[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 56d5cb9 s3-winbind: don't try to do clever thing if the username is not found while authenticating through winbind via 7350d99 s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member from 959d13a s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 56d5cb938651b9c67a8400d1adc61a23889a6a29 Author: Matthieu Patou m...@matws.net Date: Mon Jan 30 00:05:08 2012 -0800 s3-winbind: don't try to do clever thing if the username is not found while authenticating through winbind This could cause that we authenticate a user with a bogus domain to winbind's domain if the password supplied for the PAM_AUTH match. The problem was reported by Jeff Venable (jvena...@juniper.net). Patch from Andrew Bartlett (abartl...@samba.org). Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104 commit 7350d994096efa62031f4f75cf92fb4ade2b2655 Author: Matthieu Patou m...@matws.net Date: Sun Jan 29 22:12:40 2012 -0800 s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member This means that if we authentify for BOGUS\administrator in AD domain FOREST with samba being domain member with the netbiosname MEMBER then BOGUS\administrator will be mapped to MEMBER\administrator if the password match. --- Summary of changes: source3/winbindd/winbindd_pam.c |3 ++- source4/selftest/tests.py |1 + testprogs/blackbox/bogus.sh | 20 3 files changed, 23 insertions(+), 1 deletions(-) create mode 100755 testprogs/blackbox/bogus.sh Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 41f38a4..93034ad 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1079,7 +1079,8 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain, DEBUG(3, (Authentication for domain for [%s] - [%s]\\[%s] failed as %s is not a trusted domain\n, state-request-data.auth.user, name_domain, name_user, name_domain)); - contact_domain = find_our_domain(); + result = NT_STATUS_NO_SUCH_USER; + goto done; } } diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 82f0ae9..ccc899b 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -367,6 +367,7 @@ for mech in [ plansmbtorturetestsuite('base.xcopy', plugin_s4_dc, ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], samba4.%s administrator % name) +plantestsuite(samba4.blackbox.bogusdomain, s3member, [testprogs/blackbox/bogus.sh, $NETBIOSNAME, xcopy_share, '$DC_USERNAME', '$DC_PASSWORD'], allow_empty_output=True) for mech in [ -k no, -k no --option=usespnego=no, diff --git a/testprogs/blackbox/bogus.sh b/testprogs/blackbox/bogus.sh new file mode 100755 index 000..019957b --- /dev/null +++ b/testprogs/blackbox/bogus.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if [ $# -lt 1 ]; then +cat EOF +Usage: blackbox_newuser.sh PREFIX +EOF +exit 1; +fi + +. `dirname $0`/subunit.sh + +SERVER=$1 +SHARE=$2 +USER=$3 +PWD=$4 +smbclient=$BINDIR/smbclient +testit_expect_failure smbclient $smbclient //$SERVER/$SHARE -W POUET -U$USER%$PWD -c dir failed=`expr $failed + 1` +./bin/net rpc user add $USER $PWD -W $SERVER -U$USER%$PWD -S $SERVER +testit smbclient $smbclient //$SERVER/$SHARE -W POUET -U$USER%$PWD -c dir|| failed=`expr $failed + 1` +exit $failed -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ec70cd9 WHATSNEW: Start release notes for Samba 3.6.4. via d154a74 VERSION: Bump version up to 3.6.4. from 9646202 s3-smbd: Fix bug #8724. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ec70cd9cb9c82ef7be8e5450a2844ff0011f0169 Author: Karolin Seeger ksee...@samba.org Date: Mon Jan 30 20:38:38 2012 +0100 WHATSNEW: Start release notes for Samba 3.6.4. Karolin commit d154a74f8fd8c6085beaac9f1adf20ef015d8b22 Author: Karolin Seeger ksee...@samba.org Date: Mon Jan 30 20:36:14 2012 +0100 VERSION: Bump version up to 3.6.4. Karolin --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2868320..92754cf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ = + Release Notes for Samba 3.6.4 + , 2012 + = + + +This is the latest stable release of Samba 3.6. + +Major enhancements in Samba 3.6.4 include: + +o + +Changes since 3.6.3: + + + +o Jeremy Allison j...