Build status as of Wed Jan 27 07:00:05 2010

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-01-26 
00:00:07.0 -0700
+++ /home/build/master/cache/broken_results.txt 2010-01-27 00:00:05.0 
-0700
@@ -1,22 +1,22 @@
-Build status as of Tue Jan 26 07:00:07 2010
+Build status as of Wed Jan 27 07:00:05 2010
 
 Build counts:
 Tree Total  Broken Panic 
 build_farm   0  0  0 
-ccache   1  0  0 
+ccache   19 13 0 
 distcc   0  0  0 
-ldb  27 27 0 
-libreplace   27 12 0 
+ldb  28 28 0 
+libreplace   29 12 0 
 lorikeet 0  0  0 
 pidl 0  0  0 
-ppp  0  0  0 
+ppp  1  0  0 
 rsync0  0  0 
 samba-docs   0  0  0 
 samba-web0  0  0 
-samba_3_current 26 26 0 
-samba_3_master 26 25 3 
-samba_3_next 26 25 3 
+samba_3_current 27 26 0 
+samba_3_master 27 26 3 
+samba_3_next 27 25 3 
 samba_4_0_test 28 27 0 
-talloc   27 10 0 
-tdb  25 17 0 
+talloc   29 10 0 
+tdb  26 17 0 
 

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  899bd00... Fix bug #7067 - Linux asynchronous IO (aio) can cause 
smbd to fail to respond to a read or write.
  from  2dd301e... Add dependency of bin/smbfilter to libwbclient.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db
Author: Jeremy Allison 
Date:   Tue Jan 26 16:51:57 2010 -0800

Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to 
respond to a read or write.

Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.

Jeremy.

---

Summary of changes:
 source3/include/smb.h |3 +-
 source3/lib/system.c  |   65 ++---
 source3/smbd/server.c |8 ++
 3 files changed, 71 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/smb.h b/source3/include/smb.h
index bc7a90d..041c96b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1723,7 +1723,8 @@ minimum length == 24.
 enum smbd_capability {
 KERNEL_OPLOCK_CAPABILITY,
 DMAPI_ACCESS_CAPABILITY,
-LEASE_CAPABILITY
+LEASE_CAPABILITY,
+KILL_CAPABILITY
 };
 
 /*
diff --git a/source3/lib/system.c b/source3/lib/system.c
index a58d903..9c1da3a 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -883,6 +883,11 @@ char *sys_getwd(char *s)
 
 #if defined(HAVE_POSIX_CAPABILITIES)
 
+/* This define hasn't made it into the glibc capabilities header yet. */
+#ifndef SECURE_NO_SETUID_FIXUP
+#define SECURE_NO_SETUID_FIXUP  2
+#endif
+
 /**
  Try and abstract process capabilities (for systems that have them).
 /
@@ -913,6 +918,32 @@ static bool set_process_capability(enum smbd_capability 
capability,
}
 #endif
 
+#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && 
defined(SECURE_NO_SETUID_FIXUP)
+/* New way of setting capabilities as "sticky". */
+
+   /*
+* Use PR_SET_SECUREBITS to prevent setresuid()
+* atomically dropping effective capabilities on
+* uid change. Only available in Linux kernels
+* 2.6.26 and above.
+*
+* See here:
+* 
http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
+* for details.
+*
+* Specifically the CAP_KILL capability we need
+* to allow Linux threads under different euids
+* to send signals to each other.
+*/
+
+   if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
+   DEBUG(0,("set_process_capability: "
+   "prctl PR_SET_SECUREBITS failed with error %s\n",
+   strerror(errno) ));
+   return false;
+   }
+#endif
+
cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
@@ -941,6 +972,11 @@ static bool set_process_capability(enum smbd_capability 
capability,
cap_vals[num_cap_vals++] = CAP_LEASE;
 #endif
break;
+   case KILL_CAPABILITY:
+#ifdef CAP_KILL
+   cap_vals[num_cap_vals++] = CAP_KILL;
+#endif
+   break;
}
 
SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));
@@ -950,16 +986,37 @@ static bool set_process_capability(enum smbd_capability 
capability,
return True;
}
 
-   cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
-   enable ? CAP_SET : CAP_CLEAR);
+   /*
+* Ensure the capability is effective. We assume that as a root
+* process it's always permitted.
+*/
+
+   if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+   enable ? CAP_SET : CAP_CLEAR) == -1) {
+   DEBUG(0, ("set_process_capability: cap_set_flag effective "
+   "failed (%d): %s\n",
+   (int)capability,
+   strerror(errno)));
+   cap_free(cap);
+   return false;
+   }
 
