[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ffdd0a8 s3-kerberos: also try with AES keys, when decrypting tickets. via a176370 s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key(). via bad5239 samba: check for AES encryption type defines. from 8ba1bdf s3:winbind: BUG 9386: Failover if netlogon pipe is not available. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ffdd0a86ac9cb5fbee67d27958b65872873a009b Author: Günther Deschner g...@samba.org Date: Tue Nov 13 16:23:52 2012 +0100 s3-kerberos: also try with AES keys, when decrypting tickets. Guenther The last 3 patches address bug #9272 - net ads join does not provide AES keys in host keytab. commit a176370f3e245221b9b9ccaa0fae8ecac8594d1c Author: Günther Deschner g...@samba.org Date: Tue Nov 13 15:11:08 2012 +0100 s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key(). Guenther commit bad52390260caa31eabe7c1b2334c56088447909 Author: Günther Deschner g...@samba.org Date: Thu Dec 15 17:50:33 2011 +0100 samba: check for AES encryption type defines. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104 --- Summary of changes: source3/configure.in | 21 + source3/libads/kerberos_verify.c |6 ++ source3/libsmb/cliconnect.c |4 +++- source3/wscript |2 ++ 4 files changed, 32 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 014d844..2018a6e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4156,6 +4156,27 @@ if test x$with_ads_support != xno; then found_arcfour_hmac=yes fi + AC_CACHE_CHECK([for ENCTYPE_AES128_CTS_HMAC_SHA1_96], + samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96,[ +AC_TRY_COMPILE([#include krb5.h], + [krb5_enctype enctype; enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;], + samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96=yes, + samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96=no)]) + if test x$samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = xyes; then +AC_DEFINE(HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96,1, + [Whether the ENCTYPE_AES128_CTS_HMAC_SHA1_96 key type definition is available]) + fi + AC_CACHE_CHECK([for ENCTYPE_AES256_CTS_HMAC_SHA1_96], + samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96,[ +AC_TRY_COMPILE([#include krb5.h], + [krb5_enctype enctype; enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;], + samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96=yes, + samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96=no)]) + if test x$samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = xyes; then +AC_DEFINE(HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96,1, + [Whether the ENCTYPE_AES256_CTS_HMAC_SHA1_96 key type definition is available]) + fi + AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY], samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[ AC_TRY_COMPILE([#include krb5.h], diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index d4c68cd..56daf8f 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -344,6 +344,12 @@ static krb5_error_code ads_secrets_verify_ticket(krb5_context context, /* Let's make some room for 2 password (old and new)*/ krb5_data passwords[2]; krb5_enctype enctypes[] = { +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +#endif +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +#endif ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index f03219b..8653ba7 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -94,7 +94,9 @@ static NTSTATUS smb_bytes_talloc_string(struct cli_state *cli, static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB session_key) { - cli-user_session_key = data_blob(session_key.data, session_key.length); + cli-user_session_key = data_blob(NULL, 16); + data_blob_clear(cli-user_session_key); + memcpy(cli-user_session_key.data, session_key.data, MIN(session_key.length, 16)); } / diff --git a/source3/wscript b/source3/wscript index 1ea3559..b40848d 100644 --- a/source3/wscript +++ b/source3/wscript @@ -661,6 +661,8 @@ krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''', conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e2eb914 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. from ffdd0a8 s3-kerberos: also try with AES keys, when decrypting tickets. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e2eb914cb986e28e412863553010795bff8ac3e1 Author: Jeremy Allison j...