[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via ffdd0a8 s3-kerberos: also try with AES keys, when decrypting
tickets.
via a176370 s3-libsmb: make sure we copy at most 16 bytes in
cli_set_session_key().
via bad5239 samba: check for AES encryption type defines.
from 8ba1bdf s3:winbind: BUG 9386: Failover if netlogon pipe is not
available.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit ffdd0a86ac9cb5fbee67d27958b65872873a009b
Author: Günther Deschner g...@samba.org
Date: Tue Nov 13 16:23:52 2012 +0100
s3-kerberos: also try with AES keys, when decrypting tickets.
Guenther
The last 3 patches address bug #9272 - net ads join does not provide AES
keys
in host keytab.
commit a176370f3e245221b9b9ccaa0fae8ecac8594d1c
Author: Günther Deschner g...@samba.org
Date: Tue Nov 13 15:11:08 2012 +0100
s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key().
Guenther
commit bad52390260caa31eabe7c1b2334c56088447909
Author: Günther Deschner g...@samba.org
Date: Thu Dec 15 17:50:33 2011 +0100
samba: check for AES encryption type defines.
Guenther
Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104
---
Summary of changes:
source3/configure.in | 21 +
source3/libads/kerberos_verify.c |6 ++
source3/libsmb/cliconnect.c |4 +++-
source3/wscript |2 ++
4 files changed, 32 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 014d844..2018a6e 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -4156,6 +4156,27 @@ if test x$with_ads_support != xno; then
found_arcfour_hmac=yes
fi
+ AC_CACHE_CHECK([for ENCTYPE_AES128_CTS_HMAC_SHA1_96],
+ samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96,[
+AC_TRY_COMPILE([#include krb5.h],
+ [krb5_enctype enctype; enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;],
+ samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96=yes,
+ samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96=no)])
+ if test x$samba_cv_HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = xyes; then
+AC_DEFINE(HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96,1,
+ [Whether the ENCTYPE_AES128_CTS_HMAC_SHA1_96 key type definition
is available])
+ fi
+ AC_CACHE_CHECK([for ENCTYPE_AES256_CTS_HMAC_SHA1_96],
+ samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96,[
+AC_TRY_COMPILE([#include krb5.h],
+ [krb5_enctype enctype; enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;],
+ samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96=yes,
+ samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96=no)])
+ if test x$samba_cv_HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = xyes; then
+AC_DEFINE(HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96,1,
+ [Whether the ENCTYPE_AES256_CTS_HMAC_SHA1_96 key type definition
is available])
+ fi
+
AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY],
samba_cv_HAVE_AP_OPTS_USE_SUBKEY,[
AC_TRY_COMPILE([#include krb5.h],
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index d4c68cd..56daf8f 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -344,6 +344,12 @@ static krb5_error_code
ads_secrets_verify_ticket(krb5_context context,
/* Let's make some room for 2 password (old and new)*/
krb5_data passwords[2];
krb5_enctype enctypes[] = {
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
ENCTYPE_ARCFOUR_HMAC,
ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD5,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index f03219b..8653ba7 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -94,7 +94,9 @@ static NTSTATUS smb_bytes_talloc_string(struct cli_state *cli,
static void cli_set_session_key (struct cli_state *cli, const DATA_BLOB
session_key)
{
- cli-user_session_key = data_blob(session_key.data, session_key.length);
+ cli-user_session_key = data_blob(NULL, 16);
+ data_blob_clear(cli-user_session_key);
+ memcpy(cli-user_session_key.data, session_key.data,
MIN(session_key.length, 16));
}
/
diff --git a/source3/wscript b/source3/wscript
index 1ea3559..b40848d 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -661,6 +661,8 @@ krb5_get_credentials_for_user krb5_get_host_realm
krb5_free_host_realm''',
conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via e2eb914 Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
from ffdd0a8 s3-kerberos: also try with AES keys, when decrypting
tickets.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit e2eb914cb986e28e412863553010795bff8ac3e1
Author: Jeremy Allison j...@samba.org
Date: Thu Nov 8 13:45:19 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of -w-, which violates
the principle that the owner of a file/directory can always read.
