/GID mapping consistency across at least two Linux machines
On 09/04/12 21:00, Gaiseric Vandal wrote: On 04/09/12 13:11, bakytn wrote: I found this: http://lists.samba.org/archive/samba/2004-January/078411.html How to implement a scenario? Are you using winbind for idmapping? The files you want may be /var/samba/locks (check testparm -v for the locks and cache directories.) Look at the winbind*tdb and idmap*tdb files. tdbdump will show you what is in them. Hi I've never understood why we have to use winbind when using Linux clients. It seems a complicated way to go about uid/gid mapping. All we do is add posixAccount, uidNumber and gidNumber +any of other 2307 stuff you may need to the user record in LDAP. Maybe the problem before has been with the poor performance of nss-ldap. But with the new nss-ldapd nslcd, the user and group mapping is perfect and very fast. It's just as good as reading from a local file even on a busy lan. HTH Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID/GID mapping consistency across at least two Linux machines
On 04/10/12 12:29, steve wrote: On 09/04/12 21:00, Gaiseric Vandal wrote: On 04/09/12 13:11, bakytn wrote: I found this: http://lists.samba.org/archive/samba/2004-January/078411.html How to implement a scenario? Are you using winbind for idmapping? The files you want may be /var/samba/locks (check testparm -v for the locks and cache directories.) Look at the winbind*tdb and idmap*tdb files. tdbdump will show you what is in them. Hi I've never understood why we have to use winbind when using Linux clients. It seems a complicated way to go about uid/gid mapping. All we do is add posixAccount, uidNumber and gidNumber +any of other 2307 stuff you may need to the user record in LDAP. Maybe the problem before has been with the poor performance of nss-ldap. But with the new nss-ldapd nslcd, the user and group mapping is perfect and very fast. It's just as good as reading from a local file even on a busy lan. HTH Cheers, Steve Winbind mapping should not be necessary on domain controllers, except if you have domain trusts. I have ldap backend so my LDAP users have both unix and samba attributes.Samba member servers are a little trickier, when settings permissions from a Windows client. The server does need some sort of idmap to connect the samba account to the local unix account. I had to use ldap backend for idmap to make sure the idmapping was consistent on samba member server. In theory the idmap_nss backend should do this, but I don't think it was available in samba 3.0.x.I haven't had much luck with it in samba 3.4 or 3.5. I found it easier just to make sure that my primary file servers were also DC's. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Further information can be found in the security advisory: http://www.samba.org/samba/security/CVE-2012-1182 Patches for older versions are available at http://www.samba.org/samba/history/security.html. This defect has been tracked in the following bug report: https://bugzilla.samba.org/show_bug.cgi?id=8815. On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote: Release Announcements = Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the root user. Changes: o Stefan Metzmacher me...@samba.org *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). ## Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.4.html http://www.samba.org/samba/ftp/history/samba-3.5.14.html http://www.samba.org/samba/ftp/history/samba-3.4.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID/GID mapping consistency across at least two Linux machines
On 10/04/12 18:45, Gaiseric Vandal wrote: On 04/10/12 12:29, steve wrote: On 09/04/12 21:00, Gaiseric Vandal wrote: On 04/09/12 13:11, bakytn wrote: Winbind mapping should not be necessary on domain controllers, except if you have domain trusts. I have ldap backend so my LDAP users have both unix and samba attributes. That's what we have too. Samba member servers are a little trickier, when settings permissions from a Windows client. The server does need some sort of idmap to connect the samba account to the local unix account. But you wouldn't need local accounts for network users would you? Or at least we don't. They can use either a windows client or a Linux client. None of them are attached to any box locally. All the windows and linux data is stored centrally in LDAP. The windows clients pull the sid and whatever else they need and the Linux clients use nss-ldapd to automagically pull the 2307 stuff that they need. Having said that, this is quite a simple setup of a heterogeneous lan under 3.6. If the post is about 2 or more linux machines then that ought to do it I think. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID/GID mapping consistency across at least two Linux machines
Would you recommend me to use IDMAP_RID with Winbind? I don't have domain trusts (which is required to be off when using rid). It's a small domain with about 300 users at the very maximum. Also..if I just add idmap backend = idmap_rid:DOMAIN=2000-1 What would change? Would it mess my current UID/GID's??? -- View this message in context: http://samba.2283325.n4.nabble.com/UID-GID-mapping-consistency-across-at-least-two-Linux-machines-tp4543255p4546516.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RESOLVED CTDB and Pacemaker - last mile!!! - CTDB complains cluster IP is not a public address
On Mon, 04/09/2012 02:47 PM, Dale Schroeder lt;d...@briannassaladdressing.comgt; wrote: On 04/05/2012 5:13 PM, Errol Neal wrote: Errol Neal wrote: This project has been on my bucket list for a long time with a higher priority than say visiting Japan :) For the last several days, I've been knee deep in XCP, OCFS2, Samba, CTDB and Pacemaker; trying to get all these technologies to coalesce into one solution, and I think I'm at the last mile. I finally have two debian squeeze VMs (BIM AND BAM) on XCP 1.0 that are running Samba 3.6 in an HA configuration! But I have one small problem.. when I connect to a share on the cluster IP (pacemaker IPaddr2 resource), I get an access denied and an error in log.ctdb: SNIP The problem was my smb.conf file. I changed my idmap config to be idmap config * versus FOO and my idmap config backend to be tdb. The symptoms were that wbinfo -u and -g were returning groups and users, but getent wasn't and wbinfo -i wasn't working either.. Hope this helps someone in the future. Errol, Your listed symptoms regarding the results of wbinfo and getent are quite similar to this: https://bugzilla.samba.org/show_bug.cgi?id=8676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 The idmap_ad backend has not been previously mentioned, and you're using ctdb, still I can't help but wonder if you are seeing another manifestation of this bug. Do you think that's a reasonable possibility? Dale Hi Dale. I read that bug and it is what prompted me to make the changes. The fella at the end commented about how is configuration was working so I just modeled the relevant parts of my config after his. So to answer your question, I do believe that it is possible I was hitting that bug. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On 03:06:34 wrote Stan Hoeppner: On 4/10/2012 9:36 AM, Volker Lendecke wrote: On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: that's dramatic! what needs done (from a user POV) to get this backported into Stable distro kernels? suggestions? Wait until the next major releases pick it up. that's a really crappy option. in certain cases that could be 4 years from now. Well, if you are an important enough RH customer you might be able to apply pressure. But that's a LOT of money probably. Same for SuSE. Debian will likely be very resistant against that kind of bribery^Wincentive. Debian already has 3.2.6 available in the stable repo: $ aptitude search linux-image ... i linux-image-3.2.6 - Linux kernel, version 3.2.6 ... I don't know what is in your sources.list According to packages.debian.org that's not true :-) . There is kernel 3.2.0 in backports, that's all, as usual. http://packages.debian.org/search?suite=allarch=anysearchon=nameskeywords=linux-image-3.2 Perhaps this site is not up to date ;-) -- Regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA 3.5.11 joined to Active Directory not asking for login and password denying user access
I have SAMBA machine successfully joined to Active Directory domain. security is set to ads. I am using one share as a folder redirection container like /mnt/profiles/USERNAME where they are configured in the Group Policy as Folder Redirection target. It all working just great. So people can see their own files etc. For example when they are logged in Windows machine and they can access their files. My issue is that when I go to \\sambahost\profiles\USERNAME from some other machine on the network it's not allowing me to see USERNAME's files. Just showing me that access is denied. What I expect is to ask me for login and password. -- View this message in context: http://samba.2283325.n4.nabble.com/SAMBA-3-5-11-joined-to-Active-Directory-not-asking-for-login-and-password-denying-user-access-tp4543070p4543070.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA 3.5.11 joined to Active Directory not asking for login and password denying user access
here is my smb.conf is needed. [global] workgroup = WORK realm = WORK.LOCAL preferred master = no server string = SAMBA security = ADS encrypt passwords = yes log level = 1 log file = /var/log/samba/log.%m max log size = 1000 idmap uid = 2000-2 idmap gid = 2000-2 template shell = /bin/bash winbind enum groups = yes winbind enum users = yes winbind separator = + winbind use default domain = Yes winbind nested groups = Yes template homedir = /mnt/files/%U syslog = 0 panic action = /usr/share/samba/panic-action %d passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [homes] comment = Home Directories valid users = %S read only = no browseable = no [profiles] comment = Profiles browseable = yes path = /mnt/files guest ok = yes read only = no create mode = 0755 force create mode = 0755 directory mask = 0700 posix locking = no hide files = /~$*/$RECYCLE.BIN -- View this message in context: http://samba.2283325.n4.nabble.com/SAMBA-3-5-11-joined-to-Active-Directory-not-asking-for-login-and-password-denying-user-access-tp4543070p4543091.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[ANNOUNCE] Samba 4.0 alpha 19 for CVE-2012-1182
