autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-10-0833/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-10-0833/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-10-0833/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-10-0833/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-10-0833/samba.stdout The top commit at the time of the failure was: commit 615951e4e77353547d91fb217b1861877540bde7 Author: Jeremy Allison Date: Tue Oct 9 12:46:57 2012 -0700 Make sure the returned sd is on the right context, and if not it's always freed. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Oct 9 23:35:50 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 615951e Make sure the returned sd is on the right context, and if not it's always freed. via 5afabdc9 Move setting of psd->dacl->revision and protect against null SD's. from f88ab17 docs: Add '-V' to the list of options. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 615951e4e77353547d91fb217b1861877540bde7 Author: Jeremy Allison Date: Tue Oct 9 12:46:57 2012 -0700 Make sure the returned sd is on the right context, and if not it's always freed. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Oct 9 23:35:50 CEST 2012 on sn-devel-104 commit 5afabdc976d5ba1fd21dcdede85657b618fb6b76 Author: Jeremy Allison Date: Tue Oct 9 12:45:30 2012 -0700 Move setting of psd->dacl->revision and protect against null SD's. --- Summary of changes: source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 2d34b9b..982b0b4 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -2197,6 +2197,10 @@ WERROR _srvsvc_NetGetFileSecurity(struct pipes_struct *p, goto error_exit; } + if (psd && psd->dacl) { + psd->dacl->revision = NT4_ACL_REVISION; + } + sd_size = ndr_size_security_descriptor(psd, 0); sd_buf = talloc_zero(p->mem_ctx, struct sec_desc_buf); @@ -2206,12 +2210,10 @@ WERROR _srvsvc_NetGetFileSecurity(struct pipes_struct *p, } sd_buf->sd_size = sd_size; - sd_buf->sd = psd; + sd_buf->sd = talloc_move(p->mem_ctx, &psd); *r->out.sd_buf = sd_buf; - psd->dacl->revision = NT4_ACL_REVISION; - close_file(NULL, fsp, NORMAL_CLOSE); vfs_ChDir(conn, oldcwd); SMB_VFS_DISCONNECT(conn); @@ -2235,6 +2237,8 @@ error_exit: } done: + + TALLOC_FREE(psd); TALLOC_FREE(smb_fname); return werr; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f88ab17 docs: Add '-V' to the list of options. via f9a4a9b samba-tool: Some more unifications... from 66018ea packaging: Add config for systemd-tmpfiles. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f88ab17993e22a9c368017d54da437c057e371ca Author: Karolin Seeger Date: Tue Oct 9 11:56:19 2012 +0200 docs: Add '-V' to the list of options. Karolin Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Oct 9 18:53:12 CEST 2012 on sn-devel-104 commit f9a4a9bfe11c1551b490a0bd12fb6904b4a6542b Author: Karolin Seeger Date: Tue Oct 9 11:53:21 2012 +0200 samba-tool: Some more unifications... in the usage message. Karolin --- Summary of changes: docs-xml/manpages/samba-tool.8.xml |2 +- .../scripting/python/samba/netcmd/delegation.py|2 +- source4/scripting/python/samba/netcmd/domain.py|2 +- source4/scripting/python/samba/netcmd/drs.py |2 +- source4/scripting/python/samba/netcmd/dsacl.py |2 +- source4/scripting/python/samba/netcmd/fsmo.py |2 +- source4/scripting/python/samba/netcmd/gpo.py |2 +- source4/scripting/python/samba/netcmd/group.py |2 +- source4/scripting/python/samba/netcmd/ldapcmp.py |2 +- source4/scripting/python/samba/netcmd/ntacl.py |2 +- source4/scripting/python/samba/netcmd/rodc.py |2 +- source4/scripting/python/samba/netcmd/sites.py |2 +- source4/scripting/python/samba/netcmd/spn.py |2 +- source4/scripting/python/samba/netcmd/time.py |2 +- source4/scripting/python/samba/netcmd/user.py |2 +- source4/scripting/python/samba/netcmd/vampire.py |2 +- 16 files changed, 16 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index c312ff0..a8f2afe 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -124,7 +124,7 @@ - --version + -V|--version Display version number diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 