[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Stefan Metzmacher 
The branch, master has been updated
   via  818d518... s4-gensec: Fixed wrong usage of error_string.
  from  85598be... s4:extended_dn_out LDB module - change counter variables 
to "unsigned" where appropriate

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 818d51862c6234d0ffb08fcae6e8425907facde4
Author: Andreas Schneider 
Date:   Wed Mar 3 15:15:03 2010 +0100

s4-gensec: Fixed wrong usage of error_string.

Signed-off-by: Stefan Metzmacher 

---

Summary of changes:
 source4/auth/gensec/gensec_krb5.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/gensec_krb5.c 
b/source4/auth/gensec/gensec_krb5.c
index 3d74477..e8beb4c 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -489,7 +489,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security 
*gensec_security,
/* This ensures we lookup the correct entry in that keytab */
ret = principal_from_credentials(out_mem_ctx, 
gensec_get_credentials(gensec_security), 
 
gensec_krb5_state->smb_krb5_context, 
-&server_in_keytab, 
error_string);
+&server_in_keytab, 
&error_string);
 
if (ret) {
DEBUG(2,("Failed to make credentials from principal: 
%s\n", error_string));


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-4-test has been updated
   via  f94a377... mount.cifs: don't allow it to be run as setuid root 
program
   via  5532a5d... mount.cifs: check for invalid characters in device name 
and mountpoint
   via  c4a342c... mount.cifs: take extra care that mountpoint isn't 
changed during mount
   via  396eb03... mount.cifs: properly check for mount being in fstab when 
running setuid root (try#3)
   via  fa722e2... mount.cifs: directly include sys/stat.h in mtab.c
  from  a0254fa... Fix one of the valgrind warnings from bug #6814 - Fixes 
for problems reported by valgrind

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit f94a377fb58f7b104aa633236f3391c9af6a7b12
Author: Jeff Layton 
Date:   Tue Jan 26 08:45:58 2010 -0500

mount.cifs: don't allow it to be run as setuid root program

mount.cifs has been the subject of several "security" fire drills due to
distributions installing it as a setuid root program. This program has
not been properly audited for security and the Samba team highly
recommends that it not be installed as a setuid root program at this
time.

To make that abundantly clear, this patch forcibly disables the ability
for mount.cifs to run as a setuid root program. People are welcome to
trivially patch this out, but they do so at their own peril.

A security audit and redesign of this program is in progress and we hope
that we'll be able to remove this in the near future.

Signed-off-by: Jeff Layton 

The last 5 patches address bug #6853 (mount.cifs race that allows user to
replace mountpoint with a symlink).

commit 5532a5d5cf7cec0bb758a80e9ee74b5807088661
Author: Jeff Layton 
Date:   Tue Jan 26 08:45:58 2010 -0500

mount.cifs: check for invalid characters in device name and mountpoint

It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.

Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.

Signed-off-by: Jeff Layton 

commit c4a342cec1ced80128f82758c7a2192b23f4017a
Author: Jeff Layton 
Date:   Tue Jan 26 08:45:58 2010 -0500

mount.cifs: take extra care that mountpoint isn't changed during mount

It's possible to trick mount.cifs into mounting onto the wrong directory
by replacing the mountpoint with a symlink to a directory. mount.cifs
attempts to check the validity of the mountpoint, but there's still a
possible race between those checks and the mount(2) syscall.

To guard against this, chdir to the mountpoint very early, and only deal
with it as "." from then on out.

Signed-off-by: Jeff Layton 

commit 396eb03109400fe603c57a0a0d4bdc37c7131cf5
Author: Jeff Layton 
Date:   Tue Jan 26 08:45:57 2010 -0500

mount.cifs: properly check for mount being in fstab when running setuid 
root (try#3)

This is the third attempt to clean up the checks when a setuid
mount.cifs is run by an unprivileged user. The main difference in this
patch from the last one is that it fixes a bug where the mount might
have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set.

When mount.cifs is installed setuid root and run as an unprivileged
user, it does some checks to limit how the mount is used. It checks that
the mountpoint is owned by the user doing the mount.

These checks however do not match those that /bin/mount does when it is
called by an unprivileged user. When /bin/mount is called by an
unprivileged user to do a mount, it checks that the mount in question is
in /etc/fstab, that it has the "user" option set, etc.

This means that it's currently not possible to set up user mounts the
standard way (by the admin, in /etc/fstab) and simultaneously protect
from an unprivileged user calling mount.cifs directly to mount a share
on any directory that that user owns.

Fix this by making the checks in mount.cifs match those of /bin/mount
itself. This is a necessary step to make mount.cifs safe to be installed
as a setuid binary, but not sufficient. For that, we'd need to give
mount.cifs a proper security audit.

Since some users may be depending on the legacy behavior, this patch
also adds the ability to build mount.cifs with the older behavior.

Signed-off-by: Jeff Layton 

commit fa722e20c9f5712571f9009afed8c4e44ac11cdc
Author: Jeff Layton 
Date:   Tue Jan 26 08:45:53 2010 -0500

mount.cifs: directly include sys/stat.h in mtab.c

This file is mysteriously getting included when built via the makefile,
but when you try to build mtab.o b

[SCM] Samba Shared Repository - branch v3-5-test updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-5-test has been updated
   via  e6c856a... mount.cifs: don't allow it to be run as setuid root 
program
   via  ae24005... mount.cifs: check for invalid characters in device name 
and mountpoint
   via  a60afce... mount.cifs: take extra care that mountpoint isn't 
changed during mount
  from  cc5e6e6... s3: net_share.c: fix argc handling

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit e6c856ac84ee18a192edc3e8a6547e2e9387a1b5
Author: Jeff Layton 
Date:   Tue Jan 26 08:36:11 2010 -0500

mount.cifs: don't allow it to be run as setuid root program

mount.cifs has been the subject of several "security" fire drills due to
distributions installing it as a setuid root program. This program has
not been properly audited for security and the Samba team highly
recommends that it not be installed as a setuid root program at this
time.

To make that abundantly clear, this patch forcibly disables the ability
for mount.cifs to run as a setuid root program. People are welcome to
trivially patch this out, but they do so at their own peril.

A security audit and redesign of this program is in progress and we hope
that we'll be able to remove this in the near future.

Signed-off-by: Jeff Layton 

The last 3 patches address bug #6853 (mount.cifs race that allows user to
replace mountpoint with a symlink).

commit ae24005a5a2c165dfd9b859bf1c02b5f7e967be5
Author: Jeff Layton 
Date:   Tue Jan 26 08:36:03 2010 -0500

mount.cifs: check for invalid characters in device name and mountpoint

It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.

Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.

Signed-off-by: Jeff Layton 

commit a60afceaa71c0c9b53b2ec1014db5d09d777803d
Author: Jeff Layton 
Date:   Tue Jan 26 08:35:35 2010 -0500

mount.cifs: take extra care that mountpoint isn't changed during mount

It's possible to trick mount.cifs into mounting onto the wrong directory
by replacing the mountpoint with a symlink to a directory. mount.cifs
attempts to check the validity of the mountpoint, but there's still a
possible race between those checks and the mount(2) syscall.

To guard against this, chdir to the mountpoint very early, and only deal
with it as "." from then on out.

Signed-off-by: Jeff Layton 

---

Summary of changes:
 client/mount.cifs.c |  107 ++
 1 files changed, 98 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/client/mount.cifs.c b/client/mount.cifs.c
index 3baaad7..0b8d5b4 100644
--- a/client/mount.cifs.c
+++ b/client/mount.cifs.c
@@ -43,7 +43,7 @@
 #include "mount.h"
 
 #define MOUNT_CIFS_VERSION_MAJOR "1"
-#define MOUNT_CIFS_VERSION_MINOR "13"
+#define MOUNT_CIFS_VERSION_MINOR "14"
 
 #ifndef MOUNT_CIFS_VENDOR_SUFFIX
  #ifdef _SAMBA_BUILD_
@@ -89,6 +89,17 @@
 #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN
 
 /*
+ * mount.cifs has been the subject of many "security" bugs that have arisen
+ * because of users and distributions installing it as a setuid root program.
+ * mount.cifs has not been audited for security. Thus, we strongly recommend
+ * that it not be installed setuid root. To make that abundantly clear,
+ * mount.cifs now check whether it's running setuid root and exit with an
+ * error if it is. If you wish to disable this check, then set the following
+ * #define to 1, but please realize that you do so at your own peril.
+ */
+#define CIFS_DISABLE_SETUID_CHECK 0
+
+/*
  * By default, mount.cifs follows the conventions set forth by /bin/mount
  * for user mounts. That is, it requires that the mount be listed in
  * /etc/fstab with the "user" option when run as an unprivileged user and
@@ -179,7 +190,7 @@ check_mountpoint(const char *progname, char *mountpoint)
struct stat statbuf;
 