We are proud to a announce another alpha release of Samba 4.0, alpha 19 THIS IS A SECURITY RELEASE for CVE-2012-1182, which impacted on Samba4 as well. What's new in Samba 4 alpha19 = Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 alpha series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. WARNINGS Samba4 alpha19 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains both the technology of Samba 3.6 (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. While binaries for the stable file server are provided in this release, for a stable, supported file server, Samba3 domain or AD domain member installation, please run a Samba 3.x release, as we are still bedding down the new single build system. Samba4 is subjected to an awesome battery of tests on an automated basis, we have found Samba 4.0 to be very stable in it's behavior. However, we still recommend against upgrading production servers from Samba 3.x release to Samba 4.0 alpha at this stage. If you are upgrading, or looking to develop, test or deploy Samba 4.0 alpha releases, you should backup all configuration and data. NEW FEATURES Samba 4.0 alpha supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0 alpha ships with two distinct file servers. The file server from the Samba 3.x series is 'smbd', and works with the binaries users would expect from that series (nmbd, winbindd, smbpasswd). Samba 4.0 also ships with a new file server, which is tuned to match the requirements of an AD domain controller. Users should not use the file server in the 'samba' binary for non-DC related tasks. A new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. CHANGES SINCE alpha18 = For a list of changes since alpha 18, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git $ git log samba-4.0.0alpha18..samba-4.0.0alpha19 Some major user-visible changes include: CVE-2012-1182: Samba4 is are affected by a vulnerability that allows remote code execution as the root user. Portability to MacOS X. By using the CC_MD5*() routines we no longer segfault on MacOS X. The source4/librpc layer has been reworked to be much more robust to connection failures. security=share in smbd has now been removed. A segfault in vfs_aio_fork for the smbd file server has been fixed ldbadd and ldbmodify now handle each ldif file in a single transaction, when modifying a local ldb. Further improvements to the dlz_bind9 and internal DNS servers. Some major but less visible changes include: Initial support for s3fs, using the smbd file server in the AD Domain controller has been added (but not yet finished, so not exposed) Samba now only uses the _FILE_OFFSET_BITS=64 API for accessing large files, not the _LARGEFILE64_SOURCE API. All Samba daemons now monitor stdin when launched in the foreground, and shutdown when stdin is closed. We also ensure that all child processes are clened up by a similar mechanism. This ensures that stray processes do not hang around, particularly in make test. Further preparation work for moving to TDB2, a new version of Samba's core TDB database. Early implementation work on the SMB 2.2 protocol client and server as the team improves and develops support these new protocols. The last of the old-style krb5 ticket handling has been removed. KNOWN ISSUES - upgradeprovision should not be run when upgrading to this release from a recent release. No important database format changes have been made since alpha16. - The BIND 9 DLZ plugin is compatible only with BIND 9.8, not BIND 9.9. - Systems with tdb or ldb installed as a system library may have difficulty building this release of Samba4. The --disable-tdb2 configure switch may be of assistance. - Installation on systems without a system iconv (and developer headers at compile time) is known to cause errors when dealing with non-ASCII characters. - In some situations, group members may not be upgraded by the samba-tool domain
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e17d12c ldb-tools: Place the whole of an ldif file in a transaction via 501d6d3 ldb: Allow access to the line number while reading ldif from a file via c484f25 ldb: Detect failures in ldb.base again via 57341c0 Revert ldb: Permit desactivation of autocomit for every ldb_xxx_ctrl function from d425a4c On advice from Jelmer and Andrew, move the blksize_t and blkcnt_t tests into libreplace to make it standalone. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e17d12c23b2f56d8d29f7ee43148be85d28154c6 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 4 15:17:32 2012 +1000 ldb-tools: Place the whole of an ldif file in a transaction This ensures that when operating ldbadd and ldbmodify against local ldb files, either an ldif file succeeds or fails as a whole. Also tests to verify that this is working correctly, and an ABI bump due to the extra (private, but exported to ldb* tools) symbol and behaviour change. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Apr 10 11:14:43 CEST 2012 on sn-devel-104 commit 501d6d3dd4e3045e069bb2f7a52cf842dd1dfa67 Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 10 17:29:11 2012 +1000 ldb: Allow access to the line number while reading ldif from a file commit c484f259c66ffcf0649dd5ab0d7c86e5c70d31af Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 4 18:52:25 2012 +1000 ldb: Detect failures in ldb.base again We need to wrap the ldb tests in the subunit blackbox helpers. We also needed to change to the right directory, or else the : file:// syntax check does not work, as samba4.png is not found. Andrew Bartlett commit 57341c0f29911d09e511c840386a35290febb9f9 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 4 12:51:00 2012 +1000 Revert ldb: Permit desactivation of autocomit for every ldb_xxx_ctrl function This reverts commit 40a4aea8918c2637703af03383f440d068820e48. Autocommit is important, as otherwise an ldb module could error out during an operation, and leave an corrupt database. Andrew Bartlett --- Summary of changes: lib/ldb/ABI/ldb-1.1.5.sigs | 257 ...pyldb-util-1.1.2.sigs = pyldb-util-1.1.5.sigs} |0 lib/ldb/common/ldb_ldif.c | 19 +- lib/ldb/include/ldb_private.h |8 + lib/ldb/tests/test-dup-2.ldif |6 + lib/ldb/tests/test-dup.ldif| 13 + lib/ldb/tests/test-generic.sh | 21 ++ lib/ldb/tests/test-modify-unmet-2.ldif |7 + lib/ldb/tests/test-modify-unmet.ldif | 15 ++ lib/ldb/tests/test-tdb-subunit.sh |7 + lib/ldb/tests/test-tdb.sh | 10 +- lib/ldb/tools/cmdline.c|1 - lib/ldb/tools/cmdline.h|1 - lib/ldb/tools/ldbadd.c | 47 +++- lib/ldb/tools/ldbdel.c |8 +- lib/ldb/tools/ldbedit.c|6 +- lib/ldb/tools/ldbmodify.c | 57 -- lib/ldb/tools/ldbutil.c| 15 +- lib/ldb/tools/ldbutil.h|6 +- lib/ldb/wscript|4 +- source4/selftest/tests.py |3 +- 21 files changed, 454 insertions(+), 57 deletions(-) create mode 100644 lib/ldb/ABI/ldb-1.1.5.sigs copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs = pyldb-util-1.1.5.sigs} (100%) create mode 100644 lib/ldb/tests/test-dup-2.ldif create mode 100644 lib/ldb/tests/test-dup.ldif create mode 100644 lib/ldb/tests/test-modify-unmet-2.ldif create mode 100644 lib/ldb/tests/test-modify-unmet.ldif create mode 100755 lib/ldb/tests/test-tdb-subunit.sh Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.1.5.sigs b/lib/ldb/ABI/ldb-1.1.5.sigs new file mode 100644 index 000..cc0f859 --- /dev/null +++ b/lib/ldb/ABI/ldb-1.1.5.sigs @@ -0,0 +1,257 @@ +ldb_add: int (struct ldb_context *, const struct ldb_message *) +ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) +ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) +ldb_attr_casefold: char *(TALLOC_CTX *, const char *) +ldb_attr_dn: int (const char *) +ldb_attr_in_list: int (const char * const *, const char *) +ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) +ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) +ldb_base64_decode:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3cca094 s3: Use talloc_get_size instead of strlen from e17d12c ldb-tools: Place the whole of an ldif file in a transaction http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3cca094514fa4488b4ea2a6747b51443ff02a4f0 Author: Volker Lendecke v...@samba.org Date: Sat Apr 7 14:17:25 2012 +0200 s3: Use talloc_get_size instead of strlen We've just talloc_asprintf'ed the fullpath, so talloc_get_size knows the strlen. Autobuild-User: Volker Lendecke v...@samba.org Autobuild-Date: Tue Apr 10 13:20:22 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/files.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index e01a92e..c71e864 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -612,7 +612,7 @@ NTSTATUS file_name_hash(connection_struct *conn, if (!fullpath) { return NT_STATUS_NO_MEMORY; } - *p_name_hash = hash(fullpath, strlen(fullpath) + 1, 0); + *p_name_hash = hash(fullpath, talloc_get_size(fullpath), 0); DEBUG(10,(file_name_hash: %s hash 0x%x\n, fullpath, -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Tue, 2012-04-10 at 11:15 +0200, Andrew Bartlett wrote: index cafc020..f07bbc9 100644 --- a/lib/ldb/include/ldb_private.h +++ b/lib/ldb/include/ldb_private.h @@ -181,4 +181,12 @@ struct ldb_val ldb_binary_decode(TALLOC_CTX *mem_ctx, const char *str); const char *ldb_options_find(struct ldb_context *ldb, const char *options[], const char *option_name); +struct ldif_read_file_state { + FILE *f; + size_t line_no; +}; Andrew, can you put this back in ldb_ldif.c and provide a getter function for the line number instead ? Let's avoid keeping spreading structures all over. +struct ldb_ldif *ldb_ldif_read_file_state(struct ldb_context *ldb, + struct ldif_read_file_state *state); + -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 0b9d59d pidl/NDR/Parser: also do range checks on the array size via 3e0e6f5 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via e94415c pidl/NDR/Parser: use helper variables for array size and length via 25f6881 pidl/NDR/Parser: remember if we already know the array length via 8e99484 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via dc9c68c pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via d15b715 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 94622ce pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via 0d45a24 WHATSNEW: Prepare release notes for 3.6.4. from 4b7fad3 WHATSNEW: Start release notes for Samba 3.6.4. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 0b9d59d256a74594e89467e5ebe4e62c25c9572e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze The last 8 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). commit 3e0e6f56a671b40b21c37838ff292fe8902889bb Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze commit e94415cf237d1e434daa5da70e6df0b4b6926bae Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze commit 25f68811af3399c6148fa5d31d932465e27a2125 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze commit 8e99484dec90690ec1e00c17580150278963e063 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze commit dc9c68c8992db8225c93043757c4d33b8814c428 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze commit d15b71523d228f78f317f44181900dbf10b52e33 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze commit 94622cea2b2f4914b4ced35e952680c20cc4985b Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze commit 0d45a24cffef841de5db2344910224e4df9bce3a Author: Karolin Seeger ksee...@samba.org Date: Sat Apr 7 15:20:25 2012 +0200 WHATSNEW: Prepare release notes for 3.6.4. Karolin --- Summary of changes: WHATSNEW.txt | 15 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 154 +++--- 2 files changed, 106 insertions(+), 63 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 92754cf..2f131e8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,25 @@ = Release Notes for Samba 3.6.4 - , 2012 + April 10, 2012 = -This is the latest stable release of Samba 3.6. +This is a security release in order to address +CVE-2012-1182 (root credential remote code execution). -Major enhancements in Samba 3.6.4 include: +o CVE-2012-1182: + Samba 3.0.x to 3.6.3 are affected by a + vulnerability that allows remote code + execution as the root user. -o Changes since 3.6.3: -o Jeremy Allison j...@samba.org +o Stefan Metzmacher me...@samba.org +*BUG 8815: PIDL based autogenerated code allows overwriting beyond of + allocated array (CVE-2012-1182). ## diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 2078f58..3676d6d 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -315,39 +315,99 @@ sub check_null_pointer() } }
[SCM] Samba Shared Repository - annotated tag samba-3.6.4 created
The annotated tag, samba-3.6.4 has been created at b79bd8d58cd198fc7a1cb7f38384e3ba20953580 (tag) tagging 0b9d59d256a74594e89467e5ebe4e62c25c9572e (commit) replaces samba-3.6.3 tagged by Karolin Seeger on Mon Apr 9 19:59:15 2012 +0200 - Log - tag samba-3.6.4 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBPgyOIbzORW2Vot+oRAli4AJ9OdamQyaD1nmILe52z7nM2ntg2HgCguB/h OKBrlWTG+7SKfxLL9uhvO2Y= =8wIj -END PGP SIGNATURE- Karolin Seeger (3): VERSION: Bump version up to 3.6.4. WHATSNEW: Start release notes for Samba 3.6.4. WHATSNEW: Prepare release notes for 3.6.4. Stefan Metzmacher (8): pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) pidl/NDR/Parser: remember if we already know the array length pidl/NDR/Parser: use helper variables for array size and length pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() pidl/NDR/Parser: also do range checks on the array size --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 566295f rerun 'make samba3-idl' via 50be426 pidl/NDR/Parser: also do range checks on the array size via 3b837d9 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via a87211b pidl/NDR/Parser: use helper variables for array size and length via 748615f pidl/NDR/Parser: remember if we already know the array length via 459c5b2 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via a67afd3 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via a74a8ed pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 31d6686 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via 6c2860d pidl:NDR/Parser: fix range() for arrays via 6c417bf WHATSNEW: Prepare release notes for 3.5.14. from 8f46865 WHATSNEW: Start release notes for 3.5.14. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 566295fa13ff4a848fea517d41bc08aee87966ac Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 18:46:44 2012 +0100 rerun 'make samba3-idl' metze The last 10 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). commit 50be4262f6001f91ade4580c2d67b38c12730d77 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze commit 3b837d94e649e8cbc24ee3ea24a9bced60f9dda8 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze commit a87211b32bfea3595627882a52c2e90bdcd3e9e8 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze commit 748615f74486076a023b498c723c0ebeff8a23bb Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze commit 459c5b271a18a25873c1965b11642aa65ea2d220 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze commit a67afd3489669afc711cf77a22740f8e1e91779e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze commit a74a8ed48f3a89d8f33ad1b1fca6533cc69aabf4 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze commit 31d668651edc6fca45d024283e211533a49c2c4e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze commit 6c2860d4cfcbf5778e410f598bd2c19b6f0afa83 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 05:41:37 2010 +0200 pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) commit 6c417bf472b8069f2b9cdf639dc8baeb246b13e2 Author: Karolin Seeger ksee...@samba.org Date: Sat Apr 7 15:57:14 2012 +0200 WHATSNEW: Prepare release notes for 3.5.14. Karolin --- Summary of changes: WHATSNEW.txt | 15 +- librpc/gen_ndr/ndr_dcerpc.c | 42 +- librpc/gen_ndr/ndr_dfs.c | 840 +++ librpc/gen_ndr/ndr_drsblobs.c| 160 ++- librpc/gen_ndr/ndr_drsuapi.c | 1031 +- librpc/gen_ndr/ndr_dssetup.c | 36 +- librpc/gen_ndr/ndr_echo.c| 54 +- librpc/gen_ndr/ndr_epmapper.c| 54 +- librpc/gen_ndr/ndr_eventlog.c| 79 +- librpc/gen_ndr/ndr_krb5pac.c | 22 +- librpc/gen_ndr/ndr_lsa.c | 276 +++-- librpc/gen_ndr/ndr_misc.c|8 +- librpc/gen_ndr/ndr_named_pipe_auth.c | 122 ++- librpc/gen_ndr/ndr_nbt.c | 78 +- librpc/gen_ndr/ndr_netlogon.c| 1789 +++ librpc/gen_ndr/ndr_ntlmssp.c | 60 +- librpc/gen_ndr/ndr_ntsvcs.c | 112 +- librpc/gen_ndr/ndr_samr.c| 182 ++- librpc/gen_ndr/ndr_schannel.c| 52 +-
[SCM] Samba Shared Repository - annotated tag samba-3.5.14 created
The annotated tag, samba-3.5.14 has been created at 20bb3bd45b58b018251dbf2d940a0697b8510c25 (tag) tagging 566295fa13ff4a848fea517d41bc08aee87966ac (commit) replaces samba-3.5.13 tagged by Karolin Seeger on Mon Apr 9 20:01:39 2012 +0200 - Log - tag samba-3.5.14 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBPgyQObzORW2Vot+oRAtSIAJ9LPjebBU1+VeZmBoEMqpMp8lU4vwCeLPG5 /Msf3J2xw8uPeUIIs1bD+oI= =yNjk -END PGP SIGNATURE- Karolin Seeger (3): VERSION: Bump version up to 3.5.14. WHATSNEW: Start release notes for 3.5.14. WHATSNEW: Prepare release notes for 3.5.14. Stefan Metzmacher (10): pidl:NDR/Parser: fix range() for arrays pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) pidl/NDR/Parser: remember if we already know the array length pidl/NDR/Parser: use helper variables for array size and length pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() pidl/NDR/Parser: also do range checks on the array size rerun 'make samba3-idl' --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated via 9123504 rerun 'make samba3-idl' via afaa5f6 pidl/NDR/Parser: also do range checks on the array size via 04355f6 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via d84758a pidl/NDR/Parser: use helper variables for array size and length via 3e89dbf pidl/NDR/Parser: remember if we already know the array length via 586c3fa pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via eb8240e pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via 102e995 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 45245f1 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via b48e41c pidl:NDR/Parser: fix range() for arrays via dd5faa1 pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer via 75aeb61 pidl: add support for [string] on fixed size arrays. via 0cc91c9 WHATSNEW: Prepare release notes for 3.4.16. from fcd2aeb WHATSNEW: Start release notes for 3.4.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 9123504f2b6f9af458510721416cb25993959a31 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 18:51:29 2012 +0100 rerun 'make samba3-idl' metze The last 12 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). commit afaa5f66a8686d5f4e371b66e846249a30e1495f Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze commit 04355f68753aeb85655b7cbd8677899db0c97764 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze commit d84758a5c8ce428ac5a3a8cb2e5b8a0e0662ac27 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze commit 3e89dbfa0dd0c8cd4bcec8ea868a401f9b132aa3 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze commit 586c3fab85cde3bd6a5141fbba3bb5fcb6b67ab5 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze commit eb8240ecb0d82a8f9b3b7c7d317c57f1aff74296 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze commit 102e9956316ac2b440bb75eb039b184a2886 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze commit 45245f10c3bd476bcb49be25bc56bb7811b85d3c Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze commit b48e41cb5541bec34333f94fc21bcd6c47018869 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 05:41:37 2010 +0200 pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) commit dd5faa13873fbdd92fa4ddd82dc69d34a73e4d1f Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 27 17:34:37 2009 +0200 pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer metze (cherry picked from commit 92791ce9a8439ac06a22afdbeb0d0fc66c32cb31) commit 75aeb61c38efe28503991834fb5181537cdffc68 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 27 15:52:16 2009 +0200 pidl: add support for [string] on fixed size arrays. midl also supports this: struct { long l1; [string] wchar_t str[16]; long l2; }; Where the wire size of str is encoded like a length_is() header: 4-byte offset == 0; 4-byte array length; The strings are zero terminated. metze (cherry picked from commit 7ccc9a6ef563cc855752b4e74152420b9be5af43) commit 0cc91c98f6d311a92aa308e9fcbac252c96d590d Author: Karolin Seeger ksee...@samba.org Date: Sat Apr 7 16:24:33 2012 +0200 WHATSNEW: Prepare release notes for 3.4.16. Karolin --- Summary of changes: WHATSNEW.txt