14182b2..47dffb0 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -253,7 +253,7 @@ class cmd_delegation_del_service(Command): class cmd_delegation(SuperCommand): -"""Delegation management""" +"""Delegation management.""" subcommands = {} subcommands["show"] = cmd_delegation_show() diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 67732b1..6e3f35a 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -1331,7 +1331,7 @@ class cmd_domain_samba3upgrade(cmd_domain_classicupgrade): class cmd_domain(SuperCommand): -"""Domain management""" +"""Domain management.""" subcommands = {} subcommands["demote"] = cmd_domain_demote() diff --git a/source4/scripting/python/samba/netcmd/drs.py b/source4/scripting/python/samba/netcmd/drs.py index fc71b69..074b7af 100644 --- a/source4/scripting/python/samba/netcmd/drs.py +++ b/source4/scripting/python/samba/netcmd/drs.py @@ -501,7 +501,7 @@ class cmd_drs_options(Command): class cmd_drs(SuperCommand): -"""Directory Replication Services (DRS) management""" +"""Directory Replication Services (DRS) management.""" subcommands = {} subcommands["bind"] = cmd_drs_bind() diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py index 36b0938..28aa843 100644 --- a/source4/scripting/python/samba/netcmd/dsacl.py +++ b/source4/scripting/python/samba/netcmd/dsacl.py @@ -176,7 +176,7 @@ class cmd_dsacl_set(Command): class cmd_dsacl(SuperCommand): -"""DS ACLs manipulation""" +"""DS ACLs manipulation.""" subcommands = {} subcommands["set"] = cmd_dsacl_set() diff --git a/source4/scripting/python/samba/netcmd/fsmo.py b/source4/scripting/python/samba/netcmd/fsmo.py index 71d9879..15d1d49 100644 --- a/source4/scripting/python/samba/netcmd/fsmo.py +++ b/source4/scripting/python/samba/netcmd/fsmo.py @@ -269,7 +269,7 @@ all=all of the above"""), class cmd_fsmo(SuperCommand): -"""Flexible Single Master Operations (FSMO) roles management""" +"""Flexible Single Master Operations (FSMO) roles management.""" subcommands = {} subcommands["seize"] = cmd_fsmo_seize() diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 412e736..53bfcaa 100644 ---
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 66018ea packaging: Add config for systemd-tmpfiles. from 2f0753b samba-tool: skip chown in sysvolreset when it would fail on a GID http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 66018ea4fbe290cad6aef54454c1f0703f0dff40 Author: Andreas Schneider Date: Tue Oct 9 14:25:29 2012 +0200 packaging: Add config for systemd-tmpfiles. Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Oct 9 17:10:53 CEST 2012 on sn-devel-104 --- Summary of changes: packaging/systemd/README | 14 ++ packaging/systemd/samba.conf.tmp |1 + 2 files changed, 15 insertions(+), 0 deletions(-) create mode 100644 packaging/systemd/README create mode 100644 packaging/systemd/samba.conf.tmp Changeset truncated at 500 lines: diff --git a/packaging/systemd/README b/packaging/systemd/README new file mode 100644 index 000..c185b2c --- /dev/null +++ b/packaging/systemd/README @@ -0,0 +1,14 @@ +With systemd the /run or /var/run are tmpfs filesystems. This means +the direcories required by samba need to be created during startup. +This can be done with a config file for tmpfiles, see samba.conf.tmp. +You need to copy this file to the directoy systemd-tmpfiles is looking +for its config files e.g.: + +install -d -m 0755 /etc/tmpfiles.d/ +install -m644 samba.conf.tmp /etc/tmpfiles.d/samba.conf + +If you're a packager don't forget to run the systemd-tmpfiles binary +in the script after samba has been installed. This makes sure the +directory exists and you can start samba directly after the installation. + +/usr/bin/systemd-tmpfiles --create /etc/tmpfiles.d/samba.conf diff --git a/packaging/systemd/samba.conf.tmp b/packaging/systemd/samba.conf.tmp new file mode 100644 index 000..8a29577 --- /dev/null +++ b/packaging/systemd/samba.conf.tmp @@ -0,0 +1 @@ +d /var/run/samba 755 root root -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f0753b samba-tool: skip chown in sysvolreset when it would fail on a GID from 1c35c22 s3: Pass down smb_filename to smbacl4_fill_ace4 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f0753b456c4d9b4eb52f128a83c8ba19adde160 Author: Andrew Bartlett Date: Fri Oct 5 10:19:17 2012 +1000 samba-tool: skip chown in sysvolreset when it would fail on a GID This skips the chown of the files if (for example) the domain Admins group were to own the file and not be able to because the group maps only to a GID. This essentially papers over the problem, but may be enough to get us past the Samba 4.0 release. Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Oct 9 15:24:44 CEST 2012 on sn-devel-104 --- Summary of changes: source4/scripting/python/samba/ntacls.py | 37 ++- .../scripting/python/samba/provision/__init__.py | 24 +++-- 2 files changed, 48 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 2108a64..44cbbe9 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -21,7 +21,7 @@ import os import samba.xattr_native, samba.xattr_tdb, samba.posix_eadb -from samba.dcerpc import security, xattr +from samba.dcerpc import security, xattr, idmap from samba.ndr import ndr_pack, ndr_unpack from samba.samba3 import smbd @@ -82,10 +82,43 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) -def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True): +def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None): sid = security.dom_sid(domsid) sd = security.descriptor.from_sddl(sddl, sid) +if not use_ntvfs and skip_invalid_chown: +# Check if the owner can be resolved as a UID +(owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) +if ((owner_type != idmap.ID_TYPE_UID) and (owner_type != idmap.ID_TYPE_BOTH)): +# Check if this particular owner SID was domain admins, +# because we special-case this as mapping to +# 'administrator' instead. +if sd.owner_sid == security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINS)): +administrator = security.dom_sid("%s-%d" % (domsid, security.DOMAIN_RID_ADMINISTRATOR)) +(admin_id, admin_type) = passdb.sid_to_id(administrator) + +# Confirm we have a UID for administrator +if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)): + +# Set it, changing the owner to 'administrator' rather than domain admins +sd2 = security.descriptor.from_sddl(sddl, sid) +sd2.owner_sid = administrator + +smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) + +# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set +use_ntvfs = True +else: +raise XattrBackendError("Unable to find UID for domain administrator %s, got id %d of type %d" % (administrator, admin_id, admin_type)) +else: +# For all other owning users, reset the owner to root +# and then set the ACL without changing the owner +# +# This won't work in test environments, as it tries a real (rather than xattr-based fake) chown + +os.chown(file, 0, 0) +smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) + if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) ntacl = xattr.NTACL() diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d5d57d2..9966192 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1365,18 +1365,18 @@ SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)" -def set_dir_acl(path, acl, lp, domsid, use_ntvf
[SCM] CTDB repository - branch master updated - ctdb-1.13-276-gc4f5a58
The branch, master has been updated via c4f5a58471b206e2287c7958c7f29c1f1c0626ac (commit) via 06dfd13604d08910e07cbf927c338d7b9fce9a2f (commit) from 212298279557a2833ef0f81809b4a5cdac72ca02 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit c4f5a58471b206e2287c7958c7f29c1f1c0626ac Author: Volker Lendecke Date: Tue Oct 9 11:39:58 2012 +0200 Correct include for ctdb_protocol.h With an old ctdb_protocol.h installed under /usr/local, ctdb will not compile because the <> form of include will find the header under /usr/local commit 06dfd13604d08910e07cbf927c338d7b9fce9a2f Author: Amitay Isaacs Date: Thu Sep 20 17:10:34 2012 +1000 Revert "when creating/adding a public ip, set the initial interface to be the first interface specified" This reverts commit 