---
Summary of changes:
source3/smbd/posix_acls.c | 14 ++
1 files changed, 10 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 22ad40f..8d6e7ec 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1372,7 +1372,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
for (pace = *pp_ace; pace; pace = pace-next) {
if (pace-type == SMB_ACL_USER_OBJ) {
- if (setting_acl !is_default_acl) {
+ if (setting_acl) {
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
apply_default_perms(params, is_directory, pace,
S_IRUSR);
}
got_user = True;
@@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
pace-perms = pace_other-perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
+ apply_default_perms(params, is_directory, pace,
S_IRUSR);
} else {
pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode,
S_IRUSR, S_IWUSR, S_IXUSR);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 92292ac Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
from 9a8d7ab docs-xml: fix use of smbconfoption tag (fix bug #9345)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 92292ac55144521824610a5d4b09f8dc1ff19a8a
Author: Jeremy Allison j...@samba.org
Date: Thu Nov 8 13:45:19 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of -w-, which violates
the principle that the owner of a file/directory can always read.
---
Summary of changes:
source3/smbd/posix_acls.c | 14 ++
1 files changed, 10 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 646efa4..65a77d4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1359,7 +1359,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
for (pace = *pp_ace; pace; pace = pace-next) {
if (pace-type == SMB_ACL_USER_OBJ) {
- if (setting_acl !is_default_acl) {
+ if (setting_acl) {
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
apply_default_perms(params, is_directory, pace,
S_IRUSR);
}
got_user = True;
@@ -1439,9 +1443,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace-perms = pace_other-perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
+ apply_default_perms(params, is_directory, pace,
S_IRUSR);
} else {
pace-perms = unix_perms_to_acl_perms(pst-st_ex_mode,
S_IRUSR, S_IWUSR, S_IXUSR);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
via f40de48 s4-dns: Fix format string vulnerability in an error message
(bug #9354)
via 5296386 lib/ldb: add missing newline in the output of
ldb_ldif_write_trace()
from e46a6cd s3:winbind: BUG 9386: Failover if netlogon pipe is not
available.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit ce8beb781f7456e53262bd331ab3fbb8a100356b
Author: Jeremy Allison j...@samba.org
Date: Thu Nov 8 17:08:01 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of -w-, which violates
the principle that the owner of a file/directory can always read.
Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Thu Nov 15 11:17:55 CET 2012 on sn-devel-104
commit f40de482dac07db30e3b702d6853f5c8381e47c3
Author: Amitay Isaacs ami...@gmail.com
Date: Mon Nov 5 01:09:28 2012 +1100
s4-dns: Fix format string vulnerability in an error message (bug #9354)
Also, fixes few comments.
Thanks to Bruno Rohée br...@rohee.org for reporting and patch fix.
Signed-off-by: Amitay Isaacs ami...@gmail.com
Reviewed-By: Kai Blin k...@samba.org
Autobuild-User(master): Amitay Isaacs ami...@samba.org
Autobuild-Date(master): Sun Nov 4 16:58:13 CET 2012 on sn-devel-104
(cherry picked from commit 1f55865f2830d0fa36a3f4eeb846f66940b133cd)
commit 52963866a2e6527bbb093bbdb840b8c3f2cae9ad
Author: Stefan Metzmacher me...@samba.org
Date: Mon Nov 12 11:42:52 2012 +0100
lib/ldb: add missing newline in the output of ldb_ldif_write_trace()
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org
Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Tue Nov 13 13:53:31 CET 2012 on sn-devel-104
Fix bug #9385 - add missing newline in the output of ldb_ldif_write_trace().