[SCM] Samba Shared Repository - annotated tag samba-3.4.16 created
The annotated tag, samba-3.4.16 has been created at 53dd4732d3b6c01f39e20ce5c032f1194b4475f5 (tag) tagging 9123504f2b6f9af458510721416cb25993959a31 (commit) replaces samba-3.4.15 tagged by Karolin Seeger on Mon Apr 9 20:03:06 2012 +0200 - Log - tag samba-3.4.16 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBPgyRnbzORW2Vot+oRAmvSAJ90SlugcRzK7V/RkoeCPpJLq+/OLwCfW0HU WQZ/cjYteFLGWHRNL9j+Hc0= =mPp2 -END PGP SIGNATURE- Karolin Seeger (3): VERSION: Bump version up to 3.4.16. WHATSNEW: Start release notes for 3.4.16. WHATSNEW: Prepare release notes for 3.4.16. Stefan Metzmacher (12): pidl: add support for [string] on fixed size arrays. pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer pidl:NDR/Parser: fix range() for arrays pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) pidl/NDR/Parser: remember if we already know the array length pidl/NDR/Parser: use helper variables for array size and length pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() pidl/NDR/Parser: also do range checks on the array size rerun 'make samba3-idl' --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via efcd238 Add security advisory for CVE-2012-1182. via 1031806 Announce Samba 3.6.4, 3.5.14 and 3.4.16. from 96e7213 Added Ira Cooper to Samba Team contacts. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit efcd238e39f03a89adebfc5a49e4df46753c4d62 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 10:52:50 2012 +0200 Add security advisory for CVE-2012-1182. Karolin commit 10318063237d463ba4800fe0e6d50455a15a7eb5 Author: Karolin Seeger ksee...@samba.org Date: Mon Apr 9 20:55:02 2012 +0200 Announce Samba 3.6.4, 3.5.14 and 3.4.16. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 38 generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 36 --- history/header_history.html |3 + history/samba-3.4.16.html | 41 + history/samba-3.5.14.html | 40 history/samba-3.6.4.html| 40 history/security.html | 20 ++ latest_stable_release.html |6 +- security/CVE-2012-1182.html | 99 +++ 10 files changed, 302 insertions(+), 25 deletions(-) create mode 100755 history/samba-3.4.16.html create mode 100755 history/samba-3.5.14.html create mode 100755 history/samba-3.6.4.html create mode 100644 security/CVE-2012-1182.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 667a083..47c51cf 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,30 @@ + h5a name=3.6.410 April 2012/a/h5 + p class=headlineSamba 3.6.4, 3.5.14 and 3.4.16 bSecurity Releases/b Available for Download/p + pThese are security releases in order to address a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-1182;CVE-2012-1182 (root credential remote code execution)/a./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA)./p +p +The source code can be downloaded here: +lia href=http://samba.org/samba/ftp/stable/samba-3.6.4.tar.gz;download Samba 3.6.4/a,/li +lia href=http://samba.org/samba/ftp/stable/samba-3.5.14.tar.gz;download Samba 3.5.14/a,/li +lia href=http://samba.org/samba/ftp/stable/samba-3.4.16.tar.gz;download Samba 3.4.16/a./li +/p + +p +Patches against the parents are also available: +lia href=http://samba.org/samba/ftp/patches/patch-3.6.3-3.6.4.diffs.gz;patch Samba 3.6.3/3.6.3/a,/li +lia href=http://samba.org/samba/ftp/patches/patch-3.5.13-3.5.14.diffs.gz;patch Samba 3.5.13/3.5.14/a,/li +lia href=http://samba.org/samba/ftp/patches/patch-3.4.15-3.4.16.diffs.gz;patch Samba 3.4.15/3.4.16/a./li +/p + +p +Please see the release notes for more info: +lia href=http://samba.org/samba/history/samba-3.6.4.html;release notes Samba 3.6.4/a,/li +lia href=http://samba.org/samba/history/samba-3.5.14.html;release notes Samba 3.5.14/a,/li +lia href=http://samba.org/samba/history/samba-3.4.16.html;release notes Samba 3.4.16/a./li +/p + h5a name=SMB2.2 Interop Event20 March 2012/a/h5 p class=headlineReport: Microsoft SMB2.2 Interop Event/p pA few Samba Team members recently accepted an invitation by Microsoft @@ -74,14 +101,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.11-3.5.12.diffs using GnuPG (ID 6568B7EA). The source code can be a href=http://samba.org/samba/ftp/stable/samba-3.6.1.tar.gz;downloaded now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.0-3.6.1.diffs.gz;patch against Samba 3.6.0/a is also available. See a href=http://samba.org/samba/history/samba-3.6.1.html;the release notes for more info/a./p - - h5a name=2011-snia-sdc-report26 September 2011/a/h5 - p class=headline2011 SNIA SDC Report/p - pMany Samba developers attended the recent -a href=http://www.storagedeveloper.org/Storage Developers Conference/a -including our very own a href=http://ubiqx.com/Chris Hertel/a. He was -nice enough to write a comprehensive summary with some focus on -strongSMB2.2/strong./p - - pAre you curious about the -a href=/samba/news/developers/2011-snia-sdc-report.html2011 SNIA SDC Report/a?/p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index e9af10b..eca78dd 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 10 April 2012 a href=#3.6.4Samba 3.6.4/a, a href=#3.5.143.5.14/a and a href=#3.4.163.4.16/a bSecurity Releases/b Available for Download./li + li 20 March 2012 a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 224379b pidl/NDR/Parser: also do range checks on the array size via ab55603 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via 46123de pidl/NDR/Parser: use helper variables for array size and length via 6e53b2d pidl/NDR/Parser: remember if we already know the array length via 3731359 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via b6e74db pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via 2de81df pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via aad9449 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() from 3cca094 s3: Use talloc_get_size instead of strlen http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 224379ba70a6939bd6a92012f023caeb7e43d6b7 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze Autobuild-User: Karolin Seeger ksee...@samba.org Autobuild-Date: Tue Apr 10 18:21:59 CEST 2012 on sn-devel-104 commit ab5560309afb2bad1aa02c82baeda3dbc0fc95be Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze commit 46123de7b731f4a31ced95d993df1cb0116ebc2a Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze commit 6e53b2db41af6c9ab6edd60c46bf9bee08c29c1b Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze commit 37313598af769f3e9fbe463c2abb6af1ebabfa21 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze commit b6e74db2936aaeba77a38b5ac85802b7d9bdaad3 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze commit 2de81df668e1b880d5c29c1115250ccf0e4ed617 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze commit aad9449e56b8bef658821b7cab7baf9e327ce0c2 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 154 +++--- 1 files changed, 96 insertions(+), 58 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 16ed685..8eb935b 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -321,39 +321,99 @@ sub check_null_pointer() } } -# -# parse an array - pull side -sub ParseArrayPullHeader($$) +sub ParseArrayPullGetSize($$) { my ($self,$e,$l,$ndr,$var_name,$env) = @_; - my $length; my $size; if ($l-{IS_CONFORMANT}) { - $length = $size = ndr_get_array_size($ndr, . get_pointer_to($var_name) . ); + $size = ndr_get_array_size($ndr, . get_pointer_to($var_name) . ); } elsif ($l-{IS_ZERO_TERMINATED} and $l-{SIZE_IS} == 0 and $l-{LENGTH_IS} == 0) { # Noheader arrays - $length = $size = ndr_get_string_size($ndr, sizeof(*$var_name)); + $size = ndr_get_string_size($ndr, sizeof(*$var_name)); } else { - $length = $size = ParseExprExt($l-{SIZE_IS}, $env, $e-{ORIGINAL}, + $size = ParseExprExt($l-{SIZE_IS}, $env, $e-{ORIGINAL}, check_null_pointer($e, $env, sub { $self-pidl(shift); }, return ndr_pull_error($ndr, NDR_ERR_INVALID_POINTER, \NULL Pointer for size_is()\);), check_fully_dereferenced($e, $env)); } + $self-pidl(size_$e-{NAME}_$l-{LEVEL_INDEX} = $size;); + my $array_size = size_$e-{NAME}_$l-{LEVEL_INDEX}; + + if (my $range = has_property($e, range)) { + my ($low, $high) = split(/,/, $range,