/* does mountpoint exist and is it a directory? */
-   err = stat(mountpoint, &statbuf);
+   err = stat(".", &statbuf);
if (err) {
fprintf(stderr, "%s: failed to stat %s: %s\n", progname,
mountpoint, strerror(errno));
@@ -213,6 +224,29 @@ check_mountpoint(const char *progname, char *mountpoint)
return 0;
 }
 
+#if CIFS_DISABLE_SETUID_CHECK
+static int
+check_setuid(void)
+{
+   return 0;
+}
+#else /* CIFS_DISABLE_SETUID_CHECK */
+static int
+check_setuid(void)
+{
+   if (getuid() && !geteuid()) {
+   printf("This mount.cifs program has be

[SCM] Samba Shared Repository - branch v3-5-test updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-5-test has been updated
   via  cb627d3... s3: Fix the build of net_afs.c with --fake-kaserver=yes, 
bug 7216
  from  e6c856a... mount.cifs: don't allow it to be run as setuid root 
program

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit cb627d3628da1da3c167de3b319cd92948e862eb
Author: Volker Lendecke 
Date:   Sat Mar 6 12:57:35 2010 +0100

s3: Fix the build of net_afs.c with --fake-kaserver=yes, bug 7216

Thanks to Geza Gemes  for filing this bug
(cherry picked from commit 5a3633faf12cdec41dc18064d5364a3fd067a22d)

---

Summary of changes:
 source3/utils/net_afs.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/net_afs.c b/source3/utils/net_afs.c
index 6aea513..26259c1 100644
--- a/source3/utils/net_afs.c
+++ b/source3/utils/net_afs.c
@@ -45,7 +45,7 @@ int net_afs_key(struct net_context *c, int argc, const char 
**argv)
}
 
if ((fd = open(argv[0], O_RDONLY, 0)) < 0) {
-   d_fprintf(stderr, _("Could not open %s\n", argv[0]));
+   d_fprintf(stderr, _("Could not open %s\n"), argv[0]);
return -1;
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  f8dba77... s4:ldb_ldap.c - fix indentation
   via  2d03011... LDB:TDB backend - change counter variables to "unsigned" 
where appropriate
   via  4a2b78a... LDB:SQLITE3 backend - change counter variables to 
"unsigned" where appropriate
   via  95d726f... LDB:LDAP backend - change a counter variable to 
"unsigned"
   via  b33a340... LDB:map - make LDB "signed-safe" on counter variables 
where appropriate
   via  7a7cb5e... s4:ldif_handlers - Change "unsigned int" to "uint32_t" 
which fits better here
  from  818d518... s4-gensec: Fixed wrong usage of error_string.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f8dba773a5174055e3c206d006317b5275481636
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 09:58:28 2010 +0100

s4:ldb_ldap.c - fix indentation

commit 2d03011858ca33ee56b4c36ac6a901850ff69864
Author: Matthias Dieter Wallnöfer 
Date:   Fri Nov 6 18:35:17 2009 +0100

LDB:TDB backend - change counter variables to "unsigned" where appropriate

commit 4a2b78a6f36d4eb2a8763464f33720936921650c
Author: Matthias Dieter Wallnöfer 
Date:   Fri Nov 6 18:35:17 2009 +0100

LDB:SQLITE3 backend - change counter variables to "unsigned" where 
appropriate

commit 95d726f3018ef5d249f89d56bde24b7ee0c24ecf
Author: Matthias Dieter Wallnöfer 
Date:   Fri Nov 6 18:35:17 2009 +0100

LDB:LDAP backend - change a counter variable to "unsigned"

commit b33a340e0a2dcf972f0e53d3ff28a17eb42e4582
Author: Matthias Dieter Wallnöfer 
Date:   Fri Nov 6 18:35:17 2009 +0100

LDB:map - make LDB "signed-safe" on counter variables where appropriate

commit 7a7cb5e9c25131e6eadc24f2e5a5a020e015731d
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 08:02:32 2010 +0100

s4:ldif_handlers - Change "unsigned int" to "uint32_t" which fits better 
here

---

Summary of changes:
 source4/lib/ldb-samba/ldif_handlers.c  |2 +-
 source4/lib/ldb/ldb_ldap/ldb_ldap.c|4 ++--
 source4/lib/ldb/ldb_map/ldb_map.c  |   16 
 source4/lib/ldb/ldb_map/ldb_map_inbound.c  |7 ---
 source4/lib/ldb/ldb_map/ldb_map_outbound.c |   26 --
 source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c  |   18 ++
 source4/lib/ldb/ldb_tdb/ldb_cache.c|   11 ++-
 source4/lib/ldb/ldb_tdb/ldb_index.c|   12 ++--
 source4/lib/ldb/ldb_tdb/ldb_search.c   |5 +++--
 source4/lib/ldb/ldb_tdb/ldb_tdb.c  |5 +++--
 source4/lib/ldb/ldb_tdb/ldb_tdb.h  |2 +-
 11 files changed, 60 insertions(+), 48 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb-samba/ldif_handlers.c 
b/source4/lib/ldb-samba/ldif_handlers.c
index b5a6630..4d7d5db 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -594,7 +594,7 @@ static int ldif_write_prefixMap(struct ldb_context *ldb, 
void *mem_ctx,
struct prefixMapBlob *blob;
enum ndr_err_code ndr_err;
char *string;
-   unsigned int i;
+   uint32_t i;
 
if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
int err;
diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c 
b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
index 4e88cc4..11edd34 100644
--- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -387,7 +387,7 @@ static int lldb_rename(struct lldb_context *lldb_ac)
struct ldb_module *module = lldb_ac->module;
struct ldb_request *req = lldb_ac->req;
char *old_dn;
-   char *newrdn;
+   char *newrdn;
char *parentdn;
int ret;
 
@@ -483,8 +483,8 @@ static bool lldb_parse_result(struct lldb_context *ac, 
LDAPMessage *result)
bool callback_failed;
bool request_done;
bool lret;
+   unsigned int i;
int ret;
-   int i;
 
ldb = ldb_module_get_ctx(ac->module);
 
diff --git a/source4/lib/ldb/ldb_map/ldb_map.c 
b/source4/lib/ldb/ldb_map/ldb_map.c
index ab9578b..483222e 100644
--- a/source4/lib/ldb/ldb_map/ldb_map.c
+++ b/source4/lib/ldb/ldb_map/ldb_map.c
@@ -256,7 +256,7 @@ int ldb_next_remote_request(struct ldb_module *module, 
struct ldb_request *reque
 /* Find an objectClass mapping by the local name. */
 static const struct ldb_map_objectclass *map_objectclass_find_local(const 
struct ldb_map_context *data, const char *name)
 {
-   int i;
+   unsigned int i;
 
for (i = 0; data->objectclass_maps && 
data->objectclass_maps[i].local_name; i++) {
if (ldb_attr_cmp(data->objectclass_maps[i].local_name, name) == 
0) {
@@ -270,7 +270,7 @@ static const struct ldb_map_objectclass 
*map_objectclass_find_local(const struct
 /* Find an objectClass mapping by the remote name. */
 static const struct ldb_map_objectclass *map_ob

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  30ff229... s4:LDB TDB index code - reintroduce accidentally removed 
code part
  from  f8dba77... s4:ldb_ldap.c - fix indentation

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 30ff229a3e32549073424b423302e976c988d563
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 11:43:40 2010 +0100

s4:LDB TDB index code - reintroduce accidentally removed code part

This was removed by 95d726f3018ef5d249f89d56bde24b7ee0c24ecf. Sorry.

---

Summary of changes:
 source4/lib/ldb/ldb_tdb/ldb_index.c |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c 
b/source4/lib/ldb/ldb_tdb/ldb_index.c
index c9c3e0c..828dca1 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_index.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_index.c
@@ -1331,7 +1331,9 @@ int ltdb_index_del_value(struct ldb_module *module, 
struct ldb_dn *dn,
}
 
j = (unsigned int) i;
-   memmove(&list->dn[j], &list->dn[j+1], sizeof(list->dn[0])*(list->count 
- (i+1)));
+   if (j != list->count - 1) {
+   memmove(&list->dn[j], &list->dn[j+1], 
sizeof(list->dn[0])*(list->count - (j+1)));
+   }
list->count--;
list->dn = talloc_realloc(list, list->dn, struct ldb_val, list->count);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  4e16a28... LDB:common - Change counters to "unsigned" where 
appropriate
  from  30ff229... s4:LDB TDB index code - reintroduce accidentally removed 
code part

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4e16a285c7c34732ba95fb5ec201e6f11cf88bef
Author: Matthias Dieter Wallnöfer 
Date:   Fri Nov 6 18:35:17 2009 +0100

LDB:common - Change counters to "unsigned" where appropriate

To count LDB objects use variables of type "unsigned (int)" or "long long 
int"
on binary or downto searches.