---
Summary of changes:
lib/ldb/common/ldb_ldif.c |2 +-
source3/smbd/posix_acls.c | 14 ++
source4/dns_server/dlz_bind9.c |9 +
3 files changed, 16 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 419906b..a2e4488 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -333,7 +333,7 @@ static int ldb_ldif_write_trace(struct ldb_context *ldb,
if (in_trace secret_attributes
ldb_attr_in_list(secret_attributes, msg-elements[i].name)) {
/* Deliberatly skip printing this password */
- ret = fprintf_fn(private_data, # %s::: REDACTED SECRET
ATTRIBUTE,
+ ret = fprintf_fn(private_data, # %s::: REDACTED SECRET
ATTRIBUTE\n,
msg-elements[i].name);
CHECK_RET;
continue;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index d437b28..5ce3bf3 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1369,7 +1369,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
for (pace = *pp_ace; pace; pace = pace-next) {
if (pace-type == SMB_ACL_USER_OBJ) {
- if (setting_acl !is_default_acl) {
+ if (setting_acl) {
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
apply_default_perms(params, is_directory, pace,
S_IRUSR);
}
pace_user = pace;
@@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct
*conn,
pace-perms = pace_other-perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
+
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 364a70c lib/replace: replace all *printf function if we replace
snprintf (bug #9390)
via c0d91f8 libreplace: Fix symbol names for
snprintf/asprintf/vasprintf.
from e2eb914 Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 364a70cc4d5aea4006ceb3dde97779242afa328c
Author: Stefan Metzmacher me...@samba.org
Date: Tue Nov 13 14:07:11 2012 +0100
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
This fixes segfaults in log level = 10 on Solaris.
Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Björn Jacke b...@sernet.de
Autobuild-User(master): Björn Jacke b...@sernet.de
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104
(cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52)
commit c0d91f8cdfd99286644b57b02d6b5517774081de
Author: Jelmer Vernooij jel...@samba.org
Date: Sun May 13 03:21:34 2012 +0200
libreplace: Fix symbol names for snprintf/asprintf/vasprintf.
Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104
(cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e)
---
Summary of changes:
lib/replace/replace.c |4 ++--
lib/replace/replace.h | 42 ++
lib/replace/snprintf.c | 17 -
3 files changed, 40 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index d9a96ff..83fa6b3 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -750,7 +750,7 @@ void *rep_memmem(const void *haystack, size_t haystacklen,
}
#endif
-#ifndef HAVE_VDPRINTF
+#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_vdprintf(int fd, const char *format, va_list ap)
{
char *s = NULL;
@@ -767,7 +767,7 @@ int rep_vdprintf(int fd, const char *format, va_list ap)
}
#endif
-#ifndef HAVE_DPRINTF
+#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_dprintf(int fd, const char *format, ...)
{
int ret;
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index c47cf1c..926ccc7 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -355,16 +355,6 @@ int rep_dlclose(void *handle);
/* prototype is in system/network.h */
#endif
-#ifndef HAVE_VDPRINTF
-#define vdprintf rep_vdprintf
-int rep_vdprintf(int fd, const char *format, va_list ap);
-#endif
-
-#ifndef HAVE_DPRINTF
-#define dprintf rep_dprintf
-int rep_dprintf(int fd, const char *format, ...);
-#endif
-
#ifndef PRINTF_ATTRIBUTE
#if (__GNUC__ = 3) (__GNUC_MINOR__ = 1 )
/** Use gcc attribute to check printf fns. a1 is the 1-based index of
@@ -385,7 +375,17 @@ int rep_dprintf(int fd, const char *format, ...);
#endif
#endif
-#ifndef HAVE_VASPRINTF
+#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+#define vdprintf rep_vdprintf
+int rep_vdprintf(int fd, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0);
+#endif
+
+#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+#define dprintf rep_dprintf
+int rep_dprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
+#endif
+
+#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
#define vasprintf rep_vasprintf
int rep_vasprintf(char **ptr, const char *format, va_list ap)
PRINTF_ATTRIBUTE(2,0);
#endif
@@ -400,11 +400,29 @@ int rep_snprintf(char *,size_t ,const char *, ...)