@samba.org + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + = Release Notes for Samba 3.6.3 January 29, 2012 = @@ -44,8 +85,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + = Release Notes for Samba 3.6.2 diff --git a/source3/VERSION b/source3/VERSION index f496624..eb036f7 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e86ad41 Fix for bug #8727 - smbclient fails with posix large reads. from ec70cd9 WHATSNEW: Start release notes for Samba 3.6.4. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e86ad41af9d50265cab7cfdabdacb40bb4d3acc0 Author: Andrew Bartlett abart...@samba.org Date: Fri Jan 27 16:03:55 2012 -0800 Fix for bug #8727 - smbclient fails with posix large reads. s3-libsmb Do not limit read replies to NBT packet sizes With the posix extensions, we can read 16MB at a time, so we need to check the full size of the packet, not the size rounded down to the old NBT limit. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/libsmb/clireadwrite.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 215e1d3..83531a5 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -215,7 +215,7 @@ static void cli_read_andx_done(struct tevent_req *subreq) state-buf = (uint8_t *)smb_base(inbuf) + SVAL(vwv+6, 0); - if (trans_oob(smb_len(inbuf), SVAL(vwv+6, 0), state-received) + if (trans_oob(smb_len_large(inbuf), SVAL(vwv+6, 0), state-received) || ((state-received != 0) (state-buf bytes))) { DEBUG(5, (server returned invalid readx data offset\n)); tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 3394bbf s3-libsmb Do not limit read replies to NBT packet sizes from f0c4e96 Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 3394bbf45dd219dc0293809fe2c50ad3ab7cede6 Author: Andrew Bartlett abart...@samba.org Date: Fri Jan 27 13:53:34 2012 +1100 s3-libsmb Do not limit read replies to NBT packet sizes With the posix extensions, we can read 16MB at a time, so we need to check the full size of the packet, not the size rounded down to the old NBT limit. Andrew Bartlett Fix bug #8727 (smbclient fails with posix large reads). --- Summary of changes: source3/libsmb/clireadwrite.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 53ecacc..724c846 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -199,7 +199,7 @@ static void cli_read_andx_done(struct tevent_req *subreq) inbuf = cli_smb_inbuf(subreq); state-buf = (uint8_t *)smb_base(inbuf) + SVAL(vwv+6, 0); - if (trans_oob(smb_len(inbuf), SVAL(vwv+6, 0), state-received) + if (trans_oob(smb_len_large(inbuf), SVAL(vwv+6, 0), state-received) || ((state-received != 0) (state-buf bytes))) { DEBUG(5, (server returned invalid readx data offset\n)); tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1fdc96e Fix bug #8139 - smbclient fails if server does not support Echo request. from 56d5cb9 s3-winbind: don't try to do clever thing if the username is not found while authenticating through winbind http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1fdc96ecaff8ca12e9aa0082527468ad4242a8a9 Author: Jeremy Allison j...@samba.org Date: Mon Jan 30 14:13:47 2012 -0800 Fix bug #8139 - smbclient fails if server does not support Echo request. Based on work by Matthias Scheler t...@netbsd.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue Jan 31 00:47:19 CET 2012 on sn-devel-104 --- Summary of changes: source3/client/client.c |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index 4b7df92..9b36ff7 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -5032,11 +5032,15 @@ static void readline_callback(void) /* Ping the server to keep the connection alive using SMBecho. */ memset(garbage, 0xf0, sizeof(garbage)); status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage))); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN) || + NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE) || + NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { DEBUG(0, (SMBecho failed (%s). Maybe server has closed the connection\n, nt_errstr(status))); finished = true; smb_readline_done(); + /* Ignore all other errors - sometimes servers simply + don't implement SMBecho (Apple for example). */ } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bfa951d s4-s3-upgrade: Check if there are duplicate sids for users and groups via 449ca75 s4-s3-upgrade: Use lowercase hostname as hostname for provision from 1fdc96e Fix bug #8139 - smbclient fails if server does not support Echo request. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bfa951db975417facda3e92d9b1075616e6c7581 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jan 30 12:13:28 2012 +1100 s4-s3-upgrade: Check if there are duplicate sids for users and groups Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104 commit 449ca7575904e4ed78f2696bb16cef5143761bbc Author: Amitay Isaacs ami...@gmail.com Date: Tue Dec 6 14:43:45 2011 +1100 s4-s3-upgrade: Use lowercase hostname as hostname for provision --- Summary of changes: source4/scripting/python/samba/upgrade.py |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 3a42860..850035b 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -617,7 +617,11 @@ Please fix this account before attempting to upgrade again # Check for same user sid/group sid group_sids = set([str(g.sid) for g in grouplist]) +if len(grouplist) != len(group_sids): +raise ProvisioningError(Please remove duplicate group sid entries before upgrade.) user_sids = set([%s-%u % (domainsid, u['rid']) for u in userlist]) +if len(userlist) != len(user_sids): +raise ProvisioningError(Please remove duplicate user sid entries before upgrade.) common_sids = group_sids.intersection(user_sids) if common_sids: logger.error(Following sids are both user and group sids:) @@ -636,7 +640,7 @@ Please fix this account before attempting to upgrade again domainsid=str(domainsid), next_rid=next_rid, dc_rid=machinerid, dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003, - hostname=netbiosname, machinepass=machinepass, + hostname=netbiosname.lower(), machinepass=machinepass, serverrole=serverrole, samdb_fill=FILL_FULL, useeadb=useeadb, dns_backend=dns_backend) -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-159-gee3ef90
The branch, master has been updated via ee3ef9004be8feeefa6e450eb5bb084cc6812370 (commit) via c75e4ad9b566e47dec66d25988da4cee861c2357 (commit) from 488de939b78125ac38822760102e05298a5e70c5 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit ee3ef9004be8feeefa6e450eb5bb084cc6812370 Author: Mathieu Parent math.par...@gmail.com Date: Tue Dec 6 22:24:26 2011 +0100 Define ETIME on non-supporting platforms e.g. kFreeBSD, NetBSD, ... commit c75e4ad9b566e47dec66d25988da4cee861c2357 Author: Mathieu Parent math.par...@gmail.com Date: Tue Dec 6 22:26:42 2011 +0100 Add kFreeBSD support --- Summary of changes: common/{system_gnu.c = system_kfreebsd.c} |4 ++-- configure.ac |9 + 2 files changed, 11 insertions(+), 2 deletions(-) copy common/{system_gnu.c = system_kfreebsd.c} (99%) Changeset truncated at 500 lines: diff --git a/common/system_gnu.c b/common/system_kfreebsd.c similarity index 99% copy from common/system_gnu.c copy to common/system_kfreebsd.c index 604bb48..a6cd148 100644 --- a/common/system_gnu.c +++ b/common/system_kfreebsd.c @@ -19,8 +19,8 @@ along with this program; if not, see http://www.gnu.org/licenses/. - This file is a copy of 'common/system_linux.c' adapted for Hurd needs, - and inspired by 'common/system_aix.c' for the pcap usage. + This file is a copy of 'common/system_linux.c' adapted for Hurd^W kFreeBSD + needs, and inspired by 'common/system_aix.c' for the pcap usage. */ #include includes.h diff --git a/configure.ac b/configure.ac index 9f54624..8a3bd7e 100644 --- a/configure.ac +++ b/configure.ac @@ -28,6 +28,11 @@ case `uname` in CTDB_SCSI_IO= CTDB_PCAP_LDFLAGS=-lpcap ;; + GNU/kFreeBSD) +CTDB_SYSTEM_OBJ=common/system_kfreebsd.o +CTDB_SCSI_IO= +CTDB_PCAP_LDFLAGS=-lpcap +;; GNU) CTDB_SYSTEM_OBJ=common/system_gnu.o CTDB_SCSI_IO= @@ -80,6 +85,10 @@ AC_CHECK_HEADERS(pcp/pmapi.h pcp/impl.h pcp/pmda.h, [], [], #endif ]]) +AC_CHECK_DECL([ETIME], [],[AC_DEFINE([ETIME], ETIMEDOUT, [ETIME on non-supporting platforms])], [ +#include errno.h +]) + AC_CHECK_FUNCS(sched_setscheduler) AC_CHECK_FUNCS(mlockall) -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-160-g444a7ba