4308935ba48ac7a29e7523315acf580019715f0f. This fixes 16_ctdb_config_add_ip.sh test when run against local daemons. When running against local daemons, if the interface is assigned as soon as an IP is added, then takeover would never assign this IP address. Signed-off-by: Amitay Isaacs --- Summary of changes: include/ctdb_client.h |2 +- server/ctdb_takeover.c |3 --- 2 files changed, 1 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb_client.h b/include/ctdb_client.h index c14a395..9f0589f 100644 --- a/include/ctdb_client.h +++ b/include/ctdb_client.h @@ -19,7 +19,7 @@ #ifndef _CTDB_CLIENT_H #define _CTDB_CLIENT_H -#include +#include "ctdb_protocol.h" enum control_state {CTDB_CONTROL_WAIT, CTDB_CONTROL_DONE, CTDB_CONTROL_ERROR, CTDB_CONTROL_TIMEOUT}; diff --git a/server/ctdb_takeover.c b/server/ctdb_takeover.c index 40bf4bc..775bb06 100644 --- a/server/ctdb_takeover.c +++ b/server/ctdb_takeover.c @@ -956,9 +956,6 @@ static int ctdb_add_public_address(struct ctdb_context *ctdb, talloc_free(vnn); return -1; } - if (i == 0) { - vnn->iface = ctdb_find_iface(ctdb, vnn->ifaces[i]); - } } DLIST_ADD(ctdb->vnn, vnn); -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c35c22 s3: Pass down smb_filename to smbacl4_fill_ace4 from e65a24b s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c35c22e62253835e1c82fd44fe8532f6e79dbb9 Author: Volker Lendecke Date: Tue Oct 9 09:41:41 2012 +0200 s3: Pass down smb_filename to smbacl4_fill_ace4 A full fsp is a bit overkill here Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104 --- Summary of changes: source3/modules/nfs4_acls.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index b4fd514..05f90f7 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -574,7 +574,7 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special( static bool smbacl4_fill_ace4( TALLOC_CTX *mem_ctx, - const files_struct *fsp, + const struct smb_filename *filename, smbacl4_vfs_params *params, uid_t ownerUID, gid_t ownerGID, @@ -582,7 +582,6 @@ static bool smbacl4_fill_ace4( SMB_ACE4PROP_T *ace_v4 /* output */ ) { - const char *filename = fsp->fsp_name->base_name; DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee))); memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T)); @@ -594,8 +593,8 @@ static bool smbacl4_fill_ace4( ace_nt->flags); /* remove inheritance flags on files */ - if (VALID_STAT(fsp->fsp_name->st) && - !S_ISDIR(fsp->fsp_name->st.st_ex_mode)) { + if (VALID_STAT(filename->st) && + !S_ISDIR(filename->st.st_ex_mode)) { DEBUG(10, ("Removing inheritance flags from a file\n")); ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE| SMB_ACE4_DIRECTORY_INHERIT_ACE| @@ -641,7 +640,8 @@ static bool smbacl4_fill_ace4( } } else { DEBUG(1, ("nfs4_acls.c: file [%s]: could not " - "convert %s to uid or gid\n", filename, + "convert %s to uid or gid\n", + filename->base_name, sid_string_dbg(&ace_nt->trustee))); return False; } @@ -707,7 +707,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( SMB_ACE4PROP_T ace_v4; booladdNewACE = True; - if (!smbacl4_fill_ace4(mem_ctx, fsp, pparams, + if (!smbacl4_fill_ace4(mem_ctx, fsp->fsp_name, pparams, ownerUID, ownerGID, dacl->aces + i, &ace_v4)) { DEBUG(3, ("Could not fill ace for file %s, SID %s\n", -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a6a95d8 libreplace: Bug 8107, Fix poll replacement to become a msleep replacement via 4dbf408 replace: add some includes for poll.h via 26e9783 pam_winbind: match more return codes when wbcGetPwnam has failed. via fbeda97 Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. via 6a8b5fe s3fs-printing: Fix RAW printing for normal users. via 938b037 s3: Add two tests a CLEAR_IF_FIRST crash via 4c968fc tdb: Make tdb robust against improper CLEAR_IF_FIRST restart via cb2f7c9 tdb: Make robust against shrinking tdbs from 566e450 s4-dns: fix a warning http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a6a95d8636303d56d468511bddc05ac0c069b963 Author: Joachim Schmitz Date: Mon Sep 17 05:26:31 2012 -0700 libreplace: Bug 8107, Fix poll replacement to