PRINTF_ATTRIBUTE(3,4);
int rep_vsnprintf(char *,size_t ,const char *, va_list ap)
PRINTF_ATTRIBUTE(3,0);
#endif
-#ifndef HAVE_ASPRINTF
+#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
#define asprintf rep_asprintf
int rep_asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3);
#endif
+#if !defined(HAVE_C99_VSNPRINTF)
+#ifdef REPLACE_BROKEN_PRINTF
+/*
+ * We do not redefine printf by default
+ * as it breaks the build if system headers
+ * use __attribute__((format(printf, 3, 0)))
+ * instead of __attribute__((format(__printf__, 3, 0)))
+ */
+#define printf rep_printf
+#endif
+int rep_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2);
+#endif
+
+#if !defined(HAVE_C99_VSNPRINTF)
+#define fprintf rep_fprintf
+int rep_fprintf(FILE *stream, const char *, ...) PRINTF_ATTRIBUTE(2,3);
+#endif
+
#ifndef HAVE_VSYSLOG
#ifdef HAVE_SYSLOG
#define vsyslog rep_vsyslog
diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index bca7742..6b4a711 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -1187,7 +1187,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list,
return max;
}
- int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
+
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 05f151c lib/replace: replace all *printf function if we replace
snprintf (bug #9390)
via 27405fb libreplace: Fix symbol names for
snprintf/asprintf/vasprintf.
via fa16d0e libreplace: fixed declaration of dprintf() on FreeBSD
(cherry picked from commit a599319d0a389ff0c31dae8068cd7a78352aa9e7)
via 4bf8dc4 libreplace: added replacements for dprintf() and vdprintf()
via 4205779 libreplace: some systems don't have memmem()
from 92292ac Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 05f151c041e407514c1b35619b2f2454aa4d614b
Author: Stefan Metzmacher me...@samba.org
Date: Tue Nov 13 14:07:11 2012 +0100
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
This fixes segfaults in log level = 10 on Solaris.
Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Björn Jacke b...@sernet.de
Autobuild-User(master): Björn Jacke b...@sernet.de
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104
(cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52)
The last 5 patches address bug #9390 - Solaris printf doesn't allow %s,
NULL.
commit 27405fb8cfaa56f3a39cdcd2fd635fd37af629f9
Author: Jelmer Vernooij jel...@samba.org
Date: Sun May 13 03:21:34 2012 +0200
libreplace: Fix symbol names for snprintf/asprintf/vasprintf.
Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104
(cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e)
commit fa16d0e4c2329fad8edde5a5e8d626a90caba6d9
Author: Andrew Tridgell tri...@freebsd.home.tridgell.net
Date: Wed Mar 24 05:06:25 2010 +1100
libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from
commit a599319d0a389ff0c31dae8068cd7a78352aa9e7)
commit 4bf8dc438318e06ee96dc1b60848700739e7
Author: Andrew Tridgell tri...@samba.org
Date: Thu Feb 11 20:18:50 2010 +1100
libreplace: added replacements for dprintf() and vdprintf()
these are very useful for writing files with formatted writes
Pair-Programmed-With: Andrew Bartlett abart...@samba.org
(cherry picked from commit d6fb64c51244529388b1f79ba8220ff608e1e4de)
commit 42057793ebb3ccdc4e63f59753bca8dd677e9748
Author: Andrew Tridgell tri...@samba.org
Date: Sat Jan 2 10:01:11 2010 +1100
libreplace: some systems don't have memmem()
added rep_memmem() and a testsuite
(cherry picked from commit fef3c910da421e890925e5e61275fc457da87f6e)
---
Summary of changes:
lib/replace/libreplace.m4|4 ++-
lib/replace/replace.c| 54 ++
lib/replace/replace.h| 38 -
lib/replace/snprintf.c | 17 ++---
lib/replace/test/testsuite.c | 37
5 files changed, 138 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index af85879..7a26deb 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -108,7 +108,7 @@ AC_CHECK_HEADERS(unix.h)
AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror)
AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename)
AC_CHECK_FUNCS(waitpid wait4 strlcpy strlcat initgroups memmove strdup)
-AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2)
+AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2 dprintf
vdprintf)
AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath)
AC_HAVE_DECL(setresuid, [#include unistd.h])
AC_HAVE_DECL(setresgid, [#include unistd.h])
@@ -228,6 +228,8 @@ AC_HAVE_DECL(environ, [#include unistd.h])
AC_CHECK_FUNCS(strnlen)
AC_CHECK_FUNCS(strtoull __strtoull strtouq strtoll __strtoll strtoq)
+AC_CHECK_FUNCS(memmem)
+
# this test disabled as we don't actually need __VA_ARGS__ yet
AC_TRY_CPP([
#define eprintf(...) fprintf(stderr, __VA_ARGS__)
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index fc15717..85d0e36 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -681,3 +681,57 @@ char *rep_realpath(const char *path, char *resolved_path)
return NULL;
}
#endif
+
+
+#ifndef HAVE_MEMMEM
+void *rep_memmem(const void *haystack, size_t haystacklen,
+const void *needle, size_t needlelen)
+{
+ if (needlelen == 0) {
+ return discard_const(haystack);
+ }
+ while (haystacklen = needlelen) {
+ char *p = memchr(haystack, *(const char *)needle,
+haystacklen-(needlelen-1));
+
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via 3f5b4ed lib/replace: replace all *printf function if we replace
snprintf (bug #9390)
from ce8beb7 Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 3f5b4ed6bdce39f5730fd9acb69e9b03debda7be
Author: Stefan Metzmacher me...@samba.org
Date: Tue Nov 13 14:07:11 2012 +0100
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
This fixes segfaults in log level = 10 on Solaris.
Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Björn Jacke b...@sernet.de
Autobuild-User(master): Björn Jacke b...@sernet.de
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104
(cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52)
Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Thu Nov 15 13:41:55 CET 2012 on sn-devel-104
---
Summary of changes:
lib/replace/replace.c |4 ++--
lib/replace/replace.h | 42 ++
lib/replace/snprintf.c |5 ++---
3 files changed, 34 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index e461471..7ee5f4b 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -741,7 +741,7 @@ void *rep_memmem(const void *haystack, size_t haystacklen,
}
#endif
-#ifndef HAVE_VDPRINTF
+#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_vdprintf(int fd, const char *format, va_list ap)
{
char *s = NULL;
@@ -758,7 +758,7 @@ int rep_vdprintf(int fd, const char *format, va_list ap)
}
#endif
-#ifndef HAVE_DPRINTF
+#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_dprintf(int fd, const char *format, ...)
{
int ret;
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index bbea0fc..cb412c2 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -376,16 +376,6 @@ int rep_dlclose(void *handle);
/* prototype is in system/network.h */
#endif
-#ifndef HAVE_VDPRINTF
-#define vdprintf rep_vdprintf
-int rep_vdprintf(int fd, const char *format, va_list ap);
-#endif
-
-#ifndef HAVE_DPRINTF
-#define dprintf rep_dprintf
-int rep_dprintf(int fd, const char *format, ...);
-#endif
-
#ifndef PRINTF_ATTRIBUTE
#if (__GNUC__ = 3) (__GNUC_MINOR__ = 1 )
/** Use gcc attribute to check printf fns. a1 is the 1-based index of
@@ -406,7 +396,17 @@ int rep_dprintf(int fd, const char *format, ...);
#endif
#endif
-#ifndef HAVE_VASPRINTF
+#if !defined(HAVE_VDPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+#define vdprintf rep_vdprintf
+int rep_vdprintf(int fd, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0);
+#endif
+
+#if !defined(HAVE_DPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+#define dprintf rep_dprintf
+int rep_dprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
+#endif
+
+#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
#define vasprintf rep_vasprintf
int rep_vasprintf(char **ptr, const char *format, va_list ap)
PRINTF_ATTRIBUTE(2,0);
#endif
@@ -421,11 +421,29 @@ int rep_snprintf(char *,size_t ,const char *, ...)
