[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-1-38-g14acfb8
Karolin Seeger
kseeger at samba.org
Fri Aug 15 07:16:40 GMT 2008
The branch, v3-2-stable has been updated
via 14acfb8f4af0f58de71618b5cfc4579edbfea9c7 (commit)
via 44e49a59c37cb65c0a7e596b1bf676a664c1e4a2 (commit)
via 3bb258764a6199603b66f1b6876cc0a23d332b40 (commit)
from 086f97a6c7c1d96c6067695c8d0b675d21d61b84 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit 14acfb8f4af0f58de71618b5cfc4579edbfea9c7
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Aug 15 09:13:32 2008 +0200
WHATSNEW: Update changes since 3.2.1.
Karolin
(cherry picked from commit 4f958f09a75f5215044e680cc86edb3eca1c51be)
commit 44e49a59c37cb65c0a7e596b1bf676a664c1e4a2
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 14 21:53:55 2008 -0700
Fix show-stopper for 3.2. Smbd depends on group SID
position zero being the primary group sid. Authenicating
via winbindd call returned a non-sorted sid list. This
fixes is for both a winbindd call and a pac list from
an info3 struct. Without this we mess up the
primary group associated with created files. Found by
Herb.
Jeremy.
(cherry picked from commit 5cfa78d6e45477cb952d3b12cc914635842d6251)
commit 3bb258764a6199603b66f1b6876cc0a23d332b40
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 14 11:00:47 2008 -0700
Fix bug #5692 - Core dump in full_audit.so.
There were some function mismatches in the various GET_NT_ACL modules (some places the fsp parameter has not been removed).
Jeremy.
(cherry picked from commit 12b4ed7c3c10a6a29d108f6a83d961bf19751ca7)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 6 +++++-
examples/VFS/skel_opaque.c | 2 +-
source/auth/auth_util.c | 34 ++++++++++++++++++++++++++++++++++
source/modules/vfs_aixacl2.c | 2 +-
source/modules/vfs_catia.c | 2 +-
source/modules/vfs_full_audit.c | 5 ++---
6 files changed, 44 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 012a1fe..b8bc728 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -10,8 +10,9 @@ Major bug fixes included in Samba 3.2.2 are:
o Fix removal of dead records in tdb files. This can lead to very large
tdb files and to overflowing partitions as a consequence on systems
running an nmbd daemon.
-
o Fix freezing Windows Explorer on WinXP while browsing Samba shares.
+ o Fix assigning of primary group memberships when authenticating via
+ Winbind.
######################################################################
@@ -33,7 +34,10 @@ o Jeremy Allison <jra at samba.org>
* BUG 5675: Fix smbspool program assuming Kerberos authentication by
mistake.
* BUG 5686: Fix segfaults in libsmbclient.
+ * BUG 5692: Fix coredump in full_audit.so.
* Fix coverity ID 594 (resource leak on error path).
+ * Fix assigning of primary group memberships when authenticating via
+ Winbind.
* Several build fixes.
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index eb49f35..ee9ae1d 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -307,7 +307,7 @@ static size_t skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return 0;
}
-static size_t skel_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static size_t skel_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info, SEC_DESC **ppdesc)
{
errno = ENOSYS;
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 2024526..a183afb 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -27,6 +27,34 @@
#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
+ Ensure primary group SID is always at position 0 in a
+ auth_serversupplied_info struct.
+****************************************************************************/
+
+static void sort_sid_array_for_smbd(auth_serversupplied_info *result,
+ const DOM_SID *pgroup_sid)
+{
+ unsigned int i;
+
+ if (!result->sids) {
+ return;
+ }
+
+ if (sid_compare(&result->sids[0], pgroup_sid)==0) {
+ return;
+ }
+
+ for (i = 1; i < result->num_sids; i++) {
+ if (sid_compare(pgroup_sid,
+ &result->sids[i]) == 0) {
+ sid_copy(&result->sids[i], &result->sids[0]);
+ sid_copy(&result->sids[0], pgroup_sid);
+ return;
+ }
+ }
+}
+
+/****************************************************************************
Create a UNIX user on demand.
****************************************************************************/
@@ -1679,6 +1707,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
return nt_status;
}
+ /* Ensure the primary group sid is at position 0. */
+ sort_sid_array_for_smbd(result, &group_sid);
+
result->login_server = talloc_strdup(result,
info3->base.logon_server.string);
@@ -1915,6 +1946,9 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
memcpy(&result->sids[i], &info->sids[i+2].sid, sizeof(result->sids[i]));
}
+ /* Ensure the primary group sid is at position 0. */
+ sort_sid_array_for_smbd(result, &group_sid);
+
/* ensure we are never given NULL session keys */
ZERO_STRUCT(zeros);
diff --git a/source/modules/vfs_aixacl2.c b/source/modules/vfs_aixacl2.c
index ecb2a09..89be219 100644
--- a/source/modules/vfs_aixacl2.c
+++ b/source/modules/vfs_aixacl2.c
@@ -180,7 +180,7 @@ static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
}
static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, const char *name,
+ const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
diff --git a/source/modules/vfs_catia.c b/source/modules/vfs_catia.c
index ab48c96..51ee435 100644
--- a/source/modules/vfs_catia.c
+++ b/source/modules/vfs_catia.c
@@ -286,7 +286,7 @@ static char *catia_realpath(vfs_handle_struct *handle,
return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
}
-static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
diff --git a/source/modules/vfs_full_audit.c b/source/modules/vfs_full_audit.c
index 4a66fb4..68dd0b8 100644
--- a/source/modules/vfs_full_audit.c
+++ b/source/modules/vfs_full_audit.c
@@ -199,7 +199,7 @@ static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc);
-static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
@@ -1572,7 +1572,6 @@ static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_stru
}
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp,
const char *name,
uint32 security_info,
SEC_DESC **ppdesc)
@@ -1582,7 +1581,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
- "%s", fsp->fsp_name);
+ "%s", name);
return result;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list