To count characters in strings use "size_t".

To calculate differences between pointers use "ptrdiff_t".

---

Summary of changes:
 source4/lib/ldb/common/attrib_handlers.c |4 +-
 source4/lib/ldb/common/ldb.c |4 +-
 source4/lib/ldb/common/ldb_attributes.c  |   15 +
 source4/lib/ldb/common/ldb_controls.c|   14 
 source4/lib/ldb/common/ldb_dn.c  |   46 +-
 source4/lib/ldb/common/ldb_ldif.c|2 +-
 source4/lib/ldb/common/ldb_match.c   |4 +-
 source4/lib/ldb/common/ldb_modules.c |   12 
 source4/lib/ldb/common/ldb_msg.c |   20 +++--
 source4/lib/ldb/common/ldb_parse.c   |   16 +-
 source4/lib/ldb/common/ldb_utf8.c|6 ++--
 11 files changed, 76 insertions(+), 67 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/common/attrib_handlers.c 
b/source4/lib/ldb/common/attrib_handlers.c
index 4647075..2a2bd08 100644
--- a/source4/lib/ldb/common/attrib_handlers.c
+++ b/source4/lib/ldb/common/attrib_handlers.c
@@ -55,7 +55,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
 {
char *s, *t;
-   int l;
+   size_t l;
 
if (!in || !out || !(in->data)) {
return -1;
@@ -456,7 +456,7 @@ static const struct ldb_schema_syntax 
ldb_standard_syntaxes[] = {
 const struct ldb_schema_syntax *ldb_standard_syntax_by_name(struct ldb_context 
*ldb,
const char *syntax)
 {
-   int i;
+   unsigned int i;
unsigned num_handlers = 
sizeof(ldb_standard_syntaxes)/sizeof(ldb_standard_syntaxes[0]);
/* TODO: should be replaced with a binary search */
for (i=0;ioperation) {
case LDB_SEARCH:
@@ -845,7 +845,7 @@ int ldb_search_default_callback(struct ldb_request *req,
struct ldb_reply *ares)
 {
struct ldb_result *res;
-   int n;
+   unsigned int n;
 
res = talloc_get_type(req->context, struct ldb_result);
 
diff --git a/source4/lib/ldb/common/ldb_attributes.c 
b/source4/lib/ldb/common/ldb_attributes.c
index 79c5dd6..13f4d32 100644
--- a/source4/lib/ldb/common/ldb_attributes.c
+++ b/source4/lib/ldb/common/ldb_attributes.c
@@ -49,7 +49,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context 
*ldb,
 unsigned flags,
 const struct ldb_schema_syntax *syntax)
 {
-   int i, n;
+   unsigned int i, n;
struct ldb_schema_attribute *a;
 
if (!syntax) {
@@ -122,7 +122,9 @@ static const struct ldb_schema_attribute 
*ldb_schema_attribute_by_name_internal(
struct ldb_context *ldb,
const char *name)
 {
-   int i, e, b = 0, r;
+   /* for binary search we need signed variables */
+   long long int i, e, b = 0;
+   int r;
const struct ldb_schema_attribute *def = &ldb_attribute_default;
 
/* as handlers are sorted, '*' must be the first if present */
@@ -135,7 +137,6 @@ static const struct ldb_schema_attribute 
*ldb_schema_attribute_by_name_internal(
e = ldb->schema.num_attributes - 1;
 
while (b <= e) {
-
i = (b + e) / 2;
 
r = ldb_attr_cmp(name, ldb->schema.attributes[i].name);
@@ -179,7 +180,7 @@ const struct ldb_schema_attribute 
*ldb_schema_attribute_by_name(struct ldb_conte
 void ldb_schema_attribute_remove(struct ldb_context *ldb, const char *name)
 {
const struct ldb_schema_attribute *a;
-   int i;
+   ptrdiff_t i;
 
a = ldb_schema_attribute_by_name_internal(ldb, name);
if (a == NULL || a->name == NULL) {
@@ -232,7 +233,7 @@ int ldb_setup_wellknown_attributes(struct ldb_context *ldb)
{ "ou", LDB_SYNTAX_DIRECTORY_STRING },
{ "objectClass", LDB_SYNTAX_OBJECTCLASS }
};
-   int i;
+   unsigned int i;
int ret;
 
for (i=0;ischema.num_dn_extended_syntax; i++) {
if (ldb_attr_cmp(ldb->schema.dn_extended_syntax[i].name, name) 
== 0) {
return &ldb->schema.dn_exte

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Jeff Layton 
The branch, master has been updated
   via  f4cb528... samba: remove cifs-utils tools from build systems
  from  4e16a28... LDB:common - Change counters to "unsigned" where 
appropriate

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f4cb528ac510d3381a92a303e858edaf9e3d908a
Author: Jeff Layton 
Date:   Mon Mar 8 09:06:40 2010 -0500

samba: remove cifs-utils tools from build systems

Now that cifs-utils are their own project, we need to go ahead and pull
them out of the samba tree. This patch represents the first step toward
that end.

Remove the cifs-utilities from the source3 and source4 builds. Please
pay particular attention to the source4 piece. I'm not at all familiar
with the build system there, and would appreciate someone sanity
checking my changes.

It also adds a small README.cifs-utils file in the topdir. This is
optional, but I think it's a good idea to carry this for a release or
two.

Once this patch looks ok, I'll plan to do another patch to actually
remove the client dir and the relevant docs-xml files from the tree
altogether.

Signed-off-by: Jeff Layton 

---

Summary of changes:
 source3/Makefile.in  |   54 ++--
 source3/configure.in |  124 --
 source4/client/config.m4 |   13 -
 source4/client/config.mk |   16 --
 source4/configure.ac |1 -
 5 files changed, 5 insertions(+), 203 deletions(-)
 delete mode 100644 source4/client/config.m4


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index de70c27..739eeda 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -208,8 +208,6 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
 
 SBIN_PROGS = bin/s...@exeext@ bin/n...@exeext@ @SWAT_SBIN_TARGETS@ 
@EXTRA_SBIN_PROGS@
 
-ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUMOUNT_PROGS@
-
 BIN_PROGS1 = bin/smbcli...@exeext@ bin/n...@exeext@ bin/smbsp...@exeext@ \
bin/testp...@exeext@ bin/smbsta...@exeext@ bin/smb...@exeext@
 BIN_PROGS2 = bin/smbcont...@exeext@ bin/smbt...@exeext@ $(TDBBACKUP) \
@@ -1039,12 +1037,6 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) 
$(LDB_OBJ) \
  $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \
  $(LIBNDR_GEN_OBJ0)
 
-CIFS_MOUNT_OBJ = ../client/mount.cifs.o ../client/mtab.o
-
-CIFS_UMOUNT_OBJ = ../client/umount.cifs.o ../client/mtab.o
-
-CIFS_UPCALL_OBJ = ../client/cifs.upcall.o
-
 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \
$(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
 
@@ -1358,8 +1350,8 @@ SPLIT_TOKENS_OBJ = utils/split_tokens.o \
 ##
 # now the rules...
 ##
-all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
-   $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \
+all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) \
+   $(MODULES) $(NSS_MODULES) $(PAM_MODULES) \
$(EXTRA_ALL_TARGETS)
 
 basics::
@@ -1620,21 +1612,6 @@ bin/smbsp...@exeext@: $(BINARY_PREREQS) $(CUPS_OBJ) 
@BUILD_POPT@ $(LIBTALLOC) $(
@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) 
$(LIBTDB_LIBS) $(ZLIB_LIBS)
 
-bin/mount.c...@exeext@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ)
-   @echo Linking $@
-   @$(CC) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
-
-bin/umount.c...@exeext@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ)
-   @echo Linking $@
-   @$(CC) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
-
-bin/cifs.upc...@exeext@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) 
$(LIBSMBCLIENT_OBJ1) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
-   @echo Linking $@
-   @$(CC) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
-   $(LIBSMBCLIENT_OBJ1) $(LIBS) -lkeyutils $(KRB5LIBS) \
-   $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBWBCLIENT_LIBS) \
-   $(LIBTDB_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS)
-
 bin/testp...@exeext@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ 
$(LIBTALLOC) $(LIBTDB)
@echo Linking $@
@$(CC) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
@@ -2973,7 +2950,7 @@ bin/split_tok...@exeext@: $(BINARY_PREREQS) 
$(SPLIT_TOKENS_OBJ) @BUILD_POPT@ $(L
$(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
 
-install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUMOUNT@ 
@INSTALL_CIFSUPCALL@ installman \
+install:: installservers installbin installman \
installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ 
\
@INSTALL_PAM_MODULES@ installlibs installmo
 
@@

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Björn Jacke 
The branch, master has been updated
   via  2f1fa4f... s3: add man page for vfs_crossrename
   via  0769a18... s3: add vfs_crossrename
   via  583de7b... s3: remove cross-device rename support from vfs_default
  from  f4cb528... samba: remove cifs-utils tools from build systems

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2f1fa4f8ca020c5d96bd3ac8706c54cd881aaa03
Author: Björn Jacke 
Date:   Mon Mar 8 12:38:38 2010 +0100

s3: add man page for vfs_crossrename

commit 0769a1833aff2057e7f6ab05713d7fd6886d6040
Author: Björn Jacke 
Date:   Mon Mar 8 12:59:40 2010 +0100

s3: add vfs_crossrename

this module adds optional server-side support for limited rename operations
beyond filesystem boundaries, which was the previously the default.

commit 583de7b582956d3bec7e875d88ef16b3b8ac6e53
Author: Björn Jacke 
Date:   Mon Mar 8 12:52:13 2010 +0100

s3: remove cross-device rename support from vfs_default

cross-device rename support has some major limitations:

- on huge files clients will timeout or hang
- ACLs and EA information is not retained

Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by 
default
do the same.

