[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 56d5cb9 s3-winbind: don't try to do clever thing if the username is
not found while authenticating through winbind
via 7350d99 s3: check that a user in a bogus domain name is mapped to
the localnetbios name of a domain member
from 959d13a s3-auth: Remove duplicate check for
NT_STATUS_IS_OK(nt_status)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 56d5cb938651b9c67a8400d1adc61a23889a6a29
Author: Matthieu Patou m...@matws.net
Date: Mon Jan 30 00:05:08 2012 -0800
s3-winbind: don't try to do clever thing if the username is not found while
authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable (jvena...@juniper.net).
Patch from Andrew Bartlett (abartl...@samba.org).
Autobuild-User: Matthieu Patou m...@samba.org
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
commit 7350d994096efa62031f4f75cf92fb4ade2b2655
Author: Matthieu Patou m...@matws.net
Date: Sun Jan 29 22:12:40 2012 -0800
s3: check that a user in a bogus domain name is mapped to the localnetbios
name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
---
Summary of changes:
source3/winbindd/winbindd_pam.c |3 ++-
source4/selftest/tests.py |1 +
testprogs/blackbox/bogus.sh | 20
3 files changed, 23 insertions(+), 1 deletions(-)
create mode 100755 testprogs/blackbox/bogus.sh
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 41f38a4..93034ad 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1079,7 +1079,8 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct
winbindd_domain *domain,
DEBUG(3, (Authentication for domain for [%s] -
[%s]\\[%s] failed as %s is not a trusted domain\n,
state-request-data.auth.user, name_domain,
name_user, name_domain));
- contact_domain = find_our_domain();
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
}
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 82f0ae9..ccc899b 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -367,6 +367,7 @@ for mech in [
plansmbtorturetestsuite('base.xcopy', plugin_s4_dc,
['//$NETBIOSNAME/xcopy_share', signoptions,
'-U$DC_USERNAME%$DC_PASSWORD'], samba4.%s administrator % name)
+plantestsuite(samba4.blackbox.bogusdomain, s3member,
[testprogs/blackbox/bogus.sh, $NETBIOSNAME, xcopy_share, '$DC_USERNAME',
'$DC_PASSWORD'], allow_empty_output=True)
for mech in [
-k no,
-k no --option=usespnego=no,
diff --git a/testprogs/blackbox/bogus.sh b/testprogs/blackbox/bogus.sh
new file mode 100755
index 000..019957b
--- /dev/null
+++ b/testprogs/blackbox/bogus.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat EOF
+Usage: blackbox_newuser.sh PREFIX
+EOF
+exit 1;
+fi
+
+. `dirname $0`/subunit.sh
+
+SERVER=$1
+SHARE=$2
+USER=$3
+PWD=$4
+smbclient=$BINDIR/smbclient
+testit_expect_failure smbclient $smbclient //$SERVER/$SHARE -W POUET
-U$USER%$PWD -c dir failed=`expr $failed + 1`
+./bin/net rpc user add $USER $PWD -W $SERVER -U$USER%$PWD -S $SERVER
+testit smbclient $smbclient //$SERVER/$SHARE -W POUET -U$USER%$PWD -c
dir|| failed=`expr $failed + 1`
+exit $failed
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ec70cd9 WHATSNEW: Start release notes for Samba 3.6.4. via d154a74 VERSION: Bump version up to 3.6.4. from 9646202 s3-smbd: Fix bug #8724. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ec70cd9cb9c82ef7be8e5450a2844ff0011f0169 Author: Karolin Seeger ksee...@samba.org Date: Mon Jan 30 20:38:38 2012 +0100 WHATSNEW: Start release notes for Samba 3.6.4. Karolin commit d154a74f8fd8c6085beaac9f1adf20ef015d8b22 Author: Karolin Seeger ksee...@samba.org Date: Mon Jan 30 20:36:14 2012 +0100 VERSION: Bump version up to 3.6.4. Karolin --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2868320..92754cf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ = + Release Notes for Samba 3.6.4 + , 2012 + = + + +This is the latest stable release of Samba 3.6. + +Major enhancements in Samba 3.6.4 include: + +o + +Changes since 3.6.3: + + + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + = Release Notes for Samba 3.6.3 January 29, 2012 = @@ -44,8 +85,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + = Release Notes for Samba 3.6.2 diff --git a/source3/VERSION b/source3/VERSION index f496624..eb036f7 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via e86ad41 Fix for bug #8727 - smbclient fails with posix large reads.