/* We never want to pass capabilities down to our children, so make
 * sure they are not inherited.
 */
-   cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
+   if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
+   cap_vals, CAP_CLEAR) == -1) {
+   DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
+   "failed (%d): %s\n",
+   (int)capability,
+   strerror(errn

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  137fd79... s4:winsrepl.idl: add random interface uuid
   via  601642d... s4:smbtorture: add BASE-BENCH-HOLDOPEN
  from  a0c31ec... mount.cifs: don't allow it to be run as setuid root 
program

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 137fd79f445c30b04d443288c03db2b1cc5dcba3
Author: Stefan Metzmacher 
Date:   Tue Jan 26 15:22:09 2010 +0100

s4:winsrepl.idl: add random interface uuid

This is needed to include the wrepl interface into
ndrdump.

metze

commit 601642d92369ca9c572e40aa32b5b3b53eeb8dbf
Author: Stefan Metzmacher 
Date:   Tue Jan 26 15:20:57 2010 +0100

s4:smbtorture: add BASE-BENCH-HOLDOPEN

This is useful for manual performance testing with a large
number of share mode entries.

metze

---

Summary of changes:
 source4/librpc/idl/winsrepl.idl |5 ++-
 source4/torture/basic/base.c|1 +
 source4/torture/basic/misc.c|   63 +++
 3 files changed, 68 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/idl/winsrepl.idl b/source4/librpc/idl/winsrepl.idl
index 0ec05e8..cedc70b 100644
--- a/source4/librpc/idl/winsrepl.idl
+++ b/source4/librpc/idl/winsrepl.idl
@@ -11,7 +11,10 @@
 
 import "nbt.idl";
 
-interface wrepl
+[
+   uuid("915f5653-bac1-431c-97ee-9ffb34526921"),
+   helpstring("WINS Replication PDUs")
+] interface wrepl
 {
const int WINS_REPLICATION_PORT = 42;
 
diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c
index 2c72257..ed389fb 100644
--- a/source4/torture/basic/base.c
+++ b/source4/torture/basic/base.c
@@ -1771,6 +1771,7 @@ NTSTATUS torture_base_init(void)
torture_suite_add_1smb_test(suite, "MAXIMUM_ALLOWED", 
torture_maximum_allowed);
 
torture_suite_add_simple_test(suite, "BENCH-HOLDCON", torture_holdcon);
+   torture_suite_add_1smb_test(suite, "BENCH-HOLDOPEN", torture_holdopen);
torture_suite_add_simple_test(suite, "BENCH-READWRITE", run_benchrw);
torture_suite_add_smb_multi_test(suite, "BENCH-TORTURE", run_torture);
torture_suite_add_1smb_test(suite, "SCAN-PIPE_NUMBER", run_pipe_number);
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
index a8ea88f..ab79d79 100644
--- a/source4/torture/basic/misc.c
+++ b/source4/torture/basic/misc.c
@@ -231,6 +231,69 @@ bool torture_holdcon(struct torture_context *tctx)
 }
 
 /*
+  open a file N times on the server and just hold them open
+  used for testing performance when there are N file handles
+  alopenn
+ */
+bool torture_holdopen(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+   int i, fnum;
+   const char *fname = "\\holdopen.dat";
+   NTSTATUS status;
+
+   smbcli_unlink(cli->tree, fname);
+
+   fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+   if (fnum == -1) {
+   torture_comment(tctx, "open of %s failed (%s)\n", fname, 
smbcli_errstr(cli->tree));
+   return false;
+   }
+
+   smbcli_close(cli->tree, fnum);
+
+   for (i=0;itree, tctx, &op);
+   if (!NT_STATUS_IS_OK(status)) {
+   torture_warning(tctx, "open %d failed\n", i);
+   continue;
+   }
+
+   if (torture_setting_bool(tctx, "progress", true)) {
+   torture_comment(tctx, "opened %d file\r", i);
+   fflush(stdout);
+   }
+   }
+
+   torture_comment(tctx, "\nStarting pings\n");
+
+   while (1) {
+   struct smb_echo ec;
+
+   status = smb_raw_echo(cli->transport, &ec);
+   torture_comment(tctx, ".");
+   fflush(stdout);
+   sleep(15);
+   }
+
+   return true;
+}
+
+/*
 test how many open files this server supports on the one socket
 */
 bool run_maxfidtest(struct torture_context *tctx, struct smbcli_state *cli, 
int dummy)


-- 
Samba Shared Repository

svn commit: samba-web r1361 - in trunk: .