I will add a vfs module which will restore the old cross-device renames.

---

Summary of changes:
 docs-xml/manpages-3/vfs_crossrename.8.xml |  115 +
 source3/configure.in  |2 +
 source3/modules/vfs_crossrename.c |  200 +
 source3/modules/vfs_default.c |  116 -
 4 files changed, 317 insertions(+), 116 deletions(-)
 create mode 100644 docs-xml/manpages-3/vfs_crossrename.8.xml
 create mode 100644 source3/modules/vfs_crossrename.c


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/vfs_crossrename.8.xml 
b/docs-xml/manpages-3/vfs_crossrename.8.xml
new file mode 100644
index 000..675c92e
--- /dev/null
+++ b/docs-xml/manpages-3/vfs_crossrename.8.xml
@@ -0,0 +1,115 @@
+
+http://www.samba.org/samba/DTD/samba-doc";>
+
+
+
+   vfs_crossrename
+   8
+   Samba
+   System Administration tools
+   3.6
+
+
+
+
+   vfs_crossrename
+   server side rename files across filesystem 
boundaries
+
+
+
+   
+   vfs objects = crossrename
+   
+
+
+
+   DESCRIPTION
+
+   This VFS module is part of the
+   samba
+   7 suite.
+
+   The vfs_crossrename VFS module allows
+   server side rename operations even if source and target are on
+   differen physical devices. A "move" in Explorer is usually a
+   rename operation if it is inside of a single share or device.
+   Usually such a rename operation returns
+   NT_STATUS_NOT_SAME_DEVICE and the client has to move the file by
+   manual copy and delete operations. If the rename by copy is done by the
+   server this can be much more efficient. vfs_crossrename tries to do
+   this server-side cross-device rename operation. There are however
+   limitations that this module currently does not solve:
+
+   
+   
+   the ACLs of files are not preserved
+   
+   
+   meta data in EAs are not preserved
+   
+   
+   renames of whole subdirectories cannot be done recursively,
+   in that case we still return STATUS_NOT_SAME_DEVICE and
+   let the client decide what to do
+   
+   
+   rename operations of huge files can cause hangs on the
+   client because clients expect a rename operation to
+   return fast
+   
+   
+   
+
+   This module is stackable.
+
+
+
+
+
+   OPTIONS
+
+   
+
+   
+   crossrename:sizelimit = BYTES
+   
+   server-side cross-device-renames are only done
+   for files if the filesize is not larger than the defined
+   size in MiB to prevent timeouts. The default sizelimit is
+   20 (MiB)
+   
+   
+   
+
+
+
+   EXAMPLES
+
+   To add server-side cross-device renames inside of a share
+   for all files sized up to 50MB:
+
+
+
+   /data/mounts
+   crossrename
+   50
+
+
+
+
+   VERSION
+   This man page is correct for version 3.6.0 of the Samba suite.
+   
+
+
+
+   AUTHOR
+
+   The original Samba software and related utilities
+   were created by Andrew Tridgell. Samba is now developed
+   by the Samba Team as an Open Source project similar
+   to the way the Linux kernel is developed.
+
+
+
+
diff --git a/source3/con

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Björn Jacke 
The branch, master has been updated
   via  a4dc50e... s3: add missing Makefile.in changes for vfs_crossrename
  from  2f1fa4f... s3: add man page for vfs_crossrename

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a4dc50ef1273259c53f96ee4aaaef917e8daeffe
Author: Björn Jacke 
Date:   Mon Mar 8 17:53:18 2010 +0100

s3: add missing Makefile.in changes for vfs_crossrename

---

Summary of changes:
 source3/Makefile.in |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 739eeda..925f0be 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -743,6 +743,7 @@ PERFCOUNT_ONEFS_OBJ = modules/perfcount_onefs.o
 PERFCOUNT_TEST_OBJ = modules/perfcount_test.o
 VFS_DIRSORT_OBJ = modules/vfs_dirsort.o
 VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o
+VFS_CROSSRENAME_OBJ = modules/vfs_crossrename.o
 
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
@@ -2842,6 +2843,10 @@ bin/scannedon...@shlibext@: $(BINARY_PREREQS) 
$(VFS_SCANNEDONLY_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_SCANNEDONLY_OBJ)
 
+bin/crossrena...@shlibext@: $(BINARY_PREREQS) $(VFS_CROSSRENAME_OBJ)
+   @echo "Building plugin $@"
+   @$(SHLD_MODULE) $(VFS_CROSSRENAME_OBJ)
+
 #
 ## IdMap NSS plugins
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  8d3b7d4... LDB:asq module - change counters to "unsigned" where 
appropriate
   via  df17e1b... LDB:sort module - change counters to "unsigned" where 
appropriate
   via  8248069... LDB:rdn name module - change counters to "unsigned" 
where appropriate
   via  681c887... LDB:paged searches module - change counters to 
"unsigned" where appropriate
   via  7e7d9a8... LDB:paged results module - change counters to "unsigned" 
where appropriate
  from  a4dc50e... s3: add missing Makefile.in changes for vfs_crossrename

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8d3b7d418edc6955271d262bbdbf307a45b7fb7f
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 18:01:32 2010 +0100

LDB:asq module - change counters to "unsigned" where appropriate

commit df17e1b962d084315ebcba78a7ebe1d659781dbf
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 18:01:32 2010 +0100

LDB:sort module - change counters to "unsigned" where appropriate

commit 8248069c91922c93bf9020cc1f94b8cf59c43e28
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 18:01:32 2010 +0100

LDB:rdn name module - change counters to "unsigned" where appropriate

commit 681c88798a1e16da9dc13688c1ed18659127684b
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 18:01:32 2010 +0100

LDB:paged searches module - change counters to "unsigned" where appropriate

commit 7e7d9a8a4827f283d13f393404da978130baaa93
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 18:01:32 2010 +0100

LDB:paged results module - change counters to "unsigned" where appropriate

---

Summary of changes:
 source4/lib/ldb/modules/asq.c|9 +
 source4/lib/ldb/modules/paged_results.c  |8 
 source4/lib/ldb/modules/paged_searches.c |4 ++--
 source4/lib/ldb/modules/rdn_name.c   |5 +++--
 source4/lib/ldb/modules/sort.c   |9 +
 5 files changed, 19 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/modules/asq.c b/source4/lib/ldb/modules/asq.c
index 4918683..6d1e88b 100644
--- a/source4/lib/ldb/modules/asq.c
+++ b/source4/lib/ldb/modules/asq.c
@@ -55,8 +55,8 @@ struct asq_context {
struct ldb_reply *base_res;
 
struct ldb_request **reqs;
-   int num_reqs;
-   int cur_req;
+   unsigned int num_reqs;
+   unsigned int cur_req;
 
struct ldb_control **controls;
 };
@@ -85,7 +85,7 @@ static int asq_search_continue(struct asq_context *ac);
 static int asq_search_terminate(struct asq_context *ac)
 {
struct ldb_asq_control *asq;
-   int i;
+   unsigned int i;
 
if (ac->controls) {
for (i = 0; ac->controls[i]; i++) /* count em */ ;
@@ -250,7 +250,8 @@ static int asq_build_multiple_requests(struct asq_context 
*ac, bool *terminated)
struct ldb_control *control;
struct ldb_dn *dn;
struct ldb_message_element *el;
-   int ret, i;
+   unsigned int i;
+   int ret;
 
if (ac->base_res == NULL) {
return LDB_ERR_NO_SUCH_OBJECT;
diff --git a/source4/lib/ldb/modules/paged_results.c 
b/source4/lib/ldb/modules/paged_results.c
index ff1b92f..25b7532 100644
--- a/source4/lib/ldb/modules/paged_results.c
+++ b/source4/lib/ldb/modules/paged_results.c
@@ -65,8 +65,7 @@ struct results_store {
 };
 
 struct private_data {
-
-   int next_free_id;
+   unsigned int next_free_id;
struct results_store *store;

