svn commit: samba r22510 - in branches/SAMBA_3_0_RELEASE: . source source/groupdb source/lib source/libgpo source/passdb source/rpc_server source/smbd

jerry at samba.org jerry at samba.org
Wed Apr 25 09:36:54 GMT 2007


Author: jerry
Date: 2007-04-25 09:36:47 +0000 (Wed, 25 Apr 2007)
New Revision: 22510

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22510

Log:
pull patches from SAMBA_3_0_25 and update release notes for 3.0.25rc3
Modified:
   branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
   branches/SAMBA_3_0_RELEASE/source/Makefile.in
   branches/SAMBA_3_0_RELEASE/source/VERSION
   branches/SAMBA_3_0_RELEASE/source/groupdb/mapping_tdb.c
   branches/SAMBA_3_0_RELEASE/source/lib/util_sid.c
   branches/SAMBA_3_0_RELEASE/source/libgpo/gpo_fetch.c
   branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c
   branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
   branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c
   branches/SAMBA_3_0_RELEASE/source/smbd/reply.c
   branches/SAMBA_3_0_RELEASE/source/smbd/trans2.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt	2007-04-25 09:36:47 UTC (rev 22510)
@@ -1,9 +1,9 @@
                    =================================
-                   Release Notes for Samba 3.0.25rc2
-                               Apr 22, 2007
+                   Release Notes for Samba 3.0.25rc3
+                               Apr 25, 2007
                    =================================
 
-This is the second release candidate of the Samba 3.0.25 code base 
+This is the third release candidate of the Samba 3.0.25 code base 
 and is provided for testing only.  An RC release means that we are 
 close to the final release but the code may still have a few 
 remaining minor bugs.  This release is *not* intended for production 
@@ -27,7 +27,7 @@
     by side on the Same server.
   o Improved compatibility with Windows Vista clients including 
     improved read performance with Linux servers.
-  o Man pages for VFS plug-ins.
+  o Man pages for IdMap and VFS plug-ins.
 
 
 Off-line Logons and AD Site Support
@@ -42,16 +42,12 @@
 New IdMap Interface for Winbindd
 ================================
 
-The 3.0.25 release of Samba will include a rewritten IdMap interface
-for winbindd which replaces the "idmap backend" parameter.  The
-initial design document may be found at
+The 3.0.25 release of Samba includes a rewritten IdMap interface
+for winbindd which replaces the "idmap backend" parameter.  Please 
+refer to the "idmap domains" description in the smb.conf(5) man 
+page for more details.
 
-	http://www.samba.org/~idra/samba3_newidmap.pdf
 
-Please refer to the "idmap domains" description in the smb.conf(5)
-man page for more details.
-
-
 Dynamic DNS Updates
 ===================
 
@@ -95,13 +91,61 @@
 Changes
 #######
 
-Changes since 3.0.25pre2
-------------------------
+Changes since 3.0.25rc2
+-----------------------
 
 commits
 -------
 
 o   Jeremy Allison <jra at samba.org>
+    * Allow Well-Known and Local Groups to be stored in POSIX ACLs
+      as long as there is a SID/gid mapping entry available.
+    * Fix memory corruption bug in the CIFS POSIX open/mkdir.
+    * BUG 4536: Correctly delete symlinks pointing to a directory.
+
+
+o   Gerald (Jerry) Carter <jerry at samba.org>
+    * Ensure winbindd honors the "idmap domains" option and not 
+      default to idmap_tdb.
+    * Fix memory corruption caused by calling free() on talloc()'d
+      memory when adding and removing users from local groups.
+
+
+o   Guenther Deschner <gd at samba.org>
+    * Memory allocation error checks in libgpo.
+
+
+o   Jim McDonough <jmcd at us.ibm.com>
+    * Fix crate_user() access checks when setting the "User Cannot 
+      Change Password" flag.
+
+
+o   Simo Sorce <idra at samba.org>
+    * Fix linking flags used when creating shared libraries.
+
+
+
+Release Notes for older release follow:
+
+      --------------------------------------------------
+
+                   =================================
+                   Release Notes for Samba 3.0.25rc2
+                               Apr 22, 2007
+                   =================================
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.25rc1
+-----------------------
+
+commits
+-------
+
+o   Jeremy Allison <jra at samba.org>
     * BUG 4494: Make sure to fail immediately if sendfile fails and
       don't continue on to call chain_reply() (based on report from
       Kevin Jamieson).