become a msleep replacement Signed-off-by: Jeremy Allison (cherry picked from commit 7542b63188f7e73588c9abb40e36a910c87bc534) Autobuild-User(v4-0-test): Karolin Seeger Autobuild-Date(v4-0-test): Tue Oct 9 12:14:55 CEST 2012 on sn-devel-104 commit 4dbf40814d59c81af2501c5a789d2359af45c498 Author: Björn Jacke Date: Sun Sep 16 02:21:39 2012 +0200 replace: add some includes for poll.h See bug #8107 Autobuild-User(master): Björn Jacke Autobuild-Date(master): Sun Sep 16 04:05:08 CEST 2012 on sn-devel-104 (cherry picked from commit 520c9b0b0ae33e6e8fb78034cfff685f5491aab3) (cherry picked from commit ea96d79e21a549204a7f64307059ea877bfb9fd5) commit 26e97836a589cb51ff71a5214bbe97c2c1ba7c03 Author: Günther Deschner Date: Wed Sep 19 10:59:50 2012 +0200 pam_winbind: match more return codes when wbcGetPwnam has failed. This is required to properly return PAM_USER_UNKNOWN in case winbind had a problem. Guenther Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104 (cherry picked from commit 98d90c02f0961d173bebb9901c7ad0819827f96e) Fix bug #9177 - pam_winbind's pm_sm_acct_mgmt needs to return PAM_USER_UNKNOWN. commit fbeda97a2ebcdd4dab5871958ee0e76778530dc8 Author: Jeremy Allison Date: Wed Oct 3 12:58:00 2012 -0700 Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. Signing cannot be disabled for SMB2 by design, so fix the documentation instead. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Oct 3 23:47:23 CEST 2012 on sn-devel-104 (cherry picked from commit fe38a93c71d0adc0be1d43b438ac3b54eaf4ba53) commit 6a8b5fe4695f17aa52b72c05385bee2d35926720 Author: Andreas Schneider Date: Mon Oct 8 12:32:49 2012 +0200 s3fs-printing: Fix RAW printing for normal users. This fixes bug #8769. Signed-off-by: Andreas Schneider commit 938b037795608cd055026af7d8d8459263451551 Author: Volker Lendecke Date: Tue Oct 2 15:44:41 2012 +0200 s3: Add two tests a CLEAR_IF_FIRST crash Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Sat Oct 6 17:16:39 CEST 2012 on sn-devel-104 Signed-off-by: Jeremy Allison The last 3 patches address bug #9268 - Make tdb robust against improper CLEAR_IF_FIRST restart. commit 4c968fcc93e412f7a896737f5048daa8976bf8cb Author: Volker Lendecke Date: Tue Oct 2 15:26:14 2012 +0200 tdb: Make tdb robust against improper CLEAR_IF_FIRST restart When winbind is restarted, there is a potential crash in tdb. Following situation: We are in a cluster with ctdb. A winbind child hangs in a request to the DC. Cluster monitoring decides the node has a problem. Cluster monitoring decides to kill ctdbd. winbind child still hangs in a RPC request. winbind parent figures that ctdb is dead and immediately commits suicide. winbind parent is restarted by cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The CLEAR_IF_FIRST logic as implemented now will not see that a child still has the tdb open, only the parent holds the ACTIVE_LOCK due to performance reasons. During the CLEAR_IF_FIRST logic is done, there is a very small window where we ftruncate(tfd, 0) the file and re-write a proper header without a lock. When during this small window the winbind child comes back, wanting to store something into gencache.tdb, that winbind child will crash with a SIGBUS. Sounds unlikely? See: [2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic) PANIC (pid 1814517): internal error [2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace) BACKTRACE: 35 stack frames: #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a] #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b] #2 wi