@samba.org Date: Thu Nov 8 13:45:19 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of -w-, which violates the principle that the owner of a file/directory can always read. --- Summary of changes: source3/smbd/posix_acls.c | 14 ++ 1 files changed, 10 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 22ad40f..8d6e7ec 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1372,7 +1372,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl !is_default_acl) { + if (setting_acl) { + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ apply_default_perms(params, is_directory, pace, S_IRUSR); } got_user = True; @@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, pace-perms = pace_other-perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 92292ac Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. from 9a8d7ab docs-xml: fix use of smbconfoption tag (fix bug #9345) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 92292ac55144521824610a5d4b09f8dc1ff19a8a Author: Jeremy Allison j...@samba.org Date: Thu Nov 8 13:45:19 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of -w-, which violates the principle that the owner of a file/directory can always read. --- Summary of changes: source3/smbd/posix_acls.c | 14 ++ 1 files changed, 10 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 646efa4..65a77d4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1359,7 +1359,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl !is_default_acl) { + if (setting_acl) { + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ apply_default_perms(params, is_directory, pace, S_IRUSR); } got_user = True; @@ -1439,9 +1443,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, pace-perms = pace_other-perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. via f40de48 s4-dns: Fix format string vulnerability in an error message (bug #9354) via 5296386 lib/ldb: add missing newline in the output of ldb_ldif_write_trace() from e46a6cd s3:winbind: BUG 9386: Failover if netlogon pipe is not available. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ce8beb781f7456e53262bd331ab3fbb8a100356b Author: Jeremy Allison j...@samba.org Date: Thu Nov 8 17:08:01 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of -w-, which violates the principle that the owner of a file/directory can always read. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Nov 15 11:17:55 CET 2012 on sn-devel-104 commit f40de482dac07db30e3b702d6853f5c8381e47c3 Author: Amitay Isaacs ami...@gmail.com Date: Mon Nov 5 01:09:28 2012 +1100 s4-dns: Fix format string vulnerability in an error message (bug #9354) Also, fixes few comments. Thanks to Bruno Rohée br...@rohee.org for reporting and patch fix. Signed-off-by: Amitay Isaacs ami...@gmail.com Reviewed-By: Kai Blin k...@samba.org Autobuild-User(master): Amitay Isaacs ami...@samba.org Autobuild-Date(master): Sun Nov 4 16:58:13 CET 2012 on sn-devel-104 (cherry picked from commit 1f55865f2830d0fa36a3f4eeb846f66940b133cd) commit 52963866a2e6527bbb093bbdb840b8c3f2cae9ad Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 12 11:42:52 2012 +0100 lib/ldb: add missing newline in the output of ldb_ldif_write_trace() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Nov 13 13:53:31 CET 2012 on sn-devel-104 Fix bug #9385 - add missing newline in the output of ldb_ldif_write_trace(). --- Summary of changes: lib/ldb/common/ldb_ldif.c |2 +- source3/smbd/posix_acls.c | 14 ++ source4/dns_server/dlz_bind9.c |9 + 3 files changed, 16 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c index 419906b..a2e4488 100644 --- a/lib/ldb/common/ldb_ldif.c +++ b/lib/ldb/common/ldb_ldif.c @@ -333,7 +333,7 @@ static int ldb_ldif_write_trace(struct ldb_context *ldb, if (in_trace secret_attributes ldb_attr_in_list(secret_attributes, msg-elements[i].name)) { /* Deliberatly skip printing this password */ - ret = fprintf_fn(private_data, # %s::: REDACTED SECRET ATTRIBUTE, + ret = fprintf_fn(private_data, # %s::: REDACTED SECRET ATTRIBUTE\n, msg-elements[i].name); CHECK_RET; continue; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d437b28..5ce3bf3 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1369,7 +1369,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - if (setting_acl !is_default_acl) { + if (setting_acl) { + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ apply_default_perms(params, is_directory, pace, S_IRUSR); } pace_user = pace; @@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, pace-perms = pace_other-perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 364a70c lib/replace: replace all *printf function if we replace snprintf (bug #9390) via c0d91f8 libreplace: Fix symbol names for snprintf/asprintf/vasprintf. from e2eb914 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 364a70cc4d5aea4006ceb3dde97779242afa328c Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 13 14:07:11 2012 +0100 lib/replace: replace all *printf function if we replace snprintf (bug #9390) This fixes segfaults in log level = 10 on Solaris. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104 (cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52) commit c0d91f8cdfd99286644b57b02d6b5517774081de Author: Jelmer Vernooij jel...@samba.org Date: Sun May 13 03:21:34 2012 +0200 libreplace: Fix symbol names for snprintf/asprintf/vasprintf. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104 (cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e) --- Summary of changes: lib/replace/replace.c |4 ++-- lib/replace/replace.h | 42 ++ lib/replace/snprintf.c | 17 - 3 files changed, 40 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/replace.c b/lib/replace/replace.c index d9a96ff..83fa6b3 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -750,7 +750,7 @@ void *rep_memmem(const void *haystack, size_t haystacklen, } #endif -#ifndef HAVE_VDPRINTF +#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_vdprintf(int fd, const char *format, va_list ap) { char *s = NULL; @@ -767,7 +767,7 @@ int rep_vdprintf(int fd, const char *format, va_list ap) } #endif -#ifndef HAVE_DPRINTF +#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_dprintf(int fd, const char *format, ...) { int ret; diff --git a/lib/replace/replace.h b/lib/replace/replace.h index c47cf1c..926ccc7 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -355,16 +355,6 @@ int rep_dlclose(void *handle); /* prototype is in system/network.h */ #endif -#ifndef HAVE_VDPRINTF -#define vdprintf rep_vdprintf -int rep_vdprintf(int fd, const char *format, va_list ap); -#endif - -#ifndef HAVE_DPRINTF -#define dprintf rep_dprintf -int rep_dprintf(int fd, const char *format, ...); -#endif - #ifndef PRINTF_ATTRIBUTE #if (__GNUC__ = 3) (__GNUC_MINOR__ = 1 ) /** Use gcc attribute to check printf fns. a1 is the 1-based index of @@ -385,7 +375,17 @@ int rep_dprintf(int fd, const char *format, ...); #endif #endif -#ifndef HAVE_VASPRINTF +#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF) +#define vdprintf rep_vdprintf +int rep_vdprintf(int fd, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0); +#endif + +#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF) +#define dprintf rep_dprintf +int rep_dprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3); +#endif + +#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF) #define vasprintf rep_vasprintf int rep_vasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0); #endif @@ -400,11 +400,29 @@ int rep_snprintf(char *,size_t ,const char *, ...) PRINTF_ATTRIBUTE(3,4); int rep_vsnprintf(char *,size_t ,const char *, va_list ap) PRINTF_ATTRIBUTE(3,0); #endif -#ifndef HAVE_ASPRINTF +#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF) #define asprintf rep_asprintf int rep_asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3); #endif +#if !defined(HAVE_C99_VSNPRINTF) +#ifdef REPLACE_BROKEN_PRINTF +/* + * We do not redefine printf by default + * as it breaks the build if system headers + * use __attribute__((format(printf, 3, 0))) + * instead of __attribute__((format(__printf__, 3, 0))) + */ +#define printf rep_printf +#endif +int rep_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2); +#endif + +#if !defined(HAVE_C99_VSNPRINTF) +#define fprintf rep_fprintf +int rep_fprintf(FILE *stream, const char *, ...) PRINTF_ATTRIBUTE(2,3); +#endif + #ifndef HAVE_VSYSLOG #ifdef HAVE_SYSLOG #define vsyslog rep_vsyslog diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c index bca7742..6b4a711 100644 --- a/lib/replace/snprintf.c +++ b/lib/replace/snprintf.c @@ -1187,7 +1187,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list, return max; } - int vsnprintf (char *str, size_t count, const char *fmt, va_list args) +