Modified: branches/SAMBA_3_0_RELEASE/source/Makefile.in
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/Makefile.in	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/Makefile.in	2007-04-25 09:36:47 UTC (rev 22510)
@@ -23,10 +23,10 @@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@
 EXEEXT=@EXEEXT@
-LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
 AR=@AR@
 LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
 WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
+LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
 AWK=@AWK@
 PICFLAG=@PICFLAG@
 DYNEXP=@DYNEXP@
@@ -1144,7 +1144,7 @@
 
 bin/libaddns. at SHLIBEXT@: proto_exists $(LIBADDNS_OBJ)
 	@echo Linking libaddns shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(UUID_LIBS)\
 		@SONAMEFLAG@`basename $@`.$(LIBADDNS_MAJOR)
 
@@ -1154,7 +1154,7 @@
 
 bin/libsmbclient. at SHLIBEXT@: proto_exists $(LIBSMBCLIENT_OBJ)
 	@echo Linking libsmbclient shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
 
@@ -1164,7 +1164,7 @@
 
 bin/libsmbsharemodes. at SHLIBEXT@: proto_exists $(LIBSMBSHAREMODES_OBJ)
 	@echo Linking libsmbsharemodes shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBSMBSHAREMODES_MAJOR)
 
@@ -1174,7 +1174,7 @@
 
 bin/libmsrpc. at SHLIBEXT@: proto_exists $(CAC_OBJ)
 	@echo Linking libmsrpc shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LIBS) \
 	@SONAMEFLAG@`basename $@`.$(LIBMSRPC_MAJOR)
 
 bin/libmsrpc.a: proto_exists $(CAC_OBJ)

Modified: branches/SAMBA_3_0_RELEASE/source/VERSION
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/VERSION	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/VERSION	2007-04-25 09:36:47 UTC (rev 22510)
@@ -56,7 +56,7 @@
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #

Modified: branches/SAMBA_3_0_RELEASE/source/groupdb/mapping_tdb.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/groupdb/mapping_tdb.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/groupdb/mapping_tdb.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -466,11 +466,11 @@
 
 	for (i=0; i<num; i++) {
 		if (sid_compare(alias, &sids[i]) == 0) {
-			SAFE_FREE(sids);
+			TALLOC_FREE(sids);
 			return True;
 		}
 	}
-	SAFE_FREE(sids);
+	TALLOC_FREE(sids);
 	return False;
 }
 
@@ -637,7 +637,7 @@
 	}
 
 	if (!found) {
-		SAFE_FREE(sids);
+		TALLOC_FREE(sids);
 		return NT_STATUS_MEMBER_NOT_IN_ALIAS;
 	}
 
@@ -659,7 +659,7 @@
 	member_string = SMB_STRDUP("");
 
 	if (member_string == NULL) {
-		SAFE_FREE(sids);
+		TALLOC_FREE(sids);
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -671,7 +671,7 @@
 
 		SAFE_FREE(s);
 		if (member_string == NULL) {
-			SAFE_FREE(sids);
+			TALLOC_FREE(sids);
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
@@ -682,7 +682,7 @@
 	result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
 		NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
 
-	SAFE_FREE(sids);
+	TALLOC_FREE(sids);
 	SAFE_FREE(member_string);
 
 	return result;

Modified: branches/SAMBA_3_0_RELEASE/source/lib/util_sid.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/lib/util_sid.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/lib/util_sid.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -510,6 +510,9 @@
 	DOM_SID dom;
 	uint32 rid;
 
+	if (sid_equal(sid, &global_sid_System))
+		return True;
+
 	sid_copy(&dom, sid);
 	sid_split_rid(&dom, &rid);
 

Modified: branches/SAMBA_3_0_RELEASE/source/libgpo/gpo_fetch.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libgpo/gpo_fetch.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/libgpo/gpo_fetch.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -188,6 +188,7 @@
 
 	if (name && *display_name) {
 		*display_name = talloc_strdup(mem_ctx, name);
+		NT_STATUS_HAVE_NO_MEMORY(*display_name);
 	}
 
 	return NT_STATUS_OK;