from ec70cd9 WHATSNEW: Start release notes for Samba 3.6.4.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit e86ad41af9d50265cab7cfdabdacb40bb4d3acc0
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jan 27 16:03:55 2012 -0800
Fix for bug #8727 - smbclient fails with posix large reads.
s3-libsmb Do not limit read replies to NBT packet sizes
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/libsmb/clireadwrite.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 215e1d3..83531a5 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -215,7 +215,7 @@ static void cli_read_andx_done(struct tevent_req *subreq)
state-buf = (uint8_t *)smb_base(inbuf) + SVAL(vwv+6, 0);
- if (trans_oob(smb_len(inbuf), SVAL(vwv+6, 0), state-received)
+ if (trans_oob(smb_len_large(inbuf), SVAL(vwv+6, 0), state-received)
|| ((state-received != 0) (state-buf bytes))) {
DEBUG(5, (server returned invalid readx data offset\n));
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 3394bbf s3-libsmb Do not limit read replies to NBT packet sizes
from f0c4e96 Fix bug 8636 - When returning an ACL without SECINFO_DACL
requested, we still set SEC_DESC_DACL_PRESENT in the type field.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 3394bbf45dd219dc0293809fe2c50ad3ab7cede6
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jan 27 13:53:34 2012 +1100
s3-libsmb Do not limit read replies to NBT packet sizes
With the posix extensions, we can read 16MB at a time, so we need to
check the full size of the packet, not the size rounded down to the
old NBT limit.
Andrew Bartlett
Fix bug #8727 (smbclient fails with posix large reads).
---
Summary of changes:
source3/libsmb/clireadwrite.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 53ecacc..724c846 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -199,7 +199,7 @@ static void cli_read_andx_done(struct tevent_req *subreq)
inbuf = cli_smb_inbuf(subreq);
state-buf = (uint8_t *)smb_base(inbuf) + SVAL(vwv+6, 0);
- if (trans_oob(smb_len(inbuf), SVAL(vwv+6, 0), state-received)
+ if (trans_oob(smb_len_large(inbuf), SVAL(vwv+6, 0), state-received)
|| ((state-received != 0) (state-buf bytes))) {
DEBUG(5, (server returned invalid readx data offset\n));
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 1fdc96e Fix bug #8139 - smbclient fails if server does not support
Echo request.
from 56d5cb9 s3-winbind: don't try to do clever thing if the username is
not found while authenticating through winbind
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1fdc96ecaff8ca12e9aa0082527468ad4242a8a9
Author: Jeremy Allison j...@samba.org
Date: Mon Jan 30 14:13:47 2012 -0800
Fix bug #8139 - smbclient fails if server does not support Echo request.
Based on work by Matthias Scheler t...@netbsd.org
Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Tue Jan 31 00:47:19 CET 2012 on sn-devel-104
---
Summary of changes:
source3/client/client.c |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/client.c b/source3/client/client.c
index 4b7df92..9b36ff7 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5032,11 +5032,15 @@ static void readline_callback(void)
/* Ping the server to keep the connection alive using SMBecho. */
memset(garbage, 0xf0, sizeof(garbage));
status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)));
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
DEBUG(0, (SMBecho failed (%s). Maybe server has closed
the connection\n, nt_errstr(status)));
finished = true;
smb_readline_done();
+ /* Ignore all other errors - sometimes servers simply
+ don't implement SMBecho (Apple for example). */
}