PRINTF_ATTRIBUTE(3,4);
int rep_vsnprintf(char *,size_t ,const char *, va_list ap)
PRINTF_ATTRIBUTE(3,0);
#endif
-#ifndef HAVE_ASPRINTF
+#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
#define asprintf rep_asprintf
int rep_asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3);
#endif
+#if !defined(HAVE_C99_VSNPRINTF)
+#ifdef REPLACE_BROKEN_PRINTF
+/*
+ * We do not redefine printf by default
+ * as it breaks the build if system headers
+ * use __attribute__((format(printf, 3, 0)))
+ * instead of __attribute__((format(__printf__, 3, 0)))
+ */
+#define printf rep_printf
+#endif
+int rep_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2);
+#endif
+
+#if !defined(HAVE_C99_VSNPRINTF)
+#define fprintf rep_fprintf
+int rep_fprintf(FILE *stream, const char *, ...) PRINTF_ATTRIBUTE(2,3);
+#endif
+
#ifndef HAVE_VSYSLOG
#ifdef HAVE_SYSLOG
#define vsyslog rep_vsyslog
diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 877d2a1..6b4a711 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -1256,7 +1256,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list,
#endif
-#ifndef HAVE_VASPRINTF
+#if !defined(HAVE_VASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_vasprintf(char **ptr, const char *format, va_list ap)
{
int ret;
@@ -1278,8 +1278,7 @@ static int add_cnk_list_entry(struct pr_chunk_x **list,
}
#endif
-
-#ifndef HAVE_ASPRINTF
+#if !defined(HAVE_ASPRINTF) || !defined(HAVE_C99_VSNPRINTF)
int rep_asprintf(char **ptr, const char *format, ...)
{
va_list ap;
--
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cf1540b Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
from 4ed7803 popt_common: Fix typos.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cf1540b73714fac6b25de5942cbd821e5f4f6ffc
Author: Jeremy Allison j...@samba.org
Date: Tue Nov 13 11:22:15 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of -w-, which violates
the principle that the owner of a file/directory can always read.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Michael Adam ob...@samba.org
Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
---
Summary of changes:
source3/smbd/posix_acls.c | 17 ++---
1 files changed, 10 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index b8e0d4a..bca5304 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1431,10 +1431,11 @@ static bool
ensure_canon_entry_valid_on_set(connection_struct *conn,
for (pace = *pp_ace; pace; pace = pace-next) {
if (pace-type == SMB_ACL_USER_OBJ) {
-
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
+ apply_default_perms(params, is_directory, pace,
S_IRUSR);
pace_user = pace;
} else if (pace-type == SMB_ACL_GROUP_OBJ) {
@@ -1515,9 +1516,11 @@ static bool
ensure_canon_entry_valid_on_set(connection_struct *conn,
pace-perms = pace_other-perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace,
S_IRUSR);
- }
+ /*
+* Ensure we have default parameters for the
+* user (owner) even on default ACLs.