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 05f151c lib/replace: replace all *printf function if we replace snprintf (bug #9390) via 27405fb libreplace: Fix symbol names for snprintf/asprintf/vasprintf. via fa16d0e libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from commit a599319d0a389ff0c31dae8068cd7a78352aa9e7) via 4bf8dc4 libreplace: added replacements for dprintf() and vdprintf() via 4205779 libreplace: some systems don't have memmem() from 92292ac Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 05f151c041e407514c1b35619b2f2454aa4d614b Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 13 14:07:11 2012 +0100 lib/replace: replace all *printf function if we replace snprintf (bug #9390) This fixes segfaults in log level = 10 on Solaris. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104 (cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52) The last 5 patches address bug #9390 - Solaris printf doesn't allow %s, NULL. commit 27405fb8cfaa56f3a39cdcd2fd635fd37af629f9 Author: Jelmer Vernooij jel...@samba.org Date: Sun May 13 03:21:34 2012 +0200 libreplace: Fix symbol names for snprintf/asprintf/vasprintf. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104 (cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e) commit fa16d0e4c2329fad8edde5a5e8d626a90caba6d9 Author: Andrew Tridgell tri...@freebsd.home.tridgell.net Date: Wed Mar 24 05:06:25 2010 +1100 libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from commit a599319d0a389ff0c31dae8068cd7a78352aa9e7) commit 4bf8dc438318e06ee96dc1b60848700739e7 Author: Andrew Tridgell tri...@samba.org Date: Thu Feb 11 20:18:50 2010 +1100 libreplace: added replacements for dprintf() and vdprintf() these are very useful for writing files with formatted writes Pair-Programmed-With: Andrew Bartlett abart...@samba.org (cherry picked from commit d6fb64c51244529388b1f79ba8220ff608e1e4de) commit 42057793ebb3ccdc4e63f59753bca8dd677e9748 Author: Andrew Tridgell tri...@samba.org Date: Sat Jan 2 10:01:11 2010 +1100 libreplace: some systems don't have memmem() added rep_memmem() and a testsuite (cherry picked from commit fef3c910da421e890925e5e61275fc457da87f6e) --- Summary of changes: lib/replace/libreplace.m4|4 ++- lib/replace/replace.c| 54 ++ lib/replace/replace.h| 38 - lib/replace/snprintf.c | 17 ++--- lib/replace/test/testsuite.c | 37 5 files changed, 138 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index af85879..7a26deb 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -108,7 +108,7 @@ AC_CHECK_HEADERS(unix.h) AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid wait4 strlcpy strlcat initgroups memmove strdup) -AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2) +AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2 dprintf vdprintf) AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath) AC_HAVE_DECL(setresuid, [#include unistd.h]) AC_HAVE_DECL(setresgid, [#include unistd.h]) @@ -228,6 +228,8 @@ AC_HAVE_DECL(environ, [#include unistd.h]) AC_CHECK_FUNCS(strnlen) AC_CHECK_FUNCS(strtoull __strtoull strtouq strtoll __strtoll strtoq) +AC_CHECK_FUNCS(memmem) + # this test disabled as we don't actually need __VA_ARGS__ yet AC_TRY_CPP([ #define eprintf(...) fprintf(stderr, __VA_ARGS__) diff --git a/lib/replace/replace.c b/lib/replace/replace.c index fc15717..85d0e36 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -681,3 +681,57 @@ char *rep_realpath(const char *path, char *resolved_path) return NULL; } #endif + + +#ifndef HAVE_MEMMEM +void *rep_memmem(const void *haystack, size_t haystacklen, +const void *needle, size_t needlelen) +{ + if (needlelen == 0) { + return discard_const(haystack); + } + while (haystacklen = needlelen) { + char *p = memchr(haystack, *(const char *)needle, +haystacklen-(needlelen-1)); +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 3f5b4ed lib/replace: replace all *printf function if we replace snprintf (bug #9390) from ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 3f5b4ed6bdce39f5730fd9acb69e9b03debda7be Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 13 14:07:11 2012 +0100 lib/replace: replace all *printf function if we replace snprintf (bug #9390) This fixes segfaults in log level = 10 on Solaris. Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104 (cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Nov 15 13:41:55 CET 2012 on sn-devel-104 --- Summary of changes: lib/replace/replace.c |4 ++-- lib/replace/replace.h | 42 ++ lib/replace/snprintf.c |5 ++--- 3 files changed, 34 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/replace.c b/lib/replace/replace.c index e461471..7ee5f4b 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -741,7 +741,7 @@ void *rep_memmem(const void *haystack, size_t haystacklen, } #endif -#ifndef HAVE_VDPRINTF +#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_vdprintf(int fd, const char *format, va_list ap) { char *s = NULL; @@ -758,7 +758,7 @@ int rep_vdprintf(int fd, const char *format, va_list ap) } #endif -#ifndef HAVE_DPRINTF +#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_dprintf(int fd, const char *format, ...) { int ret; diff --git a/lib/replace/replace.h b/lib/replace/replace.h index bbea0fc..cb412c2 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -376,16 +376,6 @@ int rep_dlclose(void *handle); /* prototype is in system/network.h */ #endif -#ifndef HAVE_VDPRINTF -#define vdprintf rep_vdprintf -int rep_vdprintf(int fd, const char *format, va_list ap); -#endif - -#ifndef HAVE_DPRINTF -#define dprintf rep_dprintf -int rep_dprintf(int fd, const char *format, ...); -#endif - #ifndef PRINTF_ATTRIBUTE #if (__GNUC__ = 3) (__GNUC_MINOR__ = 1 ) /** Use gcc attribute to check printf fns. a1 is the 1-based index of @@ -406,7 +396,17 @@ int rep_dprintf(int fd, const char *format, ...); #endif #endif -#ifndef HAVE_VASPRINTF +#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF) +#define vdprintf rep_vdprintf +int rep_vdprintf(int fd, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0); +#endif + +#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF) +#define dprintf rep_dprintf +int rep_dprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3); +#endif + +#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF) #define vasprintf rep_vasprintf int rep_vasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0); #endif @@ -421,11 +421,29 @@ int rep_snprintf(char *,size_t ,const char *, ...) PRINTF_ATTRIBUTE(3,4); int rep_vsnprintf(char *,size_t ,const char *, va_list ap) PRINTF_ATTRIBUTE(3,0); #endif -#ifndef HAVE_ASPRINTF +#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF) #define asprintf rep_asprintf int rep_asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3); #endif +#if !defined(HAVE_C99_VSNPRINTF) +#ifdef REPLACE_BROKEN_PRINTF +/* + * We do not redefine printf by default + * as it breaks the build if system headers + * use __attribute__((format(printf, 3, 0))) + * instead of __attribute__((format(__printf__, 3, 0))) + */ +#define printf rep_printf +#endif +int rep_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2); +#endif + +#if !defined(HAVE_C99_VSNPRINTF) +#define fprintf rep_fprintf +int rep_fprintf(FILE *stream, const char *, ...) PRINTF_ATTRIBUTE(2,3); +#endif + #ifndef HAVE_VSYSLOG #ifdef HAVE_SYSLOG #define vsyslog rep_vsyslog diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c index 877d2a1..6b4a711 100644 --- a/lib/replace/snprintf.c +++ b/lib/replace/snprintf.c @@ -1256,7 +1256,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list, #endif -#ifndef HAVE_VASPRINTF +#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_vasprintf(char **ptr, const char *format, va_list ap) { int ret; @@ -1278,8 +1278,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list, } #endif - -#ifndef HAVE_ASPRINTF +#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF) int rep_asprintf(char **ptr, const char *format, ...) { va_list ap; --