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6b4169a libreplace: Bug 8107, Fix poll replacement to become a msleep replacement via 757dc4d replace: add some includes for poll.h from 1bc9a20 Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6b4169a75fb3180dec1f57b0eb39312ca82cd1ac Author: Joachim Schmitz Date: Mon Sep 17 05:26:31 2012 -0700 libreplace: Bug 8107, Fix poll replacement to become a msleep replacement Signed-off-by: Jeremy Allison (cherry picked from commit 7542b63188f7e73588c9abb40e36a910c87bc534) commit 757dc4d753275d42b8dbf2710290b3dbfb9f3cda Author: Björn Jacke Date: Sun Sep 16 02:21:39 2012 +0200 replace: add some includes for poll.h See bug #8107 Autobuild-User(master): Björn Jacke Autobuild-Date(master): Sun Sep 16 04:05:08 CEST 2012 on sn-devel-104 (cherry picked from commit 520c9b0b0ae33e6e8fb78034cfff685f5491aab3) (cherry picked from commit ea96d79e21a549204a7f64307059ea877bfb9fd5) --- Summary of changes: lib/replace/poll.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/poll.c b/lib/replace/poll.c index e41548d..1105617 100644 --- a/lib/replace/poll.c +++ b/lib/replace/poll.c @@ -30,6 +30,12 @@ #include "replace.h" #include "system/select.h" +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_SYS_IOCTL_H +#include +#endif int rep_poll(struct pollfd *fds, nfds_t nfds, int timeout) @@ -40,7 +46,7 @@ int rep_poll(struct pollfd *fds, nfds_t nfds, int timeout) int rc; nfds_t i; - if (fds == NULL) { + if ((fds == NULL) && (nfds != 0)) { errno = EFAULT; return -1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 1bc9a20 Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. from aecb5a6 s3fs-printing: Fix RAW printing for normal users. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 1bc9a208337b50e5ee566060799b3b17d8ed95e3 Author: Jeremy Allison Date: Wed Oct 3 12:58:00 2012 -0700 Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. Signing cannot be disabled for SMB2 by design, so fix the documentation instead. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Oct 3 23:47:23 CEST 2012 on sn-devel-104 (cherry picked from commit fe38a93c71d0adc0be1d43b438ac3b54eaf4ba53) --- Summary of changes: docs-xml/smbdotconf/security/serversigning.xml | 17 +++-- 1 files changed, 11 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml index ea21a2c..0aced5d 100644 --- a/docs-xml/smbdotconf/security/serversigning.xml +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -5,14 +5,19 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";> -This controls whether the client is allowed or required to use SMB signing. Possible values -are auto, mandatory -and disabled. +This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values +are auto, mandatory +and disabled. -When set to auto, SMB signing is offered, but not enforced. -When set to mandatory, SMB signing is required and if set - to disabled, SMB signing is not offered either. +When set to auto, SMB1 signing is offered, but not enforced. +When set to mandatory, SMB1 signing is required and if set +to disabled, SMB signing is not offered either. + +For the SMB2 protocol, by design, signing cannot be disabled. In the case +where SMB2 is negotiated, if this parameter is set to disabled, +it will be treated as auto. Setting it to mandatory +will still require SMB2 clients to use signing. Disabled -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via aecb5a6 s3fs-printing: Fix RAW printing for normal users. from 493f3a0 s3: Add two tests a CLEAR_IF_FIRST crash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit aecb5a61a378bdfa97cf621f408c9921c6e042ad Author: Andreas Schneider Date: Mon Oct 8 12:32:49 2012 +0200 s3fs-printing: Fix RAW printing for normal users. This fixes bug #8769. Signed-off-by: Andreas Schneider --- Summary of changes: source3/printing/printspoolss.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c index 23464d5..b3ca287 100644 --- a/source3/printing/printspoolss.c +++ b/source3/printing/printspoolss.c @@ -144,7 +144,7 @@ NTSTATUS print_spool_open(files_struct *fsp, status = dcerpc_spoolss_OpenPrinter(b, pf, pf->svcname, "RAW", devmode_ctr, - SEC_FLAG_MAXIMUM_ALLOWED, + PRINTER_ACCESS_USE, &pf->handle, &werr); if (!NT_STATUS_IS_OK(status)) { goto done; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 493f3a0 s3: Add two tests a CLEAR_IF_FIRST crash via 15a3dfb tdb: Make tdb robust against improper CLEAR_IF_FIRST restart via e7e86fc tdb: Make robust against shrinking tdbs from ac7d976 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. (cherry picked from commit 