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 7a2f530 WHATSNEW: Start release notes for Samba 3.6.5. via bbf24474 VERSION: Bump version up to 3.6.5. from 0b9d59d pidl/NDR/Parser: also do range checks on the array size http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 7a2f5309d8e064e5fea66c1e723b6a0d00fbe0b1 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:16:29 2012 +0200 WHATSNEW: Start release notes for Samba 3.6.5. Karolin commit bbf24474560195f3a6d41991836d568092c0340e Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:13:53 2012 +0200 VERSION: Bump version up to 3.6.5. Karolin --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f131e8..02ed8dd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ = + Release Notes for Samba 3.6.5 + , 2012 + = + + +This is the latest stable release of Samba 3.6. + +Major enhancements in Samba 3.6.5 include: + +o + +Changes since 3.6.4: + + + +o Stefan Metzmacher me...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + = Release Notes for Samba 3.6.4 April 10, 2012 = @@ -41,8 +82,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + = Release Notes for Samba 3.6.3 diff --git a/source3/VERSION b/source3/VERSION index 50165f9..b314544 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 69cfa24 WHATSNEW: Start release notes for Samba 3.6.5. via c8cc3d5 VERSION: Bump version up to 3.6.5. via 7330bdb pidl/NDR/Parser: also do range checks on the array size via 7c3e90c pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via df3a069 pidl/NDR/Parser: use helper variables for array size and length via e24594d pidl/NDR/Parser: remember if we already know the array length via 918b165 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via ab1e69d pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via 2041a4e pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via d4df4ac pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via d2e3c05 WHATSNEW: Prepare release notes for 3.6.4. from 8852ad6 s3-winbindd Only use SamLogonEx when we can get unencrypted session keys http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 69cfa24a1647884755002e3e938ea441ba76aaf2 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:16:29 2012 +0200 WHATSNEW: Start release notes for Samba 3.6.5. Karolin (cherry picked from commit 7a2f5309d8e064e5fea66c1e723b6a0d00fbe0b1) commit c8cc3d5b7457fd0fa48eebb9ea83e66a8dc55a5a Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:13:53 2012 +0200 VERSION: Bump version up to 3.6.5. Karolin (cherry picked from commit bbf24474560195f3a6d41991836d568092c0340e) commit 7330bdbbd62a0fc69d6d193bb3f3294013e62f01 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze The last 8 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). (cherry picked from commit 0b9d59d256a74594e89467e5ebe4e62c25c9572e) commit 7c3e90c07a77e66947e89dbbdec3fb9d3178a75b Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze (cherry picked from commit 3e0e6f56a671b40b21c37838ff292fe8902889bb) commit df3a0693d7a0f49b3b3171a6a481451413b66918 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze (cherry picked from commit e94415cf237d1e434daa5da70e6df0b4b6926bae) commit e24594dd7ae4a490843aaf7d698bb40638e0d24a Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze (cherry picked from commit 25f68811af3399c6148fa5d31d932465e27a2125) commit 918b165760671c755517957aa969844a8935d4e5 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze (cherry picked from commit 8e99484dec90690ec1e00c17580150278963e063) commit ab1e69dc8c2bf81e881d37f7bc9b76a0cf1f40b7 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze (cherry picked from commit dc9c68c8992db8225c93043757c4d33b8814c428) commit 2041a4e6c52415c743f2ee5c435e5c731dbd8b1c Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze (cherry picked from commit d15b71523d228f78f317f44181900dbf10b52e33) commit d4df4ac8133f1030d17cbd2e434806ed8e4e338e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze (cherry picked from commit 94622cea2b2f4914b4ced35e952680c20cc4985b) commit d2e3c0544214f6ed061afeeb3f42dc63c7b5e61e Author: Karolin Seeger ksee...@samba.org Date: Sat Apr 7 15:20:25 2012 +0200 WHATSNEW: Prepare release notes for 3.6.4. Karolin (cherry picked from commit 0d45a24cffef841de5db2344910224e4df9bce3a) --- Summary of changes: WHATSNEW.txt | 57 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 154 +++--- source3/VERSION |2 +- 3 files changed, 149 insertions(+), 64 deletions(-) Changeset
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 1cc0306 WHATSNEW: Start release notes for Samba 3.5.15. via f6f954a VERSION: Bump version up to 3.5.15. from 566295f rerun 'make samba3-idl' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 1cc0306c14624784a4efb3d224415279b0e49d3e Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:26:01 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.15. Karolin commit f6f954a821ff57b186895b057b3def9aa40c6e39 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:24:15 2012 +0200 VERSION: Bump version up to 3.5.15. Karolin --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6d5326d..712748f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,46 @@ == + Release Notes for Samba 3.5.15 + , 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.15 include: + +o + +Changes since 3.5.14: +- + + +o Stefan Metzmacher me...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.14 April 10, 2012 == @@ -42,8 +84,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.13 diff --git a/source3/VERSION b/source3/VERSION index d6e661b..9fcfd85 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=14 +SAMBA_VERSION_RELEASE=15 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via bbec0c2 WHATSNEW: Start release notes for Samba 3.5.15. via c2e6603 VERSION: Bump version up to 3.5.15. via 1216283 rerun 'make samba3-idl' via 225bbba pidl/NDR/Parser: also do range checks on the array size via b0621c6 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via 37e0886 pidl/NDR/Parser: use helper variables for array size and length via 6944011 pidl/NDR/Parser: remember if we already know the array length via 5aabf5c pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via 2c182a6 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via a7f9c33 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 7b6fa63 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via cd002a9 pidl:NDR/Parser: fix range() for arrays via 22d4a37 WHATSNEW: Prepare release notes for 3.5.14. from c352832 Fix bug 8314] - smbd crash with unknown user. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit bbec0c29c072c818646f0225ddd9918b2b890c1d Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:26:01 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.15. Karolin (cherry picked from commit 1cc0306c14624784a4efb3d224415279b0e49d3e) commit c2e6603db7fafe411cd615618948905a5568cffc Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:24:15 2012 +0200 VERSION: Bump version up to 3.5.15. Karolin (cherry picked from commit f6f954a821ff57b186895b057b3def9aa40c6e39) commit 12162837d40b123e19fb92e3ac46d3e3d07ae6e1 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 18:46:44 2012 +0100 rerun 'make samba3-idl' metze The last 10 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). (cherry picked from commit 566295fa13ff4a848fea517d41bc08aee87966ac) commit 225bbba09101ebf65dbe97efcf494684b0bdcde6 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze (cherry picked from commit 50be4262f6001f91ade4580c2d67b38c12730d77) commit b0621c6f4f24ec99a6d8b2f41da1a1fe8ce1c5ac Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze (cherry picked from commit 3b837d94e649e8cbc24ee3ea24a9bced60f9dda8) commit 37e08868044d29f79205dbe20608f370d362bb3c Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze (cherry picked from commit a87211b32bfea3595627882a52c2e90bdcd3e9e8) commit 6944011a503e981d8f3fec8c970480f699ddeff3 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze (cherry picked from commit 748615f74486076a023b498c723c0ebeff8a23bb) commit 5aabf5cbb35769ac53febbe13953dc822a5d0bad Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze (cherry picked from commit 459c5b271a18a25873c1965b11642aa65ea2d220) commit 2c182a6b89d79aa9ef9e0660a27e8389645424d2 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze (cherry picked from commit a67afd3489669afc711cf77a22740f8e1e91779e) commit a7f9c3331c688116474aac5060df7ca2c2f49358 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze (cherry picked from commit a74a8ed48f3a89d8f33ad1b1fca6533cc69aabf4) commit 7b6fa638bd1121794af4ca12069329ca1399cd9d Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100 pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze (cherry picked from commit 31d668651edc6fca45d024283e211533a49c2c4e) commit cd002a90231673518a257cac67630376559907a7 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 05:41:37 2010 +0200 pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) (cherry picked from
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated via e93e5bd WHATSNEW: Fix typo. via de125e2 WHATSNEW: Start release notes for Samba 3.4.17. via 5a68f1e8 VERSION: Bump version up to 3.4.17. from 9123504 rerun 'make samba3-idl' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit e93e5bdb41fb28f1af5e3b072ddfd2552e58fd0c Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:33:06 2012 +0200 WHATSNEW: Fix typo. Karolin commit de125e2aef6f9b465736fa5c9fac6286d7ed6a16 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:32:16 2012 +0200 WHATSNEW: Start release notes for Samba 3.4.17. Karolin commit 5a68f1e8255318f3383b04ebc32ddd6e715cd54a Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:30:09 2012 +0200 VERSION: Bump version up to 3.4.17. Karolin --- Summary of changes: WHATSNEW.txt| 47 --- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dd400e0..41685fc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,6 +1,47 @@ == + Release Notes for Samba 3.4.17 + , 2012 + == + + +This is a security release in order to address +CVE- (). + +o + +Changes since 3.4.16 + + + +o Stefan Metzmacher me...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older versions follow: + + + == Release Notes for Samba 3.4.16 - April 10, 2011 + April 10, 2012 == @@ -42,8 +83,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older versions follow: - +-- + == Release Notes for Samba 3.4.15 diff --git a/source3/VERSION b/source3/VERSION index 756104f..5c569c6 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 209d28d WHATSNEW: Fix typo. via cee9538 WHATSNEW: Start release notes for Samba 3.4.17. via 390e8c2 VERSION: Bump version up to 3.4.17. via c0894d9 rerun 'make samba3-idl' via ffb8d8e pidl/NDR/Parser: also do range checks on the array size via 9657f7c pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() via 4932437 pidl/NDR/Parser: use helper variables for array size and length via 785e164 pidl/NDR/Parser: remember if we already know the array length via 7b711ce pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) via 994308c pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() via 82b9fe2 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() via 467845e pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() via b375838 pidl:NDR/Parser: fix range() for arrays via a3dc832 pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer via 779380d pidl: add support for [string] on fixed size arrays. via 1cb51ea WHATSNEW: Prepare release notes for 3.4.16. from 6f4316c WHATSNEW: Start release notes for 3.4.