 };
@@ -95,7 +94,7 @@ static int store_destructor(struct results_store *del)
 static struct results_store *new_store(struct private_data *priv)
 {
struct results_store *newr;
-   int new_id = priv->next_free_id++;
+   unsigned int new_id = priv->next_free_id++;
 
/* TODO: we should have a limit on the number of
 * outstanding paged searches
@@ -140,7 +139,8 @@ static int paged_results(struct paged_context *ac)
 {
struct ldb_paged_control *paged;
struct message_store *msg;
-   int i, num_ctrls, ret;
+   unsigned int i, num_ctrls;
+   int ret;
 
if (ac->store == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
diff --git a/source4/lib/ldb/modules/paged_searches.c 
b/source4/lib/ldb/modules/paged_searches.c
index 09786c3..39780cb 100644
--- a/source4/lib/ldb/modules/paged_searches.c
+++ b/source4/lib/ldb/modules/paged_searches.c
@@ -52,7 +52,7 @@ struct ps_context {
bool pending;
 
char **saved_referrals;
-   int num_referrals;
+   unsigned int num_referrals;
 
struct ldb_request *down_req;
 };
@@ -132,7 +132,7 @@ static int send_referrals(struct ps_context *ac)
 {
struct ldb_reply *ares;
int ret;
-   int i;
+   unsigned int i;
 
for (i = 0; i < ac->num_referrals; i++) {

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  fde707a... s4:"dns_update_list" file: install it properly into the 
private directory
   via  a34eafc... Revert "s4:script/installmisc.sh - install 
"dns_update_list" to target setup folder"
  from  8d3b7d4... LDB:asq module - change counters to "unsigned" where 
appropriate

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit fde707aa0c563d239c2f8c442cddfee0b6ff057f
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 20:36:16 2010 +0100

s4:"dns_update_list" file: install it properly into the private directory

This is what the "samba_dnsupdate" script requests (line 220).

commit a34eafc693d8750c0883823068e5c6f7355efa04
Author: Matthias Dieter Wallnöfer 
Date:   Mon Mar 8 20:30:06 2010 +0100

Revert "s4:script/installmisc.sh - install "dns_update_list" to target 
setup folder"

This reverts commit b49276e291274652d46eed39249c07531e32b591.

---

Summary of changes:
 source4/Makefile  |2 +-
 source4/script/installmisc.sh |   16 +---
 2 files changed, 10 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/Makefile b/source4/Makefile
index 0da1ee2..dd9376b 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -243,7 +243,7 @@ installman:: manpages installdirs
@$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES)
 
 installmisc:: installdirs
-   @$(SHELL) $(srcdir)/script/installmisc.sh "$(DESTDIR)" $(srcdir) 
$(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) $(DESTDIR)$(sbindir) $(pythondir) 
$(PYTHON)
+   @$(SHELL) $(srcdir)/script/installmisc.sh "$(DESTDIR)" $(srcdir) 
$(DESTDIR)$(setupdir) $(DESTDIR)$(privatedir) $(DESTDIR)$(bindir) 
$(DESTDIR)$(sbindir) $(pythondir) $(PYTHON)
 
 installpc:: installdirs
@$(SHELL) $(srcdir)/script/installpc.sh $(builddir) 
$(DESTDIR)$(pkgconfigdir) $(PC_FILES)
diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh
index 6aaf6be..5c7d76d 100755
--- a/source4/script/installmisc.sh
+++ b/source4/script/installmisc.sh
@@ -1,18 +1,19 @@
 #!/bin/sh
 # install miscellaneous files
 
-[ $# -eq 7 ] || {
-echo "Usage: installmisc.sh DESTDIR SRCDIR SETUPDIR BINDDIR SBINDDIR 
PYTHONDIR PYTHON"
+[ $# -eq 8 ] || {
+echo "Usage: installmisc.sh DESTDIR SRCDIR SETUPDIR PRIVATEDIR BINDDIR 
SBINDDIR PYTHONDIR PYTHON"
 exit 1
 }
 
 DESTDIR="$1"
 SRCDIR="$2"
 SETUPDIR="$3"
-BINDIR="$4"
-SBINDIR="$5"
-PYTHONDIR="$6"
-PYTHON="$7"
+PRIVATEDIR="$4"
+BINDIR="$5"
+SBINDIR="$6"
+PYTHONDIR="$7"
+PYTHON="$8"
 
 cd $SRCDIR || exit 1
 
@@ -79,7 +80,6 @@ cp setup/named.conf.update $SETUPDIR || exit 1
 cp setup/provision.smb.conf.dc $SETUPDIR || exit 1
 cp setup/provision.smb.conf.member $SETUPDIR || exit 1
 cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1
-cp setup/dns_update_list $SETUPDIR || exit 1
 
 echo "Installing external python libraries"
 mkdir -p $PYTHONDIR/samba_external || exit 1
@@ -90,5 +90,7 @@ do
   cp -r scripting/python/samba_external/$p/* $PYTHONDIR/samba_external/$p/ || 
exit 1
 done
 
+echo "Installing stuff in $PRIVATEDIR"
+cp setup/dns_update_list $PRIVATEDIR || exit 1
 
 exit 0


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Jeff Layton 
The branch, master has been updated
   via  8a76352... samba: remove Linux cifs-utils files from samba master 
branch
  from  fde707a... s4:"dns_update_list" file: install it properly into the 
private directory

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8a76352544ccbac7e9aca2c3357256a01493cc7b
Author: Jeff Layton 
Date:   Mon Mar 8 15:05:05 2010 -0500

samba: remove Linux cifs-utils files from samba master branch

This patch removes all of the files from the samba tree that should now
be provided by the cifs-utils package. It also drops a
"README.cifs-utils" into the topdir with a URL to the main cifs-utils
webpage. This is for people who don't want the lists and might be taken
by surprise by the change. That's optional, but I think it's a good idea
for a least a release or two.

Signed-off-by: Jeff Layton 

---

Summary of changes:
 README.cifs-utils |7 +
 client/cifs.upcall.c  |  656 
 client/cifs_spnego.h  |   46 -
 client/mount.cifs.c   | 1779 -
 client/mount.h|   38 -
 client/mtab.c |  220 ---
 client/umount.cifs.c  |  406 -
 docs-xml/Samba3-HOWTO/manpages.xml|2 -
 docs-xml/linux-client/linux-cifs-client-guide.odt |  Bin 126569 -> 0 bytes
 docs-xml/manpages-3/cifs.upcall.8.xml |  124 --
 docs-xml/manpages-3/mount.cifs.8.xml  |  732 -
 docs-xml/manpages-3/umount.cifs.8.xml |  179 ---
 12 files changed, 7 insertions(+), 4182 deletions(-)
 create mode 100644 README.cifs-utils
 delete mode 100644 client/cifs.upcall.c
 delete mode 100644 client/cifs_spnego.h
 delete mode 100644 client/mount.cifs.c
 delete mode 100644 client/mount.h
 delete mode 100644 client/mtab.c
 delete mode 100644 client/umount.cifs.c
 delete mode 100644 docs-xml/linux-client/linux-cifs-client-guide.odt
 delete mode 100644 docs-xml/manpages-3/cifs.upcall.8.xml
 delete mode 100644 docs-xml/manpages-3/mount.cifs.8.xml
 delete mode 100644 docs-xml/manpages-3/umount.cifs.8.xml


Changeset truncated at 500 lines:

diff --git a/README.cifs-utils b/README.cifs-utils
new file mode 100644
index 000..2ea6a38
--- /dev/null
+++ b/README.cifs-utils
@@ -0,0 +1,7 @@
+As of Sunday March 7th, 2010, the Linux CIFS utilities are no longer
+part of the samba suite of tools and have been split off into their own
+project. Please see this webpage for information on how to acquire and
+build them:
+
+http://www.samba.org/linux-cifs/cifs-utils/
+
diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
deleted file mode 100644
index 42632a0..000
--- a/client/cifs.upcall.c
+++ /dev/null
@@ -1,656 +0,0 @@
-/*
-* CIFS user-space helper.
-* Copyright (C) Igor Mammedov (niall...@gmail.com) 2007
-* Copyright (C) Jeff Layton (jlay...@redhat.com) 2009
-*
-* Used by /sbin/request-key for handling
-* cifs upcall for kerberos authorization of access to share and
-* cifs upcall for DFS srver name resolving (IPv4/IPv6 aware).
-* You should have keyutils installed and add something like the
-* following lines to /etc/request-key.conf file:
-
-create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
-create dns_resolver * * /usr/local/sbin/cifs.upcall %k
-
-* This program is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-#include "includes.h"
-#include "../libcli/auth/spnego.h"
-#include "smb_krb5.h"
-#include 
-#include 
-
-#include "cifs_spnego.h"
-
-#defineCIFS_DEFAULT_KRB5_DIR   "/tmp"
-#defineCIFS_DEFAULT_KRB5_PREFIX"krb5cc_"
-
-#defineMAX_CCNAME_LEN  PATH_MAX + 5
-
-const char *CIFSSPNEGO_VERSION = "1.3";
-static const char *prog = "cifs.upcall";
-typedef enum _sectype {
-   NONE = 0,
-   KRB5,
-   MS_KRB5
-} sectype_t;
-
-/* does the ccache have a valid TGT? */
-static time_t
-get_tgt_time(const char *ccname) {
-   krb5_context context;
-   krb5_ccache ccache;
-   krb5_cc_cursor cur;
-   krb5_creds creds;
-   krb5_princi