[kseeger]

Author: kseeger
Date: 2010-01-26 08:10:26 -0700 (Tue, 26 Jan 2010)
New Revision: 1361

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1361

Log:
Announce Samba 3.5.0rc2
Karolin
Modified:
   trunk/index.html


Changeset:
Modified: trunk/index.html
===
--- trunk/index.html2010-01-19 11:08:25 UTC (rev 1360)
+++ trunk/index.html2010-01-26 15:10:26 UTC (rev 1361)
@@ -24,6 +24,38 @@
 Latest News
 
 
+26 January 2010
+Samba 3.5.0rc2 Available for Download
+
+Samba 3.5.0rc2 is now available for download.  This the second
+release candidate of the next upgrade production release version of Samba.
+It is intended for testing purposes only.  Please test and
+https://bugzilla.samba.org/";>report any bugs that you
+find. Please read the changes in the
+Release Notes
+for details on new features and difference in behavior from
+previous releases.
+
+Plans are to ship the final 3.5.0 release on February 16 if there
+are no major issues with 3.5.0rc2. Please see
+http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5";>
+Samba 3.5 Release Planning for more information on the current release
+schedule.
+
+The Samba 3.5.0rc2
+source code can be downloaded now.  The GnuPG
+signature is for the for the uncompressed tarball.
+If you prefer, the patch
+file against Samba 3.5.0rc1
+(GnuPG
+signature) is also available for download.
+Please read these instructions on
+how to verify the gpg signature.  Precompiled packages will
+be made available on a volunteer basis and can be found in the
+Binary_Packages download 
area.
+
 19 January 2010
 Samba 3.4.5 Available for Download
 
@@ -68,7 +100,7 @@
 signature is for the for the uncompressed tarball.
 If you prefer, the patch
-file against Samba 3.3.0pre2
+file against Samba 3.5.0pre2
 (GnuPG
 signature) is also available for download.
 Please read these instructions on

[SCM] Samba Shared Repository - branch v3-5-stable updated

[Karolin Seeger]

The branch, v3-5-stable has been updated
   via  6e42522... WHATSNEW: Update changes.
   via  ff7027a... s3-docs: Fix version in man ldbrename.
   via  a4e7412... s3: Enable use of ccache by default for libsmbclient
   via  b244e3e... s3-libsmbclient: Add smbc_setOptionUseCCache()
   via  ce033a7... s3: Add --use-ccache to net (cherry picked from commit 
af32a49c7d8803f597e184f1361e795f179b809f)
   via  b2c393a... s3: add libnetapi_set_use_ccache() (cherry picked from 
commit b99ab82ebab598b45eb6729498c9e67b195e698d)
   via  e2e48df... s3: Fix a bug in net's use of popt
   via  a97d76b... s3: Enable -C in rpcclient (cherry picked from commit 
2aca69ef0df02e655125d9db31e1f0144d21a144)
   via  a361992... s3: Add CLI_FULL_CONNECTION_USE_CCACHE (cherry picked 
from commit 36854ea0aa260dfe23f77825e942f5b3905d396d)
   via  f3428ec... s3: Use -C in smbclient
   via  1fcfa0b... s3: Add -C (--use-ccache) to popt_common_credentials 
(cherry picked from commit 58ebc50663a299e16684aa24cfae95954d5a14f0)
   via  bef877a... s3: Add ccache use to cli_session_setup_ntlmssp (cherry 
picked from commit e06abe412f78b58f36998037637d1b3478fdc477)
   via  7928241... s3: Add NTLMSSP_FEATURE_CCACHE
   via  dc3e7f7... libwbclient: Actually implement wbcCredentialCache() 
(cherry picked from commit 7ab798d141bf715808fa0941f19422069e65fa0e)
   via  2643ff4... s3: Add the session key to the ccache_ntlm_auth response 
(cherry picked from commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896)
   via  b444541... s3: Add wbinfo --ccache-save
  from  43c03a6... lib/popt: Fix typo in README.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable


- Log -
commit 6e4252217a6f239a64afc5103d6416c402e5e10f
Author: Karolin Seeger 
Date:   Tue Jan 26 14:58:45 2010 +0100

WHATSNEW: Update changes.

Karolin
(cherry picked from commit 048adb50d83a3928820e6607451d582696cd7cc7)

commit ff7027abcba3bfc69f068da2a8c3b0792c72e870
Author: Karolin Seeger 
Date:   Tue Jan 26 14:19:31 2010 +0100

s3-docs: Fix version in man ldbrename.