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 209d28d08f259697b39b041fa5605b7875017c79 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:33:06 2012 +0200 WHATSNEW: Fix typo. Karolin (cherry picked from commit e93e5bdb41fb28f1af5e3b072ddfd2552e58fd0c) commit cee953814fc52e7d3ea4d805b6516ade390b18bf Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:32:16 2012 +0200 WHATSNEW: Start release notes for Samba 3.4.17. Karolin (cherry picked from commit de125e2aef6f9b465736fa5c9fac6286d7ed6a16) commit 390e8c2d802f4f43784942eba1b6d0c6810494d0 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:30:09 2012 +0200 VERSION: Bump version up to 3.4.17. Karolin (cherry picked from commit 5a68f1e8255318f3383b04ebc32ddd6e715cd54a) commit c0894d92aeb527c150b0adec0a748ad3437f432c Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 18:51:29 2012 +0100 rerun 'make samba3-idl' metze The last 12 patches address bug #8815 (PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182). (cherry picked from commit 9123504f2b6f9af458510721416cb25993959a31) commit ffb8d8ed57700d7bb9b8f7b619b8f635dd0566f5 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 17:03:05 2012 +0100 pidl/NDR/Parser: also do range checks on the array size metze (cherry picked from commit afaa5f66a8686d5f4e371b66e846249a30e1495f) commit 9657f7c1e9aebece8480be20d804dd0fb284ed59 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:14:48 2012 +0100 pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze (cherry picked from commit 04355f68753aeb85655b7cbd8677899db0c97764) commit 4932437be109dee2be2b536392d9e7354962ac6f Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:13:20 2012 +0100 pidl/NDR/Parser: use helper variables for array size and length metze (cherry picked from commit d84758a5c8ce428ac5a3a8cb2e5b8a0e0662ac27) commit 785e1647d41232b1724cd4a4e82b71689f10113e Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 15:07:08 2012 +0100 pidl/NDR/Parser: remember if we already know the array length metze (cherry picked from commit 3e89dbfa0dd0c8cd4bcec8ea868a401f9b132aa3) commit 7b711ce91a01dae266e4acaa5ab6487109e1264f Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:07:47 2012 +0100 pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze (cherry picked from commit 586c3fab85cde3bd6a5141fbba3bb5fcb6b67ab5) commit 994308c556fbaf4943e0d9c71d0c1cea0ebb5fb5 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:05:39 2012 +0100 pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze (cherry picked from commit eb8240ecb0d82a8f9b3b7c7d317c57f1aff74296) commit 82b9fe2cf41e93dd9d45383c08ea6e4fb934d35d Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:12:04 2012 +0100 pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze (cherry picked from commit 102e9956316ac2b440bb75eb039b184a2886) commit 467845e9a0cfc451ff24d6363babb87329d38406 Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 15 13:09:51 2012 +0100
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6698fef Fix typo. from efcd238 Add security advisory for CVE-2012-1182. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6698fefcf5344ca056329f381bcb460e21b45e28 Author: Karolin Seeger ksee...@samba.org Date: Tue Apr 10 20:36:45 2012 +0200 Fix typo. Karolin --- Summary of changes: history/samba-3.4.16.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/history/samba-3.4.16.html b/history/samba-3.4.16.html index aaee971..25578c4 100755 --- a/history/samba-3.4.16.html +++ b/history/samba-3.4.16.html @@ -14,7 +14,7 @@ pre == Release Notes for Samba 3.4.16 - April 10, 2011 + April 10, 2012 == -- Samba Website Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ad6d518 docs-xml: fix default name resolve order (fix bug #7564) from 69cfa24 WHATSNEW: Start release notes for Samba 3.6.5. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ad6d51892597336aa162452f3944393fa5afa7c4 Author: Björn Baumbach b...@sernet.de Date: Wed Apr 4 16:58:24 2012 +0200 docs-xml: fix default name resolve order (fix bug #7564) Autobuild-User: Volker Lendecke v...@samba.org Autobuild-Date: Fri Apr 6 09:54:37 CEST 2012 on sn-devel-104 (cherry picked from commit 189b3d9b24bf553ff7096397c389f20ba99e0dfa) --- Summary of changes: docs-xml/smbdotconf/protocol/nameresolveorder.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml index 9b1ad07..662c3fb 100644 --- a/docs-xml/smbdotconf/protocol/nameresolveorder.xml +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -65,6 +65,6 @@ /description -value type=defaultlmhosts host wins bcast/value +value type=defaultlmhosts wins host bcast/value value type=examplelmhosts bcast host/value /samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 5118001 docs-xml: fix default name resolve order (fix bug #7564) from bbec0c2 WHATSNEW: Start release notes for Samba 3.5.15. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 5118001d493061a4a3ec757332f0bff5c1e056d4 Author: Björn Baumbach b...@sernet.de Date: Wed Apr 4 16:58:24 2012 +0200 docs-xml: fix default name resolve order (fix bug #7564) Autobuild-User: Volker Lendecke v...@samba.org Autobuild-Date: Fri Apr 6 09:54:37 CEST 2012 on sn-devel-104 (cherry picked from commit 189b3d9b24bf553ff7096397c389f20ba99e0dfa) (cherry picked from commit ad6d51892597336aa162452f3944393fa5afa7c4) --- Summary of changes: docs-xml/smbdotconf/protocol/nameresolveorder.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml index 9b1ad07..662c3fb 100644 --- a/docs-xml/smbdotconf/protocol/nameresolveorder.xml +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -65,6 +65,6 @@ /description -value type=defaultlmhosts host wins bcast/value +value type=defaultlmhosts wins host bcast/value value type=examplelmhosts bcast host/value /samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via b4abc44 s3-aio-fork: Fix a segfault in vfs_aio_fork via ee81564 s3-aio-fork: Fix aio_suspend event hierarchy from ad6d518 docs-xml: fix default name resolve order (fix bug #7564) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit b4abc44a370b8196c72d58a2ed4d8c9bcbc49d17 Author: Volker Lendecke v...@samba.org Date: Sat Mar 31 13:37:20 2012 +0200 s3-aio-fork: Fix a segfault in vfs_aio_fork aio_suspend does not signal the main process with a signal, it just waits. The aio_fork module does not use the signal at all, it directly calls back into the main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction violation, but the alternative would have been to use signals where they are not needed. However, in wait_for_aio_completion this bites us: With aio_fork we call handle_aio_completed twice on the same aio_ex struct: Once from the call to handle_aio_completion within the aio_fork module and once from the code in wait_for_aio_completion. This patch fixes it in a pretty bad way by introducing flag variables and more state. But the mid-term plan is to replace the posix aio calls from the vfs and do pread_send/recv and pwrite_send/recv at the vfs layer, so this will significantly change anyway. Thanks to Kirill Malkin kirill.mal...@starboardstorage.com for reporting this crash! The last 2 patches address bug #8836 (aio_fork segfaults on smbcontrol close-share). commit ee81564123be5e21b87e7003b51467180c3fdcb5 Author: Volker Lendecke v...@samba.org Date: Sat Mar 31 13:34:42 2012 +0200 s3-aio-fork: Fix aio_suspend event hierarchy We end up here multiple times. There's no real point putting the events into the child struct, at the end of this routine we need to free them anyway. --- Summary of changes: source3/modules/vfs_aio_fork.c | 32 1 files changed, 16 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 7f6a021..4891cd2 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -101,6 +101,8 @@ struct aio_child { bool dont_delete; /* Marked as in use since last cleanup */ bool cancelled; bool read_cmd; + bool called_from_suspend; + bool completion_done; }; struct aio_child_list { @@ -432,6 +434,10 @@ static void handle_aio_completion(struct event_context *event_ctx, child-retval.size); } + if (child-called_from_suspend) { + child-completion_done = true; + return; + } aio_ex = (struct aio_extra *)child-aiocb-aio_sigevent.sigev_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); TALLOC_FREE(aio_ex); @@ -827,6 +833,8 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, */ for (child = children-children; child != NULL; child = child-next) { + struct tevent_fd *event; + if (child-aiocb == NULL) { continue; } @@ -841,18 +849,16 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, continue; } - /* We're never using this event on the -* main event context again... */ - TALLOC_FREE(child-sock_event); + event = event_add_fd(ev, +frame, +child-sockfd, +EVENT_FD_READ, +handle_aio_completion, +child); - child-sock_event = event_add_fd(ev, - child, - child-sockfd, - EVENT_FD_READ, - handle_aio_completion, - child); + child-called_from_suspend = true; - while (1) { + while (!child-completion_done) { if (tevent_loop_once(ev) == -1) { goto out; } @@ -861,12 +867,6 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, errno = EAGAIN; goto out;