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cf1540b Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. from 4ed7803 popt_common: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cf1540b73714fac6b25de5942cbd821e5f4f6ffc Author: Jeremy Allison j...@samba.org Date: Tue Nov 13 11:22:15 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend. An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of -w-, which violates the principle that the owner of a file/directory can always read. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104 --- Summary of changes: source3/smbd/posix_acls.c | 17 ++--- 1 files changed, 10 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index b8e0d4a..bca5304 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1431,10 +1431,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace-next) { if (pace-type == SMB_ACL_USER_OBJ) { - - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ + apply_default_perms(params, is_directory, pace, S_IRUSR); pace_user = pace; } else if (pace-type == SMB_ACL_GROUP_OBJ) { @@ -1515,9 +1516,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn, pace-perms = pace_other-perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* +* Ensure we have default parameters for the +* user (owner) even on default ACLs. +*/ + apply_default_perms(params, is_directory, pace, S_IRUSR); DLIST_ADD(*pp_ace, pace); pace_user = pace; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ace0909 s4:samba-tool: Fix samba-tool fsmo --role=schema via 256391c samba-tool: Add new samba-tool gpo aclcheck and test from cf1540b Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ace0909b88739338e948b9c1e98307f324bb7503 Author: Arvid Requate requ...@univention.de Date: Wed Nov 14 15:51:19 2012 +0100 s4:samba-tool: Fix samba-tool fsmo --role=schema Fix traceback: samba-tool fsmo --role=schema --force ERROR(type 'exceptions.TypeError'): uncaught exception - argument 2 must be string, not ldb.Dn File /usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 160, in run self.seize_role(role, samdb, force) File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 119, in seize_role m.dn = ldb.Dn(samdb, self.schema_dn) Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104 commit 256391c0faf4ff4d408821e3fe8cfe2eff44c043 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 19:36:28 2012 +1100 samba-tool: Add new samba-tool gpo aclcheck and test Reviewed-by: Jelmer Vernooij jel...@samba.org --- Summary of changes: source4/scripting/python/samba/netcmd/fsmo.py |2 +- source4/scripting/python/samba/netcmd/gpo.py | 63 .../scripting/python/samba/tests/samba_tool/gpo.py | 10 +++ 3 files changed, 74 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/netcmd/fsmo.py b/source4/scripting/python/samba/netcmd/fsmo.py index 15d1d49..c938c91 100644 --- a/source4/scripting/python/samba/netcmd/fsmo.py +++ b/source4/scripting/python/samba/netcmd/fsmo.py @@ -103,7 +103,7 @@ all=all of the above), domain_dn = samdb.domain_dn() self.infrastructure_dn = CN=Infrastructure, + domain_dn self.naming_dn = CN=Partitions,%s % samdb.get_config_basedn() -self.schema_dn = samdb.get_schema_basedn() +self.schema_dn = str(samdb.get_schema_basedn()) self.rid_dn = CN=RID Manager$,CN=System, + domain_dn m = ldb.Message() diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 347231b..f70317a 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -1072,6 +1072,68 @@ class cmd_del(Command): self.outf.write(GPO %s deleted.\n % gpo) +class cmd_aclcheck(Command): +Check all GPOs have matching LDAP and DS ACLs. + +synopsis = %prog [options] + +takes_optiongroups = { +sambaopts: options.SambaOptions, +versionopts: options.VersionOptions, +credopts: options.CredentialsOptions, +} + +takes_options = [ +Option(-H, --URL, help=LDB URL for database or target server, type=str, + metavar=URL, dest=H) +] + +def run(self, H=None, sambaopts=None, credopts=None, versionopts=None): + +self.lp = sambaopts.get_loadparm() +self.creds = credopts.get_credentials(self.lp, fallback_machine=True) + +self.url = dc_url(self.lp, self.creds, H) + +# We need to know writable DC to setup SMB connection +if H and H.startswith('ldap://'): +dc_hostname = H[7:] +self.url = H +else: +dc_hostname = netcmd_finddc(self.lp, self.creds) +self.url = dc_url(self.lp, self.creds, dc=dc_hostname) + +samdb_connect(self) + +msg = get_gpo_info(self.samdb, None) + +for m in msg: +# verify UNC path +unc = m['gPCFileSysPath'][0] +try: +[dom_name, service, sharepath] = parse_unc(unc) +except ValueError: +raise CommandError(Invalid GPO path (%s) % unc) + +# SMB connect to DC +try: +conn = smb.SMB(dc_hostname, service, lp=self.lp, creds=self.creds) +except Exception: +raise CommandError(Error connecting to '%s' using SMB % dc_hostname) + +fs_sd = conn.get_acl(sharepath, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL, security.SEC_FLAG_MAXIMUM_ALLOWED) + +ds_sd_ndr = m['ntSecurityDescriptor'][0] +ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl() + +# Create a file system security descriptor +domain_sid =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d7cab97 s3:param: make init_locals() static. via 3fc2c03 s3-param: Handle setting default AD DC per-share settings in init_locals() from ace0909 s4:samba-tool: Fix samba-tool fsmo --role=schema http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d7cab973fc3213ff777bff519eb001ae7d1c1bdc Author: Michael Adam ob...