Karolin
(cherry picked from commit 77bb3f2a5596c84e99b9006d2a31a752c68ab34a)

commit a4e7412578752a03a10d5c6a95221cba8c7bb077
Author: Volker Lendecke 
Date:   Tue Jan 26 10:51:32 2010 +0100

s3: Enable use of ccache by default for libsmbclient

Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, 
which
has the advantage over an smb.conf option to be easily settable per
application.
(cherry picked from commit 0e8552abc1b48e62aaac3cab7c13c8dea60c9f9b)

commit b244e3ec83d508c4515dd0987c2880117ae9119f
Author: Volker Lendecke 
Date:   Sun Jan 24 19:24:10 2010 +0100

s3-libsmbclient: Add smbc_setOptionUseCCache()

Can we enable this by default? This would be a change in behaviour, but this
feature is just too cool for everyone to catch up in the apps.

The patch would be
(cherry picked from commit 9698c214624678125551f2d65b95deb29ea72b64)

commit ce033a724aff9bf587e8b3ba02e3010b565f3912
Author: Volker Lendecke 
Date:   Sun Jan 24 18:50:48 2010 +0100

s3: Add --use-ccache to net
(cherry picked from commit af32a49c7d8803f597e184f1361e795f179b809f)

commit b2c393a4bd4c9d8a8c2f5007fa287ca0a97a0919
Author: Volker Lendecke 
Date:   Sun Jan 24 18:50:31 2010 +0100

s3: add libnetapi_set_use_ccache()
(cherry picked from commit b99ab82ebab598b45eb6729498c9e67b195e698d)

commit e2e48df6dc9efb245f4c16d46f487a065d806d99
Author: Volker Lendecke 
Date:   Sun Jan 24 18:51:58 2010 +0100

s3: Fix a bug in net's use of popt

In order to add --use-ccache to net, I added another "bool opt_ccache;" to
struct net_context. popt did not like this, it took a while to figure out 
why.
Popt has the lines

/* XXX Check alignment, may fail on funky platforms. */
if (arg == NULL || (((unsigned long)arg) & (sizeof(*arg)-1)))
return POPT_ERROR_NULLARG;

The "bool opt_ccache;" was not aligned anymore...
(cherry picked from commit 340277382518c62e23faae4af69a9c5c32b96af2)

commit a97d76b1515be57746b22413ec4bc1533feee71d
Author: Volker Lendecke 
Date:   Sun Jan 24 17:35:04 2010 +0100

s3: Enable -C in rpcclient
(cherry picked from commit 2aca69ef0df02e655125d9db31e1f0144d21a144)

commit a3619926795f2bb139e9b9a3c9c4ceb40858d38e
Author: Volker Lendecke 
Date:   Sun Jan 24 17:34:13 2010 +0100

s3: Add CLI_FULL_CONNECTION_USE_CCACHE
(cherry picked from commit 36854ea0aa260dfe23f77825e942f5b3905d396d)

commit f3428ecb6b3c640e703822592cb369c4bbe4d8fa
Author: Volker Lendecke 
Date:   Sun Jan 24 17:08:56 2010 +0100

s3: Use -C in smbclient

$ bin/wbinfo --ccache-save=w2k3ad\\vl%Password
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Win

[SCM] Samba Shared Repository - annotated tag release-3-5-0rc2 created

[Karolin Seeger]

The annotated tag, release-3-5-0rc2 has been created
at  94bf3471d9196f3bf070d73ef2fa804f09c106b2 (tag)
   tagging  6e4252217a6f239a64afc5103d6416c402e5e10f (commit)
  replaces  release-3-5-0rc1
 tagged by  Karolin Seeger
on  Tue Jan 26 15:11:54 2010 +0100

- Log -
tag release-3-5-0rc2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.12 (GNU/Linux)

iD8DBQBLXvhGbzORW2Vot+oRAhbcAKCMxgBPqfsN5HvWo7Uy4apLyvuyQACgoqqJ
c3EZUrn5lamOPpPunOw4CoI=
=tT+U
-END PGP SIGNATURE-

André Hentschel (1):
  net: Add German translation, specially for the command listing

Björn Jacke (3):
  s3/i18n/de: improve some German translations
  ѕ3/i18n/de: fix typo
  s3/net: split up some printable stings to ease i18n

Giovanni Bajo (1):
  s3-lanman: Allow a level2 descriptor for a level1 NetShareGetInfo

Günther Deschner (2):
  s3-docs: mention -K option in pdbedit manpage.
  s3-libsmbclient: Fix crash bug in SMBC_parse_path().