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6edb03e docs: remove whitespace in example samba.ldif (fix bug #8789) (cherry picked from commit 9a68a98e87e5597ba684bea3d5e6a44951e51973) from b4abc44 s3-aio-fork: Fix a segfault in vfs_aio_fork http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6edb03ed1678c4301c559e2f67c131450d3a8cfa Author: Björn Baumbach b...@sernet.de Date: Wed Apr 4 16:41:35 2012 +0200 docs: remove whitespace in example samba.ldif (fix bug #8789) (cherry picked from commit 9a68a98e87e5597ba684bea3d5e6a44951e51973) --- Summary of changes: examples/LDAP/samba.ldif |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba.ldif b/examples/LDAP/samba.ldif index b820602..891e951 100644 --- a/examples/LDAP/samba.ldif +++ b/examples/LDAP/samba.ldif @@ -153,7 +153,7 @@ olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DE 21.1.27 SINGLE-VALUE ) olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY case - IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'Ne tBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. 121.1.15{128} ) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 3bdcf32 s3-smbd: move print_backend_init() behind init_system_info() from 6edb03e docs: remove whitespace in example samba.ldif (fix bug #8789) (cherry picked from commit 9a68a98e87e5597ba684bea3d5e6a44951e51973) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 3bdcf3208c8ff1a99bc457549257af83a869b381 Author: Ralph Wuerthner ralph.wuerth...@de.ibm.com Date: Wed Apr 4 17:40:27 2012 +0200 s3-smbd: move print_backend_init() behind init_system_info() On smbd startup check_published_printers() fails with the following error messages: [2012/04/04 16:29:50.511526, 0] printing/nt_printing_ads.c:360(check_published_printers) check_published_printers: Could not create system session_info [2012/04/04 16:29:50.512101, 0] printing/nt_printing.c:102(nt_printing_init) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED check_published_printers() requires session_info to be set, but initialization of session_info in main() is done after calling print_backend_init(). Move print_backend_init() behind init_system_info(). Signed-off-by: Ralph Wuerthner ralph.wuerth...@de.ibm.com Fix bug #8845 (check_published_printers: Could not create system session_info). --- Summary of changes: source3/smbd/server.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 28bb947..8cda180 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1209,9 +1209,6 @@ extern void build_options(bool screen); if (!W_ERROR_IS_OK(registry_init_full())) exit(1); - if (!print_backend_init(smbd_messaging_context())) - exit(1); - /* Open the share_info.tdb here, so we don't have to open after the fork on every single connection. This is a small performance improvment and reduces the total number of system @@ -1228,6 +1225,9 @@ extern void build_options(bool screen); return -1; } + if (!print_backend_init(smbd_messaging_context())) + exit(1); + if (!init_guest_info()) { DEBUG(0,(ERROR: failed to setup guest info.\n)); return -1; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e538c0b s3-docs: Prepend '/' to filename argument (Bug #8826) (cherry picked from commit 6804e46811dd13cfd405f7c48a3dc2bc6501d75c) from 3bdcf32 s3-smbd: move print_backend_init() behind init_system_info() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e538c0b1f99853e2921c48db28ef32d33f4fd50d Author: SATOH Fumiyasu fumi...@osstech.co.jp Date: Mon Mar 26 19:13:12 2012 +0900 s3-docs: Prepend '/' to filename argument (Bug #8826) (cherry picked from commit 6804e46811dd13cfd405f7c48a3dc2bc6501d75c) --- Summary of changes: docs-xml/manpages-3/smbcacls.1.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/smbcacls.1.xml b/docs-xml/manpages-3/smbcacls.1.xml index 756000a..8674ecf 100644 --- a/docs-xml/manpages-3/smbcacls.1.xml +++ b/docs-xml/manpages-3/smbcacls.1.xml @@ -20,7 +20,7 @@ cmdsynopsis commandsmbcacls/command arg choice=req//server/share/arg - arg choice=reqfilename/arg + arg choice=req/filename/arg arg choice=opt-D|--delete acls/arg arg choice=opt-M|--modify acls/arg arg choice=opt-a|--add acls/arg -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fe707f6 Add a new module, aio_linux which implements Linux kernel aio support. Docs to follow. from 224379b pidl/NDR/Parser: also do range checks on the array size http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fe707f6549292ccb681ccd0c596cbd17525522f3 Author: Jeremy Allison j...@samba.org Date: Tue Apr 10 15:45:55 2012 -0700 Add a new module, aio_linux which implements Linux kernel aio support. Docs to follow. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Apr 11 02:29:04 CEST 2012 on sn-devel-104 --- Summary of changes: source3/Makefile.in|5 + source3/configure.in | 15 + .../modules/{vfs_aio_pthread.c = vfs_aio_linux.c} | 516 source3/modules/wscript_build | 10 + source3/wscript| 26 + 5 files changed, 365 insertions(+), 207 deletions(-) copy source3/modules/{vfs_aio_pthread.c = vfs_aio_linux.c} (53%) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index e1d8770..ff223d9 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -873,6 +873,7 @@ VFS_TSMSM_OBJ = modules/vfs_tsmsm.o VFS_FILEID_OBJ = modules/vfs_fileid.o VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o VFS_AIO_PTHREAD_OBJ = modules/vfs_aio_pthread.o +VFS_AIO_LINUX_OBJ = modules/vfs_aio_linux.o VFS_PREOPEN_OBJ = modules/vfs_preopen.o VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o @@ -3066,6 +3067,10 @@ bin/aio_pthread.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_AIO_PTHREAD_OBJ) @echo Building plugin $@ @$(SHLD_MODULE) $(VFS_AIO_PTHREAD_OBJ) +bin/aio_linux.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_AIO_LINUX_OBJ) + @echo Building plugin $@ + @$(SHLD_MODULE) $(VFS_AIO_LINUX_OBJ) + bin/preopen.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_PREOPEN_OBJ) @echo Building plugin $@ @$(SHLD_MODULE) $(VFS_PREOPEN_OBJ) diff --git a/source3/configure.in b/source3/configure.in index bf777a1..0470a18 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -5567,6 +5567,20 @@ if test x$samba_cv_HAVE_AIO = xyes; then x$samba_cv_msghdr_msg_acctright = xyes; then default_shared_modules=$default_shared_modules vfs_aio_fork fi + +# Check for Linux kernel aio support. + case $host_os in + *linux*) + AC_MSG_CHECKING(for Linux kernel asynchronous io support) + AC_CHECK_LIB(aio,io_submit, + [AIO_LIBS=$LIBS -laio; + AC_DEFINE(HAVE_LINUX_KERNEL_AIO, 1, Define to 1 if there is support for Linux kernel asynchronous io)], + []) + if test x$ac_cv_lib_aio_io_submit = xyes; then + default_shared_modules=$default_shared_modules vfs_aio_linux + fi +;; +esac fi # @@ -6519,6 +6533,7 @@ SMB_MODULE(vfs_tsmsm, \$(VFS_TSMSM_OBJ), bin/tsmsm.$SHLIBEXT, VFS) SMB_MODULE(vfs_fileid, \$(VFS_FILEID_OBJ), bin/fileid.$SHLIBEXT, VFS) SMB_MODULE(vfs_aio_fork, \$(VFS_AIO_FORK_OBJ), bin/aio_fork.$SHLIBEXT, VFS) SMB_MODULE(vfs_aio_pthread, \$(VFS_AIO_PTHREAD_OBJ), bin/aio_pthread.$SHLIBEXT, VFS) +SMB_MODULE(vfs_aio_linux, \$(VFS_AIO_LINUX_OBJ), bin/aio_linux.$SHLIBEXT, VFS) SMB_MODULE(vfs_preopen, \$(VFS_PREOPEN_OBJ), bin/preopen.$SHLIBEXT, VFS) SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), bin/syncops.$SHLIBEXT, VFS) SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), bin/zfsacl.$SHLIBEXT, VFS) diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_linux.c similarity index 53% copy from source3/modules/vfs_aio_pthread.c copy to source3/modules/vfs_aio_linux.c index 1cddea3..f6fa80a 100644 --- a/source3/modules/vfs_aio_pthread.c +++ b/source3/modules/vfs_aio_linux.c @@ -1,9 +1,6 @@ /* - * Simulate Posix AIO using pthreads. + * Simulate Posix AIO using Linux kernel AIO. * - * Based on the aio_fork work from Volker and Volker's pthreadpool library. - * - * Copyright (C) Volker Lendecke 2008 * Copyright (C) Jeremy Allison 2012 * * This program is free software; you can redistribute it and/or modify @@ -23,111 +20,140 @@ #include includes.h #include system/filesys.h -#include system/shmem.h #include smbd/smbd.h #include smbd/globals.h -#include lib/pthreadpool/pthreadpool.h +#include sys/eventfd.h +#include libaio.h struct aio_extra; -static struct pthreadpool *pool; -static int aio_pthread_jobid; +static int event_fd = -1; +static io_context_t io_ctx; +static int aio_linux_requestid; +static struct io_event *io_recv_events; +static struct fd_event *aio_read_event; struct aio_private_data { struct aio_private_data
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47e7013 on our way with Samba 4.0alpha20 via 8a34f61 prepare WHATSNEW for Samba 4.0alpha19 release and mark as release. via 7381863 ccan: Fix failtest on Fedora 16 as stdlib.h does not imply malloc.h via ce5ac20 remove --enable-developer from samba4-libs autobuild via f446506 remove --enable-developer from recursive waf build in autoconf build via 72b8a09 buildtools: Add --enable-debug option via 031dee3 .gitignore: ignore MYMETA.yml via 646aced build: search for talloc, tdb, tevent in non-standard system locations via f7d6089 build: Add tevent deps for users of tevent calls from fe707f6 Add a new module, aio_linux which implements Linux kernel aio support. Docs to follow. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47e7013d20d5ca4fc2b9445d8618a29e85f21f79 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 07:33:26 2012 +1000 on our way with Samba 4.0alpha20 Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Apr 11 04:04:18 CEST 2012 on sn-devel-104 commit 8a34f61b27b2de4b0672e46b2fd50f8191a880ad Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 07:32:43 2012 +1000 prepare WHATSNEW for Samba 4.0alpha19 release and mark as release. commit 73818636e01de66d7a8d98072188a60284a00d00 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 08:27:14 2012 +1000 ccan: Fix failtest on Fedora 16 as stdlib.h does not imply malloc.h The issue is that there are two different sources of the malloc prototype, and they both need to be included otherwise the failtest overrides chokes on the headers. Andrew Bartlett commit ce5ac20d1979498572d4b6f631801664a8f4a9ee Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 08:01:47 2012 +1000 remove --enable-developer from samba4-libs autobuild This will ensure everything works for end users without --enable-developer. Andrew Bartlett commit f446506608ba93303b9c671bdaacd692f72bad28 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 07:59:01 2012 +1000 remove --enable-developer from recursive waf build in autoconf build wanting to run make test does not make you a developer in need of ABI checking. Andrew Bartlett commit 72b8a0952a10c94aa0483a83bec9253b53a30e39 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 08:08:44 2012 +1000 buildtools: Add --enable-debug option commit 031dee348dbbf1c4658a0488520bacc582c4fe29 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 07:56:00 2012 +1000 .gitignore: ignore MYMETA.yml commit 646aced66543b56725b3f2f5bc061d946c109db8 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 09:36:12 2012 +1000 build: search for talloc, tdb, tevent in non-standard system locations This is needed because the s3 includes.h directly mentions these headers, but not every part of s3 depends on these directly. Andrew Bartlett commit f7d60899d6118185cc09aad52eeaf3146d577413 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 11 09:09:56 2012 +1000 build: Add tevent deps for users of tevent calls This isn't strictly required - this isn't a build break at the moment, but is a good practice to directly depend on the major libraries we use, and helps us to have more fine-grained rather than global dependencies. Andrew Bartlett --- Summary of changes: .gitignore|1 + VERSION |2 +- WHATSNEW.txt | 67 +--- buildtools/wafsamba/samba3.py | 26 ++-- buildtools/wafsamba/samba_autoconf.py |4 ++ buildtools/wafsamba/wscript |3 + lib/ccan/failtest/failtest_override.h |4 ++ script/autobuild.py | 10 ++-- source3/Makefile-smbtorture4 |2 +- source3/modules/wscript_build |6 +- 10 files changed, 79 insertions(+), 46 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitignore b/.gitignore index 09a5ee4..d8cb4e7 100644 --- a/.gitignore +++ b/.gitignore @@ -102,6 +102,7 @@ pidl/blib pidl/cover_db pidl/Makefile pidl/pm_to_blib +pidl/MYMETA.yml packaging/RHEL-CTDB/samba.spec packaging/RHEL/samba.spec packaging/RHEL/makerpms.sh diff --git a/VERSION b/VERSION index 952ff93..beab1e5 100644 --- a/VERSION +++ b/VERSION @@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # - 4.0.0alpha1 # -SAMBA_VERSION_ALPHA_RELEASE=19 +SAMBA_VERSION_ALPHA_RELEASE=20