+*/
+ apply_default_perms(params, is_directory, pace, S_IRUSR);
DLIST_ADD(*pp_ace, pace);
pace_user = pace;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ace0909 s4:samba-tool: Fix samba-tool fsmo --role=schema
via 256391c samba-tool: Add new samba-tool gpo aclcheck and test
from cf1540b Another fix needed for bug #9236 - ACL masks incorrectly
applied when setting ACLs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ace0909b88739338e948b9c1e98307f324bb7503
Author: Arvid Requate requ...@univention.de
Date: Wed Nov 14 15:51:19 2012 +0100
s4:samba-tool: Fix samba-tool fsmo --role=schema
Fix traceback:
samba-tool fsmo --role=schema --force
ERROR(type 'exceptions.TypeError'): uncaught exception - argument 2 must
be string, not ldb.Dn
File /usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py, line
168, in _run
return self.run(*args, **kwargs)
File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 160,
in run
self.seize_role(role, samdb, force)
File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 119,
in seize_role
m.dn = ldb.Dn(samdb, self.schema_dn)
Reviewed-by: Andrew Bartlett abart...@samba.org
Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104
commit 256391c0faf4ff4d408821e3fe8cfe2eff44c043
Author: Andrew Bartlett abart...@samba.org
Date: Mon Nov 5 19:36:28 2012 +1100
samba-tool: Add new samba-tool gpo aclcheck and test
Reviewed-by: Jelmer Vernooij jel...@samba.org
---
Summary of changes:
source4/scripting/python/samba/netcmd/fsmo.py |2 +-
source4/scripting/python/samba/netcmd/gpo.py | 63
.../scripting/python/samba/tests/samba_tool/gpo.py | 10 +++
3 files changed, 74 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/netcmd/fsmo.py
b/source4/scripting/python/samba/netcmd/fsmo.py
index 15d1d49..c938c91 100644
--- a/source4/scripting/python/samba/netcmd/fsmo.py
+++ b/source4/scripting/python/samba/netcmd/fsmo.py
@@ -103,7 +103,7 @@ all=all of the above),
domain_dn = samdb.domain_dn()
self.infrastructure_dn = CN=Infrastructure, + domain_dn
self.naming_dn = CN=Partitions,%s % samdb.get_config_basedn()
-self.schema_dn = samdb.get_schema_basedn()
+self.schema_dn = str(samdb.get_schema_basedn())
self.rid_dn = CN=RID Manager$,CN=System, + domain_dn
m = ldb.Message()
diff --git a/source4/scripting/python/samba/netcmd/gpo.py
b/source4/scripting/python/samba/netcmd/gpo.py
index 347231b..f70317a 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -1072,6 +1072,68 @@ class cmd_del(Command):
self.outf.write(GPO %s deleted.\n % gpo)
+class cmd_aclcheck(Command):
+Check all GPOs have matching LDAP and DS ACLs.
+
+synopsis = %prog [options]
+
+takes_optiongroups = {
+sambaopts: options.SambaOptions,
+versionopts: options.VersionOptions,
+credopts: options.CredentialsOptions,
+}
+
+takes_options = [
+Option(-H, --URL, help=LDB URL for database or target server,
type=str,
+ metavar=URL, dest=H)
+]
+
+def run(self, H=None, sambaopts=None, credopts=None, versionopts=None):
+
+self.lp = sambaopts.get_loadparm()
+self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+self.url = dc_url(self.lp, self.creds, H)
+
+# We need to know writable DC to setup SMB connection
+if H and H.startswith('ldap://'):
+dc_hostname = H[7:]
+self.url = H
+else:
+dc_hostname = netcmd_finddc(self.lp, self.creds)
+self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+samdb_connect(self)
+
+msg = get_gpo_info(self.samdb, None)
+
+for m in msg:
+# verify UNC path
+unc = m['gPCFileSysPath'][0]
+try:
+[dom_name, service, sharepath] = parse_unc(unc)
+except ValueError:
+raise CommandError(Invalid GPO path (%s) % unc)
+
+# SMB connect to DC
+try:
+conn = smb.SMB(dc_hostname, service, lp=self.lp,
creds=self.creds)
+except Exception:
+raise CommandError(Error connecting to '%s' using SMB %
dc_hostname)
+
+fs_sd = conn.get_acl(sharepath, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL,
security.SEC_FLAG_MAXIMUM_ALLOWED)
+
+ds_sd_ndr = m['ntSecurityDescriptor'][0]
+ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()
+
+# Create a file system security descriptor
+domain_sid =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d7cab97 s3:param: make init_locals() static.