Jeremy Allison (7):
  Re-fix bug 5202 - cannot change ACLs on writable file with "dos 
filemode=yes"
  Fix bug #7033 - SMBrmdir call always returns true, even on failure to 
delete a directory.
  Fix two uses of strncat -> strlcat. Ensure proper use of strncpy when 
setting socket name.
  Fix bug #7036 - net rpc getsid fails in hardened windows environments.
  Fix bug #6876 - Delete of an object whose parent folder does not have 
delete rights fails even if the delete right is set on the object.
  Modification of fix for bug 6876 - Delete of an object whose parent 
folder does not have delete rights fails even if the delete right is set on the 
object
  Fix bug 7045 - Bad (non memory copying) interfaces in smbc_set calls.

Kai Blin (5):
  s3 net: Fix compile error with WITH_DNS_UPDATES
  s3 net/i18n: Use only one spelling for "Usage:"
  s3 net/i18n: update .po files
  s3 net: Fix compile warnings
  s3 net/i18n: Update .po files

Karolin Seeger (11):
  VERSION: Raise version number up to 3.5.0rc2.
  WHATSNEW: Start 3.5.0rc2 release notes.
  s3-docs: Adapt version number in man vfs_scannedonly.
  WHATSNEW: Update release notes.
  s3-docs: Fix typos.
  WHATSNEW: Update changes since 3.5.0rc1.
  WHATSNEW: Update changes.
  s3/docs: Fix typo.
  lib/popt: Fix typo in README.
  s3-docs: Fix version in man ldbrename.
  WHATSNEW: Update changes.

Michael Adam (15):
  docs: fix xml tag in the pdbedit manpage
  s3:check_sam_security: untangle assignment from statement
  s3:auth:sam_password_ok: enhance readability (imho) by adding some 
pointers
  s3:auth:sam_password_ok: fix allocation of a data blob.
  s3:auth: use data_blob_null instead of data_blob(NULL, 0) in 
sam_password_ok()
  s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not 
sampass
  s3:auth:check_sam_security: null out sampass after it has been stolen.
  s3:auth:check_sam_security: create (and use) a common exit point
  s3:auth:check_sam_security: fix a leading tab/ws mixup
  s3:auth:check_sam_security: improve calling and logging of 
pdb_update_sam_account
  s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hash
  s3:passdb: store the plain nt passwords hashes in history, not salted md5
  s3:auth:check_sam_security: introduce a bool var to control pad_pw_count 
incrementation
  s3:auth: don't update the bad pw count if pw is among last 2 history 
entries
  s3:auth: fix account unlock regression introduced with fix for bug #4347

Olivier Sessink (3):
  Bug #7028 part1
  Part 4 of bug #7028 - include scannedonly VFS module
  s3-docs: Add man page for vfs_scannedonly.

SASAJIMA Toshihiro (1):
  Fix bug #7034 - vfs_cap causes signal 11 (SIGSEGV) (cherry picked from 
commit ca847952054f5bbde1d40ad4260589b6fcc9721d)

Stefan Metzmacher (2):
  s3:smbldap: add smbldap_talloc_first_attribute()
  s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.

Volker Lendecke (33):
  s3: Lock down some srvsvc calls according to what w2k3 seems to do
  s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth()
  s3: Fix a winbind segfault in "trusted_domains"
  s3: Lift the version of the scannedonly VFS module (cherry picked from 
commit 2d4dda0688d5c88fb73ae17db970afe9d0f77f6a)
  s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server
  s3:pdb_ldap: Fix large paged search.
  s3: Avoid a memset(, 0, ) call
  s3: Fix a typo
  s3: Simplify pdb_set_plaintext_passwd() slightly
  s3: Simplify pdb_set_plaintext_passwd() a bit
  s3: Make use of talloc_array in pdb_set_plaintext_passwd()
  s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array
  s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes
  s3: Simplify pdb_set_plaintext_passwd() 

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  048adb5... WHATSNEW: Update changes.
  from  77bb3f2... s3-docs: Fix version in man ldbrename.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 048adb50d83a3928820e6607451d582696cd7cc7
Author: Karolin Seeger 
Date:   Tue Jan 26 14:58:45 2010 +0100

WHATSNEW: Update changes.

Karolin

---

Summary of changes:
 WHATSNEW.txt |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ac82c51..1a30e15 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -13,6 +13,7 @@ Major enhancements in Samba 3.5.0 include:
 General changes:
 o Add support for full Windows timestamp resolution
 o The Using Samba HTML book has been removed.
+o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind.
 
 Protocol changes:
 o Experimental implementation of SMB2
@@ -38,6 +39,12 @@ kernel (2.6.22 and higher) and the glibc (2.6 and higher).
 The Using Samba HTML book has been removed from the Samba tarball.
 It is still available at http://www.samba.org/samba/docs/using_samba/toc.html.
 