[SCM] Samba Shared Repository - annotated tag samba-4.0.0alpha19 created
The annotated tag, samba-4.0.0alpha19 has been created at 95d36e0ac658dd161c8c0eeb34374c6bf3e55d3a (tag) tagging 8a34f61b27b2de4b0672e46b2fd50f8191a880ad (commit) replaces samba-4.0.0alpha18 tagged by Andrew Bartlett on Wed Apr 11 12:53:35 2012 +1000 - Log - samba4: tag release samba-4.0.0alpha19 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQBPhPIvz4A8Wyi0NrsRApAkAJ46d2XNkGBXKDhiBiympbVReToWxQCdFJ16 zhbXCCAJ+HfjL06A8zCGKcM= =Szvn -END PGP SIGNATURE- Alexander Bokovoy (1): s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2. Amitay Isaacs (32): upgradedns: Missing rename from upgradedns to samba_upgradedns testsuite: Replace deprecated bzero with memset s4-provision: Use state directory from lp, as it is always set dlz_bind9: This fixes the problem with adding/deleting rdataset ndr: Fix the error messages, add correct data type name ndr: Fix NDR push function for dnsp_string idl: dnsp: Add dnsp_string_list data type for TXT DNS record ndr: Add NDR pull, push, print functions for dnsp_string_list dlz_bind9: Fix handling of TXT records with multiple quoted strings idl: dnsserver: Add DNS_RPC_RECORD_STRING data type for TXT DNS record ndr: dnsserver: Add pull and push functions for DNS_RPC_RECORD_STRING provision: dns: TXT Records need a list of strings as input samba-tool: dns: Copy string data when creating DNS_RPC_RECORD samba-tool: dns: Add support for handling TXT records s4-rpc: dnsserver: Update data type for TXT DNS records upgradedns: Fix import of TXT DNS records s4-dns: Fix handling of TXT DNS Record dlz_bind9: Match PTR records as DNS names and not just strings s4-rpc: dnsserver: Fix the typo in comparing two DNS records s3-ctdb: Enable CTDB readonly support only if CTDB supports it s4-libcli: pysmb: Fix typo in secinfo_flags autobuild: Enable standalone tdb2 tests s4-dsdb: Fix the case for attribute name msDS-hasMasterNCs build: Fix build issue on OpenBSD 5.x build: Do not use --export-dynamic flag on OpenBSD 5.x s4-upgradedns: Allow fixing of dns provision after domain join s4-rpc: dnsserver: Fix IPv6 reverse zone handling s4-upgradedns: Add DNS partitions in msDS-hasMasterNCs in NTDS settings s4-upgradedns: Make sure the attribute exists before accessing it lib/tdb: Add/expose lock functions to support CTDB lib/tdb: Update ABI s4-upgradedns: Fix the fqdn for forest dns zone Andreas Schneider (20): s4-python: Remove execute flag of upgradehelpers.py. s4-python: Remove env from non-executable samba scripts. s4-python: Remove execute flag from netcmd scripts. s4-python: Remove env from non-executable netcmd scripts. s4-python: Remove env from non-executable test scripts. s4-python: Remove execute flag from ndrdump blackbox script. s4-python: Remove env from non-executable blackbox test scripts. s4-python: Remove execute flag from non-executable rpc_talloc script. s4-python: Remove env from non-executable dcerpc scripts. s4-python: Remove env from non-executable samba_tool scripts. s4-python: Remove env from non-executable webserver script. s4-python: Add missing python source file encoding. s3-rpc_server: Increase debug level for policy handle. s3-rpc_client: Add debug message for printer dataex errors. s3-printing: Make printer a const char *. s3-printing: Check for browseable too. s3-spoolss: Check return codes in update_dsspooler. s3-spoolss: Check return type of update_dsspooler(). waf: Add autoconf --target support. systemd: Add samba service file. Andrew Bartlett (158): on our way with Samba 4.0alpha19 s3-auth rename vuid_serverinfo to session_info s4-netlogond: Fix use of uninitialised value dns_name selftest: plugin_s4_dc can now handle kerberos properly s3-param: Align lp_{max,min}protocol with lib/param names s3-selftest: avoid running LOCAL- tests twice selftest: up the default log level in s3 s4-smb_server Remove inetd-mode samba3 hook s4-winbindd: Do not ask for a tree that we will not use selftest: Do not run chgdcpass test on the main DC selftest: skip the troublesome samba4.rpc.unixinfo test selftest: change plugin_dc to test using s3fs selftest: add more tests for plugin_s4_dc build: link heimdal krb5 against execinfo if found build: look for backtrace_symbols in libexec s3-ntlm_auth: Add --target-service and --target-hostname options s3-ntlm_auth: Wrap kerberos token in GSSAPI s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego s3-selftest: Add more tests for ntlm_auth s3-selftest: make
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0c44d46 s4:dsdb/samdb/ldb_modules/schema.c - move get_last_structural_class() into util.c via 8306212 s4:dsdb/samdb/ldb_modules/schema.c - inline get_oc_guid_from_message() to its only user via 3fa5f84 s4:dsdb - introduce a only constant-time get_last_structural_class() call via ba96b24 s4:dsdb/samdb/ldb_modules/schema.c - inline acl_check_access_on_class to its only user via 4eb0d42 s4:dsdb - move objectclass_sort() out from the objectclass LDB module into the schema code via 1777518 s4:acl LDB module - remove set but unused variables via 93f0905 s4:objectclass LDB module - remove unneeded build dependencies via 55f4275 LDB:ldb_msg.c - add another OOM check in ldb_msg_copy() via 3d886e3 s4:schema/schema_query.c - fix a comment via 35dfd79 s4:schema/schema_init.c - better use ldb_attr_cmp instead of strcasecmp via 0c2c5f2 s4:dsdb/pydsdb.c - fix indentation from 47e7013 on our way with Samba 4.0alpha20 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0c44d46f24ef69598eaef281bcb82f943655d0bc Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 22:24:16 2012 +0200 s4:dsdb/samdb/ldb_modules/schema.c - move get_last_structural_class() into util.c And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104 commit 83062125e60dd097a1a151fb35467fe55a356780 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 21:58:04 2012 +0200 s4:dsdb/samdb/ldb_modules/schema.c - inline get_oc_guid_from_message() to its only user Reduce the number of not to be shared functions in schema.c. Change it to make use of get_last_structural_class(). commit 3fa5f84d2f7bdd3747ea14453fc49eb6931eeedf Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 18:55:40 2012 +0200 s4:dsdb - introduce a only constant-time get_last_structural_class() call With the redesign of the previous patches this has become possible. commit ba96b2491e106dd9035d3b3b1f95cb81412e0847 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 12:29:58 2012 +0200 s4:dsdb/samdb/ldb_modules/schema.c - inline acl_check_access_on_class to its only user Reduce the number of not to be shared functions in schema.c. commit 4eb0d42291c61a01be3f2fa57d35872967257d9f Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 18:40:00 2012 +0200 s4:dsdb - move objectclass_sort() out from the objectclass LDB module into the schema code This allows it to be useful for the dbchecker utility in respect to object class problems. Fix up the API to only work with standardised LDB ldb_message_element structures which do allow much easier interoperations. As a consequence this leads to some changes in the objectclass module as well. commit 17775186df7893345e99d6577eb2a6be444e8b71 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 20:27:30 2012 +0200 s4:acl LDB module - remove set but unused variables commit 93f0905f073c63d51eb26b0d296ba4295ed4f5b6 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 18:48:23 2012 +0200 s4:objectclass LDB module - remove unneeded build dependencies commit 55f4275f18088838ec2b8a37d59a49368e90deb8 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 16:05:50 2012 +0200 LDB:ldb_msg.c - add another OOM check in ldb_msg_copy() commit 3d886e3e151c792685431385c9ea68e27a1d52b1 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Apr 5 21:55:07 2012 +0200 s4:schema/schema_query.c - fix a comment commit 35dfd79dcafdadcc61818975bd0719605d95cf95 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Apr 5 21:38:14 2012 +0200 s4:schema/schema_init.c - better use ldb_attr_cmp instead of strcasecmp LDB convention commit 0c2c5f24a91e365f913dbc1d369341a366ba1e17 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Apr 4 12:14:12 2012 +0200 s4:dsdb/pydsdb.c - fix indentation --- Summary of changes: lib/ldb/common/ldb_msg.c |1 + source4/dsdb/pydsdb.c|2 +- source4/dsdb/samdb/ldb_modules/acl.c | 79 +++- source4/dsdb/samdb/ldb_modules/descriptor.c |9 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 265 -- source4/dsdb/samdb/ldb_modules/schema.c | 137 - source4/dsdb/samdb/ldb_modules/util.c| 30 +++ source4/dsdb/samdb/ldb_modules/wscript_build | 16 +- source4/dsdb/schema/schema_init.c|2 +- source4/dsdb/schema/schema_query.c |