6575d1d34fee45c7a965c7c9641cc52b566a9e7f) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 493f3a0e84a4bbeb8bac68dc28988c54b1619317 Author: Volker Lendecke Date: Mon Oct 8 12:25:49 2012 -0700 s3: Add two tests a CLEAR_IF_FIRST crash The last 3 patches address bug #9268 - Make tdb robust against improper CLEAR_IF_FIRST restart. commit 15a3dfbc15de1e214e9aee57d7d83de60fe747bd Author: Volker Lendecke Date: Mon Oct 8 12:02:43 2012 -0700 tdb: Make tdb robust against improper CLEAR_IF_FIRST restart When winbind is restarted, there is a potential crash in tdb. Following situation: We are in a cluster with ctdb. A winbind child hangs in a request to the DC. Cluster monitoring decides the node has a problem. Cluster monitoring decides to kill ctdbd. winbind child still hangs in a RPC request. winbind parent figures that ctdb is dead and immediately commits suicide. winbind parent is restarted by cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The CLEAR_IF_FIRST logic as implemented now will not see that a child still has the tdb open, only the parent holds the ACTIVE_LOCK due to performance reasons. During the CLEAR_IF_FIRST logic is done, there is a very small window where we ftruncate(tfd, 0) the file and re-write a proper header without a lock. When during this small window the winbind child comes back, wanting to store something into gencache.tdb, that winbind child will crash with a SIGBUS. Sounds unlikely? See: [2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic) PANIC (pid 1814517): internal error [2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace) BACKTRACE: 35 stack frames: #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a] #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b] #2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4] #3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900] #4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355] #5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76] #6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37] #7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d] #8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700] #9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505] #10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7] #11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633] #12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449] #13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3] #14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e] #15 winbindd(saf_delete+0x93) [0x7feb7d54b693] #16 winbindd(+0xe507e) [0x7feb7d3fc07e] #17 winbindd(+0xe85e5) [0x7feb7d3ff5e5] #18 winbindd(+0xe65be) [0x7feb7d3fd5be] #19 winbindd(+0xe7562) [0x7feb7d3fe562] #20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be] #21 winbindd(+0xe75d9) [0x7feb7d3fe5d9] #22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658] #23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991] #24 winbindd(+0x103175) [0x7feb7d41a175] #25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7] #26 winbindd(+0xf8609) [0x7feb7d40f609] #27 winbindd(+0xf9075) [0x7feb7d410075] #28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198] #29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc] #30 winbindd(+0x1c2b52) [0x7feb7d4d9b52] #31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60] #32 winbindd(main+0x7b3) [0x7feb7d3e7aa3] #33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd] #34 winbindd(+0xce2a9) [0x7feb7d3e52a9] This is in a winbind child, logfiles surrounding indicate the parent was restarted. This patch takes all chain locks around the CLEAR_IF_FIRST introduced tdb_new_database. commit e7e86fcb929e7b8e7d879349d5f7f9422126a3a2 Author: Rusty Russell Date: Mon Oct 8 11:56:47 2012 -0700 tdb: Make robust against shrinking tdbs When probing for a size change (eg. just before tdb_expand, tdb_check, tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately this does nothing if the tdb has actually shrunk, which as Volker demonstrated, can actually happen if a "longlived" parent cr