+Samba client tools like 'net', 'smbclient' and libsmbclient can use the user
+credentials cached by Winbind at logon time. This is very useful e.g. when
+connecting to a Samba server using Nautilus without re-entering username and
+password. This feature is enabled by default and can be disabled per 
application
+by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
+
 Protocol changes
 
 
@@ -105,6 +112,8 @@ o   Björn Jacke 
 o   Volker Lendecke 
 * Major internal refactoring of the Winbind daemon.
 * Make Winbind asynchronous.
+* Make 'net', 'smbclient' and libsmbclient use the logon credentials cached
+  by Winbind.
 
 
 o   Stefan Metzmacher 
@@ -159,6 +168,8 @@ o   Volker Lendecke 
 * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth().
 * BUG 7037: Fix a Winbind segfault in "trusted_domains".
 * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server.
+* BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon
+  credentials cached by Winbind.
 * Lock down some srvsvc calls according to what w2k3 seems to do.
 
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated

[Karolin Seeger]

The branch, v3-4-test has been updated
   via  69100db... s3-docs: Adapt version in man ldbrename.
   via  ba665a5... s3/docs: Add missing meta data to man ldbrename.
  from  28b3cf3... s3: Fix bug 7052: "DFS broken on AIX (maybe others)" 
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry 
picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit 69100db8c331ed15651ae52b88632d047f148ae4
Author: Karolin Seeger 
Date:   Tue Jan 26 14:28:12 2010 +0100

s3-docs: Adapt version in man ldbrename.

Karolin

commit ba665a53b3a86a56b1cf3adeccf6764291dc264b
Author: Karolin Seeger 
Date:   Thu Oct 15 12:27:24 2009 +0200

s3/docs: Add missing meta data to man ldbrename.

Avoid warnings.

Karolin
(cherry picked from commit 6a9e88e08bfa4463ce5bdc57183f6518b524c98c)
(cherry picked from commit 1a25ef232bacb59aa753fbe21fed53a996d2e6b3)

---

Summary of changes:
 docs-xml/manpages-3/ldbrename.1.xml |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/ldbrename.1.xml 
b/docs-xml/manpages-3/ldbrename.1.xml
index 391ec84..8567cd4 100644
--- a/docs-xml/manpages-3/ldbrename.1.xml
+++ b/docs-xml/manpages-3/ldbrename.1.xml
@@ -5,6 +5,9 @@
 
ldbrename
1
+Samba
+User Commands
+3.4
 
 
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  77bb3f2... s3-docs: Fix version in man ldbrename.
   via  0e8552a... s3: Enable use of ccache by default for libsmbclient
   via  9698c21... s3-libsmbclient: Add smbc_setOptionUseCCache()
   via  af32a49... s3: Add --use-ccache to net
   via  b99ab82... s3: add libnetapi_set_use_ccache()
   via  3402773... s3: Fix a bug in net's use of popt
   via  2aca69e... s3: Enable -C in rpcclient
   via  36854ea... s3: Add CLI_FULL_CONNECTION_USE_CCACHE
   via  5e91f9e... s3: Use -C in smbclient
   via  58ebc50... s3: Add -C (--use-ccache) to popt_common_credentials
   via  e06abe4... s3: Add ccache use to cli_session_setup_ntlmssp
   via  8e96e1f... s3: Add NTLMSSP_FEATURE_CCACHE
   via  7ab798d... libwbclient: Actually implement wbcCredentialCache()
   via  99f6f32... s3: Add the session key to the ccache_ntlm_auth response
   via  1ae7b07... s3: Add wbinfo --ccache-save
  from  007dbc5... lib/popt: Fix typo in README.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 77bb3f2a5596c84e99b9006d2a31a752c68ab34a
Author: Karolin Seeger 
Date:   Tue Jan 26 14:19:31 2010 +0100

s3-docs: Fix version in man ldbrename.

Karolin

commit 0e8552abc1b48e62aaac3cab7c13c8dea60c9f9b
Author: Volker Lendecke 
Date:   Tue Jan 26 10:51:32 2010 +0100

s3: Enable use of ccache by default for libsmbclient

Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, 
which
has the advantage over an smb.conf option to be easily settable per
application.

commit 9698c214624678125551f2d65b95deb29ea72b64
Author: Volker Lendecke 
Date:   Sun Jan 24 19:24:10 2010 +0100

s3-libsmbclient: Add smbc_setOptionUseCCache()

Can we enable this by default? This would be a change in behaviour, but this
feature is just too cool for everyone to catch up in the apps.