Modified: branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -455,7 +455,11 @@
 			temp))
 		return (time_t) 0;
 
-	strptime(temp, "%Y%m%d%H%M%SZ", &tm);
+	if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
+		DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
+			(char*)temp));
+		return (time_t) 0;
+	}
 	tzset();
 	return timegm(&tm);
 }

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -739,7 +739,12 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	status = pdb_update_sam_account(sampass);
+	status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+	if (NT_STATUS_IS_OK(status)) {
+		become_root();
+		status = pdb_update_sam_account(sampass);
+		unbecome_root();
+	}
 
 	TALLOC_FREE(sampass);
 

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -1347,17 +1347,6 @@
 		SEC_ACE *psa = &dacl->aces[i];
 
 		/*
-		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
-		 */
-
-		if (non_mappable_sid(&psa->trustee)) {
-			fstring str;
-			DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
-				sid_to_string(str, &psa->trustee) ));
-			continue;
-		}
-
-		/*
 		 * Create a cannon_ace entry representing this NT DACL ACE.
 		 */
 
@@ -1417,6 +1406,16 @@
 		} else {
 			fstring str;
 
+			/*
+			 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+			 */
+
+			if (non_mappable_sid(&psa->trustee)) {
+				DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+					sid_to_string(str, &psa->trustee) ));
+				continue;
+			}
+
 			free_canon_ace_list(file_ace);
 			free_canon_ace_list(dir_ace);
 			DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/reply.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/reply.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -3866,7 +3866,23 @@
 	int ret;
 	SMB_STRUCT_STAT st;
 
-	ret = SMB_VFS_RMDIR(conn,directory);
+	/* Might be a symlink. */
+	if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	if (S_ISLNK(st.st_mode)) {
+		/* Is what it points to a directory ? */
+		if(SMB_VFS_STAT(conn, directory, &st) != 0) {
+			return map_nt_error_from_unix(errno);
+		}
+		if (!(S_ISDIR(st.st_mode))) {
+			return NT_STATUS_NOT_A_DIRECTORY;
+		}
+		ret = SMB_VFS_UNLINK(conn,directory);
+	} else {
+		ret = SMB_VFS_RMDIR(conn,directory);
+	}
 	if (ret == 0) {
 		notify_fname(conn, NOTIFY_ACTION_REMOVED,
 			     FILE_NOTIFY_CHANGE_DIR_NAME,

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/trans2.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/trans2.c	2007-04-25 09:32:03 UTC (rev 22509)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/trans2.c	2007-04-25 09:36:47 UTC (rev 22510)
@@ -3717,7 +3717,7 @@
 				SIVAL(pdata,0,0); /* ??? */
 				SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
 				SOFF_T(pdata,8,file_size);
-				SIVAL(pdata,16,allocation_size);
+				SOFF_T(pdata,16,allocation_size);
 				SIVAL(pdata,20,0); /* ??? */
 				data_size = 24 + byte_len;
 			}
@@ -3738,7 +3738,7 @@
 			put_long_date_timespec(pdata+8,atime_ts);
 			put_long_date_timespec(pdata+16,mtime_ts); /* write time */
 			put_long_date_timespec(pdata+24,mtime_ts); /* change time */
-			SIVAL(pdata,32,allocation_size);
+			SOFF_T(pdata,32,allocation_size);
 			SOFF_T(pdata,40,file_size);
 			SIVAL(pdata,48,mode);
 			SIVAL(pdata,52,0); /* ??? */
@@ -5295,6 +5295,7 @@
 		*pdata_return_size = 0;
 		return NT_STATUS_NO_MEMORY;
 	}
+	pdata = *ppdata;
 
 	SSVAL(pdata,0,NO_OPLOCK_RETURN);
 	SSVAL(pdata,2,0); /* No fnum. */
@@ -5471,6 +5472,7 @@
 		*pdata_return_size = 0;
 		return NT_STATUS_NO_MEMORY;
 	}
+	pdata = *ppdata;
 
 	if (extended_oplock_granted) {
 		if (flags & REQUEST_BATCH_OPLOCK) {



More information about the samba-cvs mailing list