via 3fc2c03 s3-param: Handle setting default AD DC per-share settings
in init_locals()
from ace0909 s4:samba-tool: Fix samba-tool fsmo --role=schema
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d7cab973fc3213ff777bff519eb001ae7d1c1bdc
Author: Michael Adam ob...@samba.org
Date: Fri Nov 16 01:00:21 2012 +0100
s3:param: make init_locals() static.
it is only used in loadparm.c
Signed-off-by: Michael Adam ob...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org
Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
commit 3fc2c03ea3dcc36778e92115a0dbca42531bd4dd
Author: Andrew Bartlett abart...@samba.org
Date: Fri Nov 16 10:30:44 2012 +1100
s3-param: Handle setting default AD DC per-share settings in init_locals()
This function is helpfully called between when we finish processing
the globals and when we start processing the individual shares. This
means that the vfs objects and other per-share settings we specify
here become the defaults for (eg) [netlogon] and [sysvol] but the
admin can override these on a per-share basis or (as we must in make
test) for the whole server.
This broke setting and fetching of group policy objects from Windows
clients, since this setting was moved from fileserver.conf in
8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
test' because we have to override the vfs objects to insert the
xattr_tdb and fake_acl modules.
Andrew Bartlett
Reviewed-by: Michael Adam ob...@samba.org
---
Summary of changes:
source3/include/proto.h |1 -
source3/param/loadparm.c | 58 ++
2 files changed, 38 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5f3d937..bcecde9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1408,7 +1408,6 @@ void *lp_local_ptr_by_snum(int snum, struct parm_struct
*parm);
bool lp_do_parameter(int snum, const char *pszParmName, const char
*pszParmValue);
bool lp_set_cmdline(const char *pszParmName, const char *pszParmValue);
bool lp_set_option(const char *option);
-void init_locals(void);
bool lp_is_default(int snum, struct parm_struct *parm);
bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal);
struct parm_struct *lp_get_parameter(const char *param_name);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 12cb8db..8ad0fc9 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3469,12 +3469,41 @@ static bool equal_parameter(parm_type type, void *ptr1,
void *ptr2)
}
/***
- Initialize any local varients in the sDefault table.
+ Initialize any local variables in the sDefault table, after parsing a
+ [globals] section.
***/
-void init_locals(void)
+static void init_locals(void)
{
- /* None as yet. */
+ /*
+* We run this check once the [globals] is parsed, to force
+* the VFS objects and other per-share settings we need for
+* the standard way a AD DC is operated. We may change these
+* as our code evolves, which is why we force these settings.
+*
+* We can't do this at the end of lp_load_ex(), as by that
+* point the services have been loaded and they will already
+* have as their vfs objects.
+*/
+ if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+ const char **vfs_objects = lp_vfs_objects(-1);
+ if (!vfs_objects || !vfs_objects[0]) {
+ if (lp_parm_const_string(-1, xattr_tdb, file,
NULL)) {
+ lp_do_parameter(-1, vfs objects, dfs_samba4
acl_xattr xattr_tdb);
+ } else if (lp_parm_const_string(-1, posix, eadb,
NULL)) {
+ lp_do_parameter(-1, vfs objects, dfs_samba4
acl_xattr posix_eadb);
+ } else {
+ lp_do_parameter(-1, vfs objects, dfs_samba4
acl_xattr);
+ }
+ }
+
+ lp_do_parameter(-1, map hidden, no);
+ lp_do_parameter(-1, map system, no);
+ lp_do_parameter(-1, map readonly, no);
+ lp_do_parameter(-1, store dos attributes, yes);
+ lp_do_parameter(-1, create mask, 0777);
+ lp_do_parameter(-1, directory mask, 0777);
+ }
}
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba3.stderr http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba.stderr http://git.samba.org/autobuild.flakey/2012-11-16-0709/samba.stdout The top commit at the time of the failure was: commit d7cab973fc3213ff777bff519eb001ae7d1c1bdc Author: Michael Adam ob...@samba.org Date: Fri Nov 16 01:00:21 2012 +0100 s3:param: make init_locals() static. it is only used in loadparm.c Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