[SCM] Samba Shared Repository - branch v3-5-stable updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-5-stable has been updated
   via  1c9494c... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can 
cause smbd to fail to respond to a read or write."
   via  cd499ea... WHATSNEW: Prepare release notes for Samba 3.5.1.
   via  ab98964... VERSION: Raise version number up to 3.5.1.
  from  d82b72a... WHATSNEW: Update changes since 3.5.0rc3.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable


- Log -
commit 1c9494c76cc9686c61e0966f38528d3318f3176f
Author: Karolin Seeger 
Date:   Mon Mar 8 20:34:39 2010 +0100

Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail 
to respond to a read or write."

This reverts commit a6ae7a552f851a31262377cc0e062e40ac20.

This fixes bug #7222 (All users have full rigths on all shares) 
(CVE-2010-0728).

commit cd499eaf0418fa0a3034c5ba4709278a302ea980
Author: Karolin Seeger 
Date:   Mon Mar 8 20:32:49 2010 +0100

WHATSNEW: Prepare release notes for Samba 3.5.1.

Karolin

commit ab98964115b56306b82f38aa2f65757dc2917ffe
Author: Karolin Seeger 
Date:   Mon Mar 1 15:03:03 2010 +0100

VERSION: Raise version number up to 3.5.1.

Karolin
(cherry picked from commit 0410c8bca22c61318bf71c845fca523614bef73a)

---

Summary of changes:
 WHATSNEW.txt  |   52 ++-
 source3/VERSION   |2 +-
 source3/include/smb.h |3 +-
 source3/lib/system.c  |   65 +++--
 source3/smbd/server.c |8 --
 5 files changed, 57 insertions(+), 73 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index caad89d..12c12d5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,55 @@
=
+   Release Notes for Samba 3.5.1
+   March 8, 2010
+   =
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should have denied access.
+
+
+Changes since 3.5.0
+---
+
+
+o   Jeremy Allison 
+* BUG 7222: Fix for CVE-2010-0728.
+
+
+##
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+
+   =
Release Notes for Samba 3.5.0
March 1, 2010
===
@@ -479,4 +530,3 @@ database (https://bugzilla.samba.org/).
 == Our Code, Our Bugs, Our Responsibility.
 == The Samba Team
 ==
-
diff --git a/source3/VERSION b/source3/VERSION
index 13358fe..35c8256 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
 
 
 # Bug fix releases use a letter for the patch revision #
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 041c96b..bc7a90d 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1723,8 +1723,7 @@ minimum length == 24.
 enum smbd_capability {
 KERNEL_OPLOCK_CAPABILITY,
 DMAPI_ACCESS_CAPABILITY,
-LEASE_CAPABILITY,
-KILL_CAPABILITY
+LEASE_CAPABILITY
 };
 
 /*
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 9c1da3a..a58d903 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -883,11 +883,6 @@ char *sys_getwd(char *s)
 
 #if defined(HAVE_POS

[SCM] Samba Shared Repository - annotated tag release-3-5-1 created

2010-03-08 Thread Karolin Seeger 
The annotated tag, release-3-5-1 has been created
at  e70dd664c57a77822f845ac8ec987ad9ebd86cc1 (tag)
   tagging  1c9494c76cc9686c61e0966f38528d3318f3176f (commit)
  replaces  release-3-5-0
 tagged by  Karolin Seeger
on  Mon Mar 8 20:40:09 2010 +0100

- Log -
tag release-3-5-1
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.12 (GNU/Linux)

iD8DBQBLlVOmbzORW2Vot+oRAswUAKC/Tx2aOKrbl1hTc1iaZJXYR67fOACgthtq
FHRYX3jyDtm5W1sxq6p7/Jg=
=HOvd
-END PGP SIGNATURE-

Karolin Seeger (3):
  VERSION: Raise version number up to 3.5.1.
  WHATSNEW: Prepare release notes for Samba 3.5.1.
  Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to 
fail to respond to a read or write."

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-stable updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-4-stable has been updated
   via  49fc62c... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can 
cause smbd to fail to respond to a read or write."
   via  bdad635... WHATSNEW: Prepare release notes for Samba 3.4.7.
   via  df5a563... WHATSNEW: Start release notes for Samba 3.4.7.
   via  d811847... VERSION: Raise version number up to 3.4.7.
  from  d0e7cc3... WHATSNEW: Fix typo.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable


- Log -
commit 49fc62cc5d8bcb2ef246fa6505c99071b406c413
Author: Karolin Seeger 
Date:   Mon Mar 8 20:53:38 2010 +0100

Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail 
to respond to a read or write."

This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9.

This fixes bug #7222 (All users have full rigths on all 
shares)(CVE-2010-0728).

commit bdad63514f345a10774dade1746072312ed140c1
Author: Karolin Seeger 
Date:   Mon Mar 8 20:52:56 2010 +0100

WHATSNEW: Prepare release notes for Samba 3.4.7.

Karolin

commit df5a5630a795f57a71d3b9e0f68ba104bc289982
Author: Karolin Seeger 
Date:   Wed Feb 24 16:08:26 2010 +0100

WHATSNEW: Start release notes for Samba 3.4.7.

Karolin
(cherry picked from commit c8f888a6cc67e603ba04510f5504596b67d8)

commit d811847bbd8badf5c343417b453a527de3f06bbe
Author: Karolin Seeger 
Date:   Wed Feb 24 16:06:32 2010 +0100

VERSION: Raise version number up to 3.4.7.

Karolin
(cherry picked from commit b280381ed338920b1746d0b2b7cd6ea6eb1f92b9)

---

Summary of changes:
 WHATSNEW.txt  |   54 +++-
 source3/VERSION   |2 +-
 source3/include/smb.h |3 +-
 source3/lib/system.c  |   65 +++--
 source3/smbd/server.c |8 --
 5 files changed, 58 insertions(+), 74 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 42341d0..80589c7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,54 @@
=
+   Release Notes for Samba 3.4.7
+   March 8, 2010
+   =
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should have denied access.
+
+
+Changes since 3.5.0
+---
+
+
+o   Jeremy Allison 
+* BUG 7222: Fix for CVE-2010-0728.
+
+
+##
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older versions follow:
+
+
+   =
Release Notes for Samba 3.4.6
 February 24, 2010
=
@@ -109,8 +159,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older versions follow:
-
+--
+
 
=
Release Notes for Samba 3.4.5
diff --git a/source3/VERSION b/source3/VERSION
index 7133dfb..f40ac81 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
 
 
 # Bug fix releases use a letter for the patch revision #
diff --git a/source3/include/smb.h b/source3/include/smb.h
i

[SCM] Samba Shared Repository - annotated tag release-3-4-7 created

2010-03-08 Thread Karolin Seeger 
The annotated tag, release-3-4-7 has been created
at  574d9ad7b6c795cfcdd8bb53456f656908c29bc9 (tag)
   tagging  49fc62cc5d8bcb2ef246fa6505c99071b406c413 (commit)
  replaces  release-3-4-6
 tagged by  Karolin Seeger
on  Mon Mar 8 20:54:29 2010 +0100

- Log -
tag release-3-4-7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.12 (GNU/Linux)

iD4DBQBLlVYBbzORW2Vot+oRAlAlAJUcFy5P5sX4ZSdDd1dDKOv+TuBSAKC96/Tx
fAkHaLYBSX/HwZ09hI54kA==
=5lR2
-END PGP SIGNATURE-

Karolin Seeger (4):
  VERSION: Raise version number up to 3.4.7.
  WHATSNEW: Start release notes for Samba 3.4.7.
  WHATSNEW: Prepare release notes for Samba 3.4.7.
  Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to 
fail to respond to a read or write."