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bfa951d s4-s3-upgrade: Check if there are duplicate sids for users and groups via 449ca75 s4-s3-upgrade: Use lowercase hostname as hostname for provision from 1fdc96e Fix bug #8139 - smbclient fails if server does not support Echo request. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bfa951db975417facda3e92d9b1075616e6c7581 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jan 30 12:13:28 2012 +1100 s4-s3-upgrade: Check if there are duplicate sids for users and groups Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104 commit 449ca7575904e4ed78f2696bb16cef5143761bbc Author: Amitay Isaacs ami...@gmail.com Date: Tue Dec 6 14:43:45 2011 +1100 s4-s3-upgrade: Use lowercase hostname as hostname for provision --- Summary of changes: source4/scripting/python/samba/upgrade.py |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 3a42860..850035b 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -617,7 +617,11 @@ Please fix this account before attempting to upgrade again # Check for same user sid/group sid group_sids = set([str(g.sid) for g in grouplist]) +if len(grouplist) != len(group_sids): +raise ProvisioningError(Please remove duplicate group sid entries before upgrade.) user_sids = set([%s-%u % (domainsid, u['rid']) for u in userlist]) +if len(userlist) != len(user_sids): +raise ProvisioningError(Please remove duplicate user sid entries before upgrade.) common_sids = group_sids.intersection(user_sids) if common_sids: logger.error(Following sids are both user and group sids:) @@ -636,7 +640,7 @@ Please fix this account before attempting to upgrade again domainsid=str(domainsid), next_rid=next_rid, dc_rid=machinerid, dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003, - hostname=netbiosname, machinepass=machinepass, + hostname=netbiosname.lower(), machinepass=machinepass, serverrole=serverrole, samdb_fill=FILL_FULL, useeadb=useeadb, dns_backend=dns_backend) -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-159-gee3ef90
The branch, master has been updated
via ee3ef9004be8feeefa6e450eb5bb084cc6812370 (commit)
via c75e4ad9b566e47dec66d25988da4cee861c2357 (commit)
from 488de939b78125ac38822760102e05298a5e70c5 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit ee3ef9004be8feeefa6e450eb5bb084cc6812370
Author: Mathieu Parent math.par...@gmail.com
Date: Tue Dec 6 22:24:26 2011 +0100
Define ETIME on non-supporting platforms
e.g. kFreeBSD, NetBSD, ...
commit c75e4ad9b566e47dec66d25988da4cee861c2357
Author: Mathieu Parent math.par...@gmail.com
Date: Tue Dec 6 22:26:42 2011 +0100
Add kFreeBSD support
---
Summary of changes:
common/{system_gnu.c = system_kfreebsd.c} |4 ++--
configure.ac |9 +
2 files changed, 11 insertions(+), 2 deletions(-)
copy common/{system_gnu.c = system_kfreebsd.c} (99%)
Changeset truncated at 500 lines:
diff --git a/common/system_gnu.c b/common/system_kfreebsd.c
similarity index 99%
copy from common/system_gnu.c
copy to common/system_kfreebsd.c
index 604bb48..a6cd148 100644
--- a/common/system_gnu.c
+++ b/common/system_kfreebsd.c
@@ -19,8 +19,8 @@
along with this program; if not, see http://www.gnu.org/licenses/.
- This file is a copy of 'common/system_linux.c' adapted for Hurd needs,
- and inspired by 'common/system_aix.c' for the pcap usage.
+ This file is a copy of 'common/system_linux.c' adapted for Hurd^W kFreeBSD
+ needs, and inspired by 'common/system_aix.c' for the pcap usage.
*/
#include includes.h
diff --git a/configure.ac b/configure.ac
index 9f54624..8a3bd7e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,6 +28,11 @@ case `uname` in
CTDB_SCSI_IO=
CTDB_PCAP_LDFLAGS=-lpcap
;;
+ GNU/kFreeBSD)
+CTDB_SYSTEM_OBJ=common/system_kfreebsd.o
+CTDB_SCSI_IO=
+CTDB_PCAP_LDFLAGS=-lpcap
+;;
GNU)
CTDB_SYSTEM_OBJ=common/system_gnu.o
CTDB_SCSI_IO=
@@ -80,6 +85,10 @@ AC_CHECK_HEADERS(pcp/pmapi.h pcp/impl.h pcp/pmda.h, [], [],
#endif
]])
+AC_CHECK_DECL([ETIME], [],[AC_DEFINE([ETIME], ETIMEDOUT, [ETIME on
non-supporting platforms])], [
+#include errno.h
+])
+
AC_CHECK_FUNCS(sched_setscheduler)
AC_CHECK_FUNCS(mlockall)
--
CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-160-g444a7ba
The branch, master has been updated
via 444a7bac4e9a854b06c1ad4cb36c2b58a72001fa (commit)
from ee3ef9004be8feeefa6e450eb5bb084cc6812370 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit 444a7bac4e9a854b06c1ad4cb36c2b58a72001fa
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Tue Jan 31 17:20:35 2012 +1100
Niceify the readonlyrecord API. Dont force clients to be exposed to the
featch_with_header function
We dont strictly need to force clients to use CTDB_FETCH_WITH_HEADER
instead of CTDB_FETCH when they ask for readonly records.