The branch, master has been updated via 444a7bac4e9a854b06c1ad4cb36c2b58a72001fa (commit) from ee3ef9004be8feeefa6e450eb5bb084cc6812370 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 444a7bac4e9a854b06c1ad4cb36c2b58a72001fa Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Jan 31 17:20:35 2012 +1100 Niceify the readonlyrecord API. Dont force clients to be exposed to the featch_with_header function We dont strictly need to force clients to use CTDB_FETCH_WITH_HEADER instead of CTDB_FETCH when they ask for readonly records. Have ctdbd internally remap this internally to FETCH_WITH_HEADER and map the reply back to CTDB_FETCH_FUNC or CTDB_FETCH_WITH_HEADER_FUNC based on what the client initially asked for. This removes the need for the client to know about the CTDB_FETCH_WITH_HEADER_FUNC function and simplifies the client code. Clients that do not care what the header after the request is can just continue using the old CTDB_FETCH_FUNC call and ctdbd will do all the difficult stuff. --- Summary of changes: doc/readonlyrecords.txt |7 +-- libctdb/ctdb.c |8 server/ctdb_daemon.c| 40 ++-- 3 files changed, 47 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/doc/readonlyrecords.txt b/doc/readonlyrecords.txt index acdab2e..f8f1095 100644 --- a/doc/readonlyrecords.txt +++ b/doc/readonlyrecords.txt @@ -89,7 +89,10 @@ This new database is used for tracking delegations for the records. A record in This tracking database is lockless, using TDB_NOLOCK, and is only ever accessed by the main ctdbd daemon. The lockless nature and the fact that no other process ever access this TDB means we are guranteed non-blocking access to records in the trcking database. -The ctdb_call PDU is allocated with two new flags WANT_READONLY and WITH_HEADER. +The ctdb_call PDU is allocated with a new flags WANT_READONLY and possibly also a new callid: CTDB_FETCH_WITH_HEADER_FUNC. +This new function returns not only the record, as CTDB_FETCH_FUNC does, but also returns the HEADER prepended to the record. +This function is optional, clients that do not care what the header is can continue using just CTDB_FETCH_FUNC + This first flag is used to explicitely requesting a read-only record from the DMASTER/LMASTER. The second flag is used to request that the fetch operation will return not only the data for the record but also the record header. @@ -137,7 +140,7 @@ This will change to instead do goto finished else unlock record -ask ctdb for read-only copy (WANT_READONLY|WITH_HEADER) +ask ctdb for read-only copy (WANT_READONLY[|WITH_HEADER]) if failed to get read-only copy (*A) ask ctdb to migrate the record onto the node goto try_again diff --git a/libctdb/ctdb.c b/libctdb/ctdb.c index 2f694a1..13ccf9e 100644 --- a/libctdb/ctdb.c +++ b/libctdb/ctdb.c @@ -832,13 +832,13 @@ static void readrecordlock_retry(struct ctdb_connection *ctdb, struct ctdb_reply_call *reply; TDB_DATA data; - /* OK, we've received reply to fetch-with-header migration */ - reply = unpack_reply_call(req, CTDB_FETCH_WITH_HEADER_FUNC); + /* OK, we've received reply to fetch migration */ + reply = unpack_reply_call(req, CTDB_FETCH_FUNC); if (!reply || reply-status != 0) { if (reply) { DEBUG(ctdb, LOG_ERR, ctdb_readrecordlock_async(async): - FETCH_WITH_HEADER_FUNC returned %i, reply-status); + FETCH returned %i, reply-status); } lock-callback(lock-ctdb_db, NULL, tdb_null, private); ctdb_request_free(req); /* Also frees lock. */ @@ -920,7 +920,7 @@ ctdb_readrecordlock_internal(struct ctdb_db *ctdb_db, TDB_DATA key, req-hdr.call-flags = CTDB_IMMEDIATE_MIGRATION; } req-hdr.call-db_id = ctdb_db-id; - req-hdr.call-callid = CTDB_FETCH_WITH_HEADER_FUNC; + req-hdr.call-callid = CTDB_FETCH_FUNC; req-hdr.call-hopcount = 0; req-hdr.call-keylen = key.dsize; req-hdr.call-calldatalen = 0; diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c index 69488df..53f47d6 100644 --- a/server/ctdb_daemon.c +++ b/server/ctdb_daemon.c @@ -311,6 +311,10 @@ struct daemon_call_state { uint32_t reqid; struct ctdb_call *call; struct timeval start_time; + + /* readonly request ? */ + uint32_t readonly_fetch; + uint32_t client_callid; }; /* @@ -339,6 +343,16 @@ static void