The patch would be

commit af32a49c7d8803f597e184f1361e795f179b809f
Author: Volker Lendecke 
Date:   Sun Jan 24 18:50:48 2010 +0100

s3: Add --use-ccache to net

commit b99ab82ebab598b45eb6729498c9e67b195e698d
Author: Volker Lendecke 
Date:   Sun Jan 24 18:50:31 2010 +0100

s3: add libnetapi_set_use_ccache()

commit 340277382518c62e23faae4af69a9c5c32b96af2
Author: Volker Lendecke 
Date:   Sun Jan 24 18:51:58 2010 +0100

s3: Fix a bug in net's use of popt

In order to add --use-ccache to net, I added another "bool opt_ccache;" to
struct net_context. popt did not like this, it took a while to figure out 
why.
Popt has the lines

/* XXX Check alignment, may fail on funky platforms. */
if (arg == NULL || (((unsigned long)arg) & (sizeof(*arg)-1)))
return POPT_ERROR_NULLARG;

The "bool opt_ccache;" was not aligned anymore...

commit 2aca69ef0df02e655125d9db31e1f0144d21a144
Author: Volker Lendecke 
Date:   Sun Jan 24 17:35:04 2010 +0100

s3: Enable -C in rpcclient

commit 36854ea0aa260dfe23f77825e942f5b3905d396d
Author: Volker Lendecke 
Date:   Sun Jan 24 17:34:13 2010 +0100

s3: Add CLI_FULL_CONNECTION_USE_CCACHE

commit 5e91f9eb10404a1df470fd87fc8c1cae5ea7b70c
Author: Volker Lendecke 
Date:   Sun Jan 24 17:08:56 2010 +0100

s3: Use -C in smbclient

$ bin/wbinfo --ccache-save=w2k3ad\\vl%Password
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 
R2 5.2]
smb: \>
$ bin/wbinfo --ccache-save=w2k3ad\\vl%WrongPassword
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
Anonymous login successful
Domain=[W2K3AD] OS=[Windows Server 2003 R2 3790 Service Pack 2] 
Server=[Windows Server 2003 R2 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED
$

commit 58ebc50663a299e16684aa24cfae95954d5a14f0
Author: Volker Lendecke 
Date:   Sun Jan 24 17:07:24 2010 +0100

s3: Add -C (--use-ccache) to popt_common_credentials

commit e06abe412f78b58f36998037637d1b3478fdc477
Author: Volker Lendecke 
Date:   Sun Jan 24 16:50:46 2010 +0100

s3: Add ccache use to cli_session_setup_ntlmssp

commit 8e96e1f49867d1260aa291b688fbb58e01ef2009
Author: Volker Lendecke 
Date:   Sun Jan 24 16:47:24 2010 +0100

s3: Add NTLMSSP_FEATURE_CCACHE

Uses the winbind ccache to do authentication if asked to do so

commit 7ab798d141bf715808fa0941f19422069e65fa0e
Author: Volker Lendecke 
Date:   Sun Jan 24 16:44:15 2010 +0100

libwbclient: Actually implement wbcCredentialCache()

commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896
Author: Volker Lendecke 
Date:   Sun Jan 24 16:41:30 2010 +0100

s3: Add the session key to the ccache_ntlm_auth response

commit 1ae7b074113497342f0b85223df270bdee0b07a0
Author: Volker Lendecke 
Date:   Sat Jan 9 20:20:36 2010 +0100

s3: Add wbinfo --ccache-save

 

[SCM] Samba Shared Repository - branch master updated

[Jeff Layton]

The branch, master has been updated
   via  a0c31ec... mount.cifs: don't allow it to be run as setuid root 
program
   via  a065c17... mount.cifs: check for invalid characters in device name 
and mountpoint
   via  3ae5dac... mount.cifs: take extra care that mountpoint isn't 
changed during mount
  from  7148eff... s4-smbtorture: also test smbc_getOptionUseCCache

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5
Author: Jeff Layton 
Date:   Tue Jan 26 08:15:41 2010 -0500

mount.cifs: don't allow it to be run as setuid root program

mount.cifs has been the subject of several "security" fire drills due to
distributions installing it as a setuid root program. This program has
not been properly audited for security and the Samba team highly
recommends that it not be installed as a setuid root program at this
time.

To make that abundantly clear, this patch forcibly disables the ability
for mount.cifs to run as a setuid root program. People are welcome to
trivially patch this out, but they do so at their own peril.

A security audit and redesign of this program is in progress and we hope
that we'll be able to remove this in the near future.