Have ctdbd internally remap this internally to FETCH_WITH_HEADER and map
the reply back to CTDB_FETCH_FUNC or CTDB_FETCH_WITH_HEADER_FUNC based on what
the client initially asked for.
This removes the need for the client to know about the
CTDB_FETCH_WITH_HEADER_FUNC function and simplifies the client code.
Clients that do not care what the header after the request is can just
continue using the old CTDB_FETCH_FUNC call and ctdbd will do all the difficult
stuff.
---
Summary of changes:
doc/readonlyrecords.txt |7 +--
libctdb/ctdb.c |8
server/ctdb_daemon.c| 40 ++--
3 files changed, 47 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/doc/readonlyrecords.txt b/doc/readonlyrecords.txt
index acdab2e..f8f1095 100644
--- a/doc/readonlyrecords.txt
+++ b/doc/readonlyrecords.txt
@@ -89,7 +89,10 @@ This new database is used for tracking delegations for the
records. A record in
This tracking database is lockless, using TDB_NOLOCK, and is only ever
accessed by the main ctdbd daemon.
The lockless nature and the fact that no other process ever access this TDB
means we are guranteed non-blocking access to records in the trcking database.
-The ctdb_call PDU is allocated with two new flags WANT_READONLY and
WITH_HEADER.
+The ctdb_call PDU is allocated with a new flags WANT_READONLY and possibly
also a new callid: CTDB_FETCH_WITH_HEADER_FUNC.
+This new function returns not only the record, as CTDB_FETCH_FUNC does, but
also returns the HEADER prepended to the record.
+This function is optional, clients that do not care what the header is can
continue using just CTDB_FETCH_FUNC
+
This first flag is used to explicitely requesting a read-only record from the
DMASTER/LMASTER.
The second flag is used to request that the fetch operation will return not
only the data for the record but also
the record header.
@@ -137,7 +140,7 @@ This will change to instead do
goto finished
else
unlock record
-ask ctdb for read-only copy (WANT_READONLY|WITH_HEADER)
+ask ctdb for read-only copy (WANT_READONLY[|WITH_HEADER])
if failed to get read-only copy (*A)
ask ctdb to migrate the record onto the node
goto try_again
diff --git a/libctdb/ctdb.c b/libctdb/ctdb.c
index 2f694a1..13ccf9e 100644
--- a/libctdb/ctdb.c
+++ b/libctdb/ctdb.c
@@ -832,13 +832,13 @@ static void readrecordlock_retry(struct ctdb_connection
*ctdb,
struct ctdb_reply_call *reply;
TDB_DATA data;
- /* OK, we've received reply to fetch-with-header migration */
- reply = unpack_reply_call(req, CTDB_FETCH_WITH_HEADER_FUNC);
+ /* OK, we've received reply to fetch migration */
+ reply = unpack_reply_call(req, CTDB_FETCH_FUNC);
if (!reply || reply-status != 0) {
if (reply) {
DEBUG(ctdb, LOG_ERR,
ctdb_readrecordlock_async(async):
- FETCH_WITH_HEADER_FUNC returned %i,
reply-status);
+ FETCH returned %i, reply-status);
}
lock-callback(lock-ctdb_db, NULL, tdb_null, private);
ctdb_request_free(req); /* Also frees lock. */
@@ -920,7 +920,7 @@ ctdb_readrecordlock_internal(struct ctdb_db *ctdb_db,
TDB_DATA key,
req-hdr.call-flags = CTDB_IMMEDIATE_MIGRATION;
}
req-hdr.call-db_id = ctdb_db-id;
- req-hdr.call-callid = CTDB_FETCH_WITH_HEADER_FUNC;
+ req-hdr.call-callid = CTDB_FETCH_FUNC;
req-hdr.call-hopcount = 0;
req-hdr.call-keylen = key.dsize;
req-hdr.call-calldatalen = 0;
diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c
index 69488df..53f47d6 100644
--- a/server/ctdb_daemon.c
+++ b/server/ctdb_daemon.c
@@ -311,6 +311,10 @@ struct daemon_call_state {
uint32_t reqid;
struct ctdb_call *call;
struct timeval start_time;
+
+ /* readonly request ? */
+ uint32_t readonly_fetch;
+ uint32_t client_callid;
};
/*
@@ -339,6 +343,16 @@ static void