@samba.org Date: Fri Nov 16 01:00:21 2012 +0100 s3:param: make init_locals() static. it is only used in loadparm.c Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104 commit 3fc2c03ea3dcc36778e92115a0dbca42531bd4dd Author: Andrew Bartlett abart...@samba.org Date: Fri Nov 16 10:30:44 2012 +1100 s3-param: Handle setting default AD DC per-share settings in init_locals() This function is helpfully called between when we finish processing the globals and when we start processing the individual shares. This means that the vfs objects and other per-share settings we specify here become the defaults for (eg) [netlogon] and [sysvol] but the admin can override these on a per-share basis or (as we must in make test) for the whole server. This broke setting and fetching of group policy objects from Windows clients, since this setting was moved from fileserver.conf in 8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make test' because we have to override the vfs objects to insert the xattr_tdb and fake_acl modules. Andrew Bartlett Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: source3/include/proto.h |1 - source3/param/loadparm.c | 58 ++ 2 files changed, 38 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 5f3d937..bcecde9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1408,7 +1408,6 @@ void *lp_local_ptr_by_snum(int snum, struct parm_struct *parm); bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue); bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue); bool lp_set_option(const char *option); -void init_locals(void); bool lp_is_default(int snum, struct parm_struct *parm); bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal); struct parm_struct *lp_get_parameter(const char *param_name); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 12cb8db..8ad0fc9 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -3469,12 +3469,41 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2) } /*** - Initialize any local varients in the sDefault table. + Initialize any local variables in the sDefault table, after parsing a + [globals] section. ***/ -void init_locals(void) +static void init_locals(void) { - /* None as yet. */ + /* +* We run this check once the [globals] is parsed, to force +* the VFS objects and other per-share settings we need for +* the standard way a AD DC is operated. We may change these +* as our code evolves, which is why we force these settings. +* +* We can't do this at the end of lp_load_ex(), as by that +* point the services have been loaded and they will already +* have as their vfs objects. +*/ + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { + const char **vfs_objects = lp_vfs_objects(-1); + if (!vfs_objects || !vfs_objects[0]) { + if (lp_parm_const_string(-1, xattr_tdb, file, NULL)) { + lp_do_parameter(-1, vfs objects, dfs_samba4 acl_xattr xattr_tdb); + } else if (lp_parm_const_string(-1, posix, eadb, NULL)) { + lp_do_parameter(-1, vfs objects, dfs_samba4 acl_xattr posix_eadb); + } else { + lp_do_parameter(-1, vfs objects, dfs_samba4 acl_xattr); + } + } + + lp_do_parameter(-1, map hidden, no); + lp_do_parameter(-1, map system, no); + lp_do_parameter(-1, map readonly, no); + lp_do_parameter(-1, store dos attributes, yes); + lp_do_parameter(-1, create mask, 0777); + lp_do_parameter(-1, directory mask, 0777); + } }
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba3.stderr http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba.stderr http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba.stdout The top commit at the time of the failure was: commit d7cab973fc3213ff777bff519eb001ae7d1c1bdc Author: Michael Adam ob...@samba.org Date: Fri Nov 16 01:00:21 2012 +0100 s3:param: make init_locals() static. it is only used in loadparm.c Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104