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-stable updated

2010-03-08 Thread Karolin Seeger 
The branch, v3-3-stable has been updated
   via  007f9c9... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can 
cause smbd to fail to respond to a read or write."
   via  cb608fe... WHATSNEW: Prepare release notes for Samba 3.3.12.
   via  689fd1b... VERSION: Raise version number up to 3.3.12.
  from  adc7b06... WHATSNEW: Update changes since 3.3.10.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable


- Log -
commit 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e
Author: Karolin Seeger 
Date:   Mon Mar 8 21:08:36 2010 +0100

Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail 
to respond to a read or write."

This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc.

This fixes bug #7222 (All users have full rigths on all shares) 
(CVE-2010-0728).

commit cb608fef71f9da629a1858cd1d6c8b19e27e6655
Author: Karolin Seeger 
Date:   Mon Mar 8 21:08:01 2010 +0100

WHATSNEW: Prepare release notes for Samba 3.3.12.

Karolin

commit 689fd1bd11806f92e9f5acbc634e27f7b197ee23
Author: Karolin Seeger 
Date:   Mon Mar 8 21:05:40 2010 +0100

VERSION: Raise version number up to 3.3.12.

Karolin

---

Summary of changes:
 WHATSNEW.txt |   54 -
 source/VERSION   |2 +-
 source/include/smb.h |3 +-
 source/lib/system.c  |   65 +++--
 source/smbd/server.c |8 --
 5 files changed, 58 insertions(+), 74 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0d5d5f0..90a1960 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,54 @@
==
+   Release Notes for Samba 3.3.12
+   March 8, 2010
+   ==
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should have denied access.
+
+
+Changes since 3.5.0
+---
+
+
+o   Jeremy Allison 
+* BUG 7222: Fix for CVE-2010-0728.
+
+
+##
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 3.3.11
 February 26, 2010
==
@@ -79,8 +129,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 3.3.10
diff --git a/source/VERSION b/source/VERSION
index 29efdb3..01fc3b8 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 
 # Bug fix releases use a letter for the patch revision #
diff --git a/source/include/smb.h b/source/include/smb.h
index 3825c63..327f212 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1684,8 +1684,7 @@ minimum length == 18.
 enum smbd_capability {
 KERNEL_OPLOCK_CAPABILITY,
 DMAPI_ACCESS_CAPABILITY,
-LEASE_CAPABILITY,
-KILL_CAPABILITY
+LEASE_CAPABILITY
 };
 
 /* if a kernel does support oplocks then a structure of the following
diff --git a/source/

[SCM] Samba Shared Repository - annotated tag release-3-3-12 created

2010-03-08 Thread Karolin Seeger 
The annotated tag, release-3-3-12 has been created
at  cf4bfa915b638bce6ad9433328a8a4a7d6ba562d (tag)
   tagging  007f9c90e952aeea2d8f73cff3ccd0f747a9c06e (commit)
  replaces  release-3-3-11
 tagged by  Karolin Seeger
on  Mon Mar 8 21:09:38 2010 +0100

- Log -
tag release-3-3-12
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.12 (GNU/Linux)

iD8DBQBLlVmRbzORW2Vot+oRAv8fAJ97OU36kCSwXHLw/ohrSZB5RHCaowCgwokH
OsGhLGyhX9gEiYE1Y7n4p/I=
=PAIl
-END PGP SIGNATURE-

Karolin Seeger (3):
  VERSION: Raise version number up to 3.3.12.
  WHATSNEW: Prepare release notes for Samba 3.3.12.
  Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to 
fail to respond to a read or write."

---


-- 
Samba Shared Repository

svn commit: samba-web r1407 - in trunk: . devel history

2010-03-08 Thread kseeger 
Author: kseeger
Date: 2010-03-08 14:06:10 -0700 (Mon, 08 Mar 2010)
New Revision: 1407

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1407

Log:
Announce Samba 3.5.1, 3.4.7 and 3.3.12
Karolin
Added:
   trunk/history/samba-3.3.12.html
   trunk/history/samba-3.4.7.html
   trunk/history/samba-3.5.1.html
Modified:
   trunk/devel/index.html
   trunk/header_columns.html
   trunk/history/header_history.html
   trunk/index.html


Changeset:
Modified: trunk/devel/index.html
===
--- trunk/devel/index.html  2010-03-02 06:05:57 UTC (rev 1406)
+++ trunk/devel/index.html  2010-03-08 21:06:10 UTC (rev 1407)
@@ -20,8 +20,8 @@
 3.0.x and 2.2.x versions of Samba, which are no longer in active development.
 
 
-The latest production release is Samba 3.5.0 (release notes and The latest production release is Samba 3.5.1 (release notes and download).
 
 With the release of Samba 3.5.0, the 3.4 series has been turned into

Modified: trunk/header_columns.html
===
--- trunk/header_columns.html   2010-03-02 06:05:57 UTC (rev 1406)
+++ trunk/header_columns.html   2010-03-08 21:06:10 UTC (rev 1407)
@@ -120,20 +120,20 @@
   
 Current Stable Release
 
-Samba 3.5.0 
(gzipped)
-Release Notes
-Signature
+Samba 3.5.1 
(gzipped)
+Release Notes
+Signature
 
 
 Historical
 
-Samba 3.4.6 
(gzipped)
-Release Notes
-Signature
+Samba 3.4.7 
(gzipped)
+Release Notes
+Signature
 
-Samba 3.3.11 
(gzipped)
-Release Notes 
3.3.11
-Signature 
3.3.11
+Samba 3.3.12 
(gzipped)
+Release Notes 
3.3.12
+Signature 
3.3.12
 
 Samba 3.2.15 
(gzipped)
 Release Notes 
3.2.15

Modified: trunk/history/header_history.html
===
--- trunk/history/header_history.html   2010-03-02 06:05:57 UTC (rev 1406)
+++ trunk/history/header_history.html   2010-03-08 21:06:10 UTC (rev 1407)
@@ -77,7 +77,9 @@
   
 Release Notes
 
+samba-3.5.1
 samba-3.5.0
+samba-3.4.7
 samba-3.4.6
 samba-3.4.5
 samba-3.4.4
@@ -85,6 +87,7 @@
 samba-3.4.2
 samba-3.4.1
 samba-3.4.0
+samba-3.3.12
 samba-3.3.11
 samba-3.3.10
 samba-3.3.9

Added: trunk/history/samba-3.3.12.html
===
--- trunk/history/samba-3.3.12.html (rev 0)
+++ trunk/history/samba-3.3.12.html 2010-03-08 21:06:10 UTC (rev 1407)
@@ -0,0 +1,43 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+http://www.w3.org/1999/xhtml";>
+
+
+Samba - Release Notes Archive
+
+
+
+
+   Samba 3.3.12 Available for Download
+
+
+
+   ==
+   Release Notes for Samba 3.3.12
+   March 8, 2010
+   ==
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should have denied access.
+
+
+Changes since 3.5.0
+---
+
+
+o   Jeremy Allison 
+* BUG 7222: Fix for CVE-2010-0728.
+
+
+
+


Property changes on: trunk/history/samba-3.3.12.html
___
Added: svn:executable
   + *

Added: trunk/history/samba-3.4.7.html
===
--- trunk/history/samba-3.4.7.html  (rev 0)
+++ trunk/history/samba-3.4.7.html  2010-03-08 21:06:10 UTC (rev 1407)
@@ -0,0 +1,43 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+http://www.w3.org/1999/xhtml";>
+
+
+Samba - Release Notes Archive
+
+
+
+
+   Samba 3.4.7 Available for Download
+
+
+
+   =
+   Release Notes for Samba 3.4.7
+   March 8, 2010
+   =
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o  CVE-2010-0728:
+   In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+   was added to fix a problem with Linux asynchronous IO handling.
+   This code introduced a bad security flaw on Linux platforms if the
+   binaries were built on Linux platforms with libcap support.
+   The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+   capabilities, allowing all file system access to be allowed
+   even when permissions should hav

svn commit: samba-web r1408 - in trunk/security: .

2010-03-08 Thread kseeger 
Author: kseeger
Date: 2010-03-08 14:36:30 -0700 (Mon, 08 Mar 2010)
New Revision: 1408

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1408

Log:
Add security advisory
Karolin
Added:
   trunk/security/CVE-2010-0728.html


Changeset:
Added: trunk/security/CVE-2010-0728.html
===
--- trunk/security/CVE-2010-0728.html   (rev 0)
+++ trunk/security/CVE-2010-0728.html   2010-03-08 21:36:30 UTC (rev 1408)
@@ -0,0 +1,69 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+http://www.w3.org/1999/xhtml";>
+
+
+Samba - Security Announcement Archive
+
+
+
+
+   CVE-2010-0728: 
+
+
+
+===
+== Subject: Allowing all file system access even when
+== permissions should have denied access.
+==
+== CVE ID#: CVE-2010-0728
+==
+== Versions:3.3.11, 3.4.6 and 3.5.0
+==
+== Summary: This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+== capabilities, allowing all file system access to be allowed
+== even when permissions should have denied access.
+===
+
+===
+Description
+===
+
+This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+capabilities, allowing all file system access to be allowed
+even when permissions should have denied access.
+
+Please note this security problem does not affect any platform that does
+not support capabilities and platforms where binaries were built without
+libcap support.
+Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x
+versions are NOT affected.
+
+
+==
+Patch Availability
+==
+
+A Patch addressing this issue has been posted to:
+
+http://www.samba.org/samba/security/
+
+Additionally, Samba 3.3.12, 3.4.7 and 3.5.1 have been issued
+as security releases to correct the defect.  Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==
+Workaround
+==
+
+None available
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+

svn commit: samba-web r1409 - in trunk/security: .