Signed-off-by: Jeff Layton 

commit a065c177dfc8f968775593ba00dffafeebb2e054
Author: Jeff Layton 
Date:   Tue Jan 26 08:15:41 2010 -0500

mount.cifs: check for invalid characters in device name and mountpoint

It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.

Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.

Signed-off-by: Jeff Layton 

commit 3ae5dac462c4ed0fb2cd94553583c56fce2f9d80
Author: Jeff Layton 
Date:   Tue Jan 26 08:15:41 2010 -0500

mount.cifs: take extra care that mountpoint isn't changed during mount

It's possible to trick mount.cifs into mounting onto the wrong directory
by replacing the mountpoint with a symlink to a directory. mount.cifs
attempts to check the validity of the mountpoint, but there's still a
possible race between those checks and the mount(2) syscall.

To guard against this, chdir to the mountpoint very early, and only deal
with it as "." from then on out.

Signed-off-by: Jeff Layton 

---

Summary of changes:
 client/mount.cifs.c |  107 ++
 1 files changed, 98 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/client/mount.cifs.c b/client/mount.cifs.c
index 459a9f3..9044184 100644
--- a/client/mount.cifs.c
+++ b/client/mount.cifs.c
@@ -43,7 +43,7 @@
 #include "mount.h"
 
 #define MOUNT_CIFS_VERSION_MAJOR "1"
-#define MOUNT_CIFS_VERSION_MINOR "13"
+#define MOUNT_CIFS_VERSION_MINOR "14"
 
 #ifndef MOUNT_CIFS_VENDOR_SUFFIX
  #ifdef _SAMBA_BUILD_
@@ -87,6 +87,17 @@
 #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN
 
 /*
+ * mount.cifs has been the subject of many "security" bugs that have arisen
+ * because of users and distributions installing it as a setuid root program.
+ * mount.cifs has not been audited for security. Thus, we strongly recommend
+ * that it not be installed setuid root. To make that abundantly clear,
+ * mount.cifs now check whether it's running setuid root and exit with an
+ * error if it is. If you wish to disable this check, then set the following
+ * #define to 1, but please realize that you do so at your own peril.
+ */
+#define CIFS_DISABLE_SETUID_CHECK 0
+
+/*
  * By default, mount.cifs follows the conventions set forth by /bin/mount
  * for user mounts. That is, it requires that the mount be listed in
  * /etc/fstab with the "user" option when run as an unprivileged user and
@@ -178,7 +189,7 @@ check_mountpoint(const char *progname, char *mountpoint)
struct stat statbuf;
 
/* does mountpoint exist and is it a directory? */
-   err = stat(mountpoint, &statbuf);
+   err = stat(".", &statbuf);
if (err) {
fprintf(stderr, "%s: failed to stat %s: %s\n", progname,
mountpoint, strerror(errno));
@@ -212,6 +223,29 @@ check_mountpoint(const char *progname, char *mountpoint)
return 0;
 }
 
+#if CIFS_DISABLE_SETUID_CHECK
+static int
+check_setuid(void)
+{
+   return 0;
+}
+#else /* CIFS_DISABLE_SETUID_CHECK */
+static int
+check_setuid(void)
+{
+   if (getuid() && !geteuid()) {
+   printf("This mount.cifs program has been built with the "
+   "ability to run as a setuid root program disabled.\n"
+

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  08fa573... s3: Enable use of ccache by default for libsmbclient
  from  1e2e92f... Correct fix for unused variable return from ndr_decode. 
Use it :-). Jeremy.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 08fa57335a2e1ac44764330c0d95aaf099aa0c15
Author: Volker Lendecke 
Date:   Tue Jan 26 10:51:32 2010 +0100

s3: Enable use of ccache by default for libsmbclient

Disable this by setting the environment variable LIBSMBCLIENT_NO_CCACHE, 
which
has the advantage over an smb.conf option to be easily settable per
application.

---

Summary of changes:
 source3/libsmb/libsmb_context.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index 2e56911..c44d92c 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -173,6 +173,9 @@ smbc_new_context(void)
 smbc_setOptionBrowseMaxLmbCount(context, 3);/* # LMBs to query */
 smbc_setOptionUrlEncodeReaddirEntries(context, False);
 smbc_setOptionOneSharePerServer(context, False);
+   if (getenv("LIBSMBCLIENT_NO_CCACHE") == NULL) {
+   smbc_setOptionUseCCache(context, true);
+   }
 
 smbc_setFunctionAuthData(context, SMBC_get_auth_data);
 smbc_setFunctionCheckServer(context, SMBC_check_server);


-- 
Samba Shared Repository