2010-03-08 Thread vlendec 
Author: vlendec
Date: 2010-03-08 15:00:48 -0700 (Mon, 08 Mar 2010)
New Revision: 1409

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1409

Log:
Mention the bug reporter

Modified:
   trunk/security/CVE-2010-0728.html


Changeset:
Modified: trunk/security/CVE-2010-0728.html
===
--- trunk/security/CVE-2010-0728.html   2010-03-08 21:36:30 UTC (rev 1408)
+++ trunk/security/CVE-2010-0728.html   2010-03-08 22:00:48 UTC (rev 1409)
@@ -59,7 +59,14 @@
 
 None available
 
+===
+Credits
+===
 
+The problem was was reported as
+https://bugzilla.samba.org/show_bug.cgi?id=7222
+by Andreas Matthus .
+
 ==
 == Our Code, Our Bugs, Our Responsibility.
 == The Samba Team

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Michael Adam 
The branch, master has been updated
   via  b845025... s3:release-scripts: fix create-tarball to treat vendor 
patch level correctly
  from  8a76352... samba: remove Linux cifs-utils files from samba master 
branch

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b845025daf2da85eb1af6cbfa7878cf59a32f2a6
Author: Michael Adam 
Date:   Mon Mar 8 23:37:21 2010 +0100

s3:release-scripts: fix create-tarball to treat vendor patch level correctly

---

Summary of changes:
 release-scripts/create-tarball |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/release-scripts/create-tarball b/release-scripts/create-tarball
index 9e6b8fe..94525e0 100755
--- a/release-scripts/create-tarball
+++ b/release-scripts/create-tarball
@@ -196,7 +196,7 @@ function main
 if [ -n "$vendor_version" ]; then
version="$version-$vendor_version"
 fi
-vendor_patch=`grep "define SAMBA_VERSION_VENDOR_PATCH" $VER_H | awk 
'{print $3}'`
+vendor_patch=`grep "define SAMBA_VERSION_VENDOR_PATCH_STRING" $VER_H | awk 
'{print $3}'`
 if [ -n "$vendor_patch" ]; then
version="$version-$vendor_patch"
 fi


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Michael Adam 
The branch, master has been updated
   via  9113e14... s3:build: Fix automatic building of vfs_tsmsm if gpfs 
and dmapi are present.
  from  b845025... s3:release-scripts: fix create-tarball to treat vendor 
patch level correctly

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9113e14b291c10c824d2d8ea5cb28ffc0adcb63b
Author: Michael Adam 
Date:   Mon Mar 8 22:32:41 2010 +0100

s3:build: Fix automatic building of vfs_tsmsm if gpfs and dmapi are present.

Michael

---

Summary of changes:
 source3/configure.in |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index 436f708..f0dabbf 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2700,7 +2700,7 @@ fi
 
 # Add TSM SM VFS module only if there are both GPFS and DMAPI support
 # Theoretically it should work with AIX JFS2 too but this needs testing
-if test x"$samba_cv_HAVE_GPFS" = x"yes" && test x"$samba_dmapi_libs" != x"" ; 
then
+if test x"$ac_cv_header_gpfs_gpl_h" = x"yes" && test x"$samba_dmapi_libs" != 
x"" ; then
 default_shared_modules="$default_shared_modules vfs_tsmsm"
 fi
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-03-08 Thread Jeremy Allison 
The branch, master has been updated
   via  56b13ee... Revert "Fix bug #7067 - Linux asynchronous IO (aio) can 
cause smbd to fail to respond to a read or write."
  from  9113e14... s3:build: Fix automatic building of vfs_tsmsm if gpfs 
and dmapi are present.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 56b13ee8edfa434cbca69af17aeea58cc5502b40
Author: Karolin Seeger 
Date:   Mon Mar 8 20:34:39 2010 +0100

Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail 
to respond to a read or write."

This reverts commit a6ae7a552f851a31262377cc0e062e40ac20.

This fixes bug #7222 (All users have full rigths on all shares) 
(CVE-2010-0728).
(cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)

---

Summary of changes:
 source3/include/smb.h |3 +-
 source3/lib/system.c  |   65 +++--
 source3/smbd/server.c |8 --
 3 files changed, 5 insertions(+), 71 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8d1e148..8674629 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1724,8 +1724,7 @@ minimum length == 24.
 enum smbd_capability {
 KERNEL_OPLOCK_CAPABILITY,
 DMAPI_ACCESS_CAPABILITY,
-LEASE_CAPABILITY,
-KILL_CAPABILITY
+LEASE_CAPABILITY
 };
 
 /*
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 58240a3..5aab441 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -908,11 +908,6 @@ char *sys_getwd(char *s)
 
 #if defined(HAVE_POSIX_CAPABILITIES)
 
-/* This define hasn't made it into the glibc capabilities header yet. */
-#ifndef SECURE_NO_SETUID_FIXUP
-#define SECURE_NO_SETUID_FIXUP  2
-#endif
-
 /**
  Try and abstract process capabilities (for systems that have them).
 /
@@ -943,32 +938,6 @@ static bool set_process_capability(enum smbd_capability 
capability,
}
 #endif
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && 
defined(SECURE_NO_SETUID_FIXUP)
-/* New way of setting capabilities as "sticky". */
-
-   /*
-* Use PR_SET_SECUREBITS to prevent setresuid()
-* atomically dropping effective capabilities on
-* uid change. Only available in Linux kernels
-* 2.6.26 and above.
-*
-* See here:
-* 
http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
-* for details.
-*
-* Specifically the CAP_KILL capability we need
-* to allow Linux threads under different euids
-* to send signals to each other.
-*/
-
-   if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
-   DEBUG(0,("set_process_capability: "
-   "prctl PR_SET_SECUREBITS failed with error %s\n",
-   strerror(errno) ));
-   return false;
-   }
-#endif
-
cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
@@ -997,11 +966,6 @@ static bool set_process_capability(enum smbd_capability 
capability,
cap_vals[num_cap_vals++] = CAP_LEASE;
 #endif
break;
-   case KILL_CAPABILITY:
-#ifdef CAP_KILL
-   cap_vals[num_cap_vals++] = CAP_KILL;
-#endif
-   break;
}
 
SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals));
@@ -1011,37 +975,16 @@ static bool set_process_capability(enum smbd_capability 
capability,
return True;
}
 
-   /*
-* Ensure the capability is effective. We assume that as a root
-* process it's always permitted.
-*/
-
-   if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
-   enable ? CAP_SET : CAP_CLEAR) == -1) {
-   DEBUG(0, ("set_process_capability: cap_set_flag effective "
-   "failed (%d): %s\n",
-   (int)capability,
-   strerror(errno)));
-   cap_free(cap);
-   return false;
-   }
+   cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+   enable ? CAP_SET : CAP_CLEAR);
 
/* We never want to pass capabilities down to our children, so make
 * sure they are not inherited.
 */
-   if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals,
-   cap_vals, CAP_CLEAR) == -1) {
-   DEBUG(0, ("set_process_capability: cap_set_flag inheritable "
-   "failed (%d): %s\n",
-   (int)capability,
-

Build status as of Tue Mar 9 07:00:06 2010

2010-03-08 Thread build 
URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-03-08 
00:00:20.0 -0700
+++ /home/build/master/cache/broken_results.txt 2010-03-09 00:00:06.0 
-0700
@@ -0,0 +1,21 @@
+Build status as of Tue Mar  9 07:00:06 2010
+
+Build counts:
+Tree Total  Broken Panic 
+build_farm   0  0  0 
+ccache   34 12 0 
+ldb  34 34 0 
+libreplace   33 12 0 
+lorikeet 0  0  0 
+pidl 24 23 0 
+ppp  17 0  0 
+rsync34 13 0 
+samba-docs   0  0  0 
+samba-web0  0  0 
+samba_3_current 32 32 2 
+samba_3_master 32 32 7 
+samba_3_next 29 28 4 
+samba_4_0_test 34 32 1 
+talloc   34 11 0 
+tdb  32 22 0 
+