[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-2-12-gef801d1
Karolin Seeger
kseeger at samba.org
Thu Aug 21 07:48:43 GMT 2008
The branch, v3-2-stable has been updated
via ef801d12a309c4c9f6429739b835fb32f5c309b8 (commit)
via 8145b0a7d7bacb818b8dadadae65ecd0877b5ce2 (commit)
via eb892f90c9be0ebc2217fc459d4249190986c003 (commit)
via c48f247d76569bfdc844499cc64f504bce7085cd (commit)
via e3ff1cb7709d93fb91602d3d25deca3f4ecce2ce (commit)
via 15e8e23466ae959bd0efc540c287338dbcd0b7a6 (commit)
via ebd1f8f9297b31353d094ddccc320a83f02877ce (commit)
via 64ebfe4b2e5b7e3e07a0af424b35000693148e48 (commit)
via 435c10268bb6987ab7e8206cd6c45bd9961c5632 (commit)
via a7058ed1ef2622abdb75fe997ce4a5c570898929 (commit)
from f8e9a38baac25cc178b0d04e1ec2bfaba8e4b5cb (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit ef801d12a309c4c9f6429739b835fb32f5c309b8
Author: Michael Adam <obnox at samba.org>
Date: Wed Aug 20 14:56:18 2008 +0200
build: fix bug #5590 by not linking in the static libs but the objects.
Michael
(cherry picked from commit 6ad2090391a92ebe822b2d7b80e180c251dc8e7a)
(cherry picked from commit 24459c7eda080a4fed2d4f2a576c97f878f905f9)
commit 8145b0a7d7bacb818b8dadadae65ecd0877b5ce2
Author: Michael Adam <obnox at samba.org>
Date: Wed Aug 20 14:55:24 2008 +0200
build: fall down to the same place when using an internal lib statically.
Michael
(cherry picked from commit 702c0bc04668117e3521d687b9b5a87fd7e0f1b1)
(cherry picked from commit f3ad03d0f909ff862411511d9f63e77047034c01)
commit eb892f90c9be0ebc2217fc459d4249190986c003
Author: Michael Adam <obnox at samba.org>
Date: Wed Aug 20 13:22:13 2008 +0200
build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency.
Michael
(cherry picked from commit ead9b9d7167d999d73cf4111f3b321236aac2a15)
(cherry picked from commit 8dd57f31b2ba621654f989e1ed58bd2dd80b7849)
commit c48f247d76569bfdc844499cc64f504bce7085cd
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 20 18:40:58 2008 +0200
fix build warning.
Guenther
(cherry picked from commit a75055be5ff7ebe3476cfac86c6597a56a843c23)
(cherry picked from commit d0a4b9f69984ca5da0007af91013f1bc78dcbf2b)
commit e3ff1cb7709d93fb91602d3d25deca3f4ecce2ce
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 20 20:24:45 2008 +0200
fix another build warning.
Guenther
(cherry picked from commit 43693ce6c678b961fa516bbf502af92f87cd5346)
(cherry picked from commit 2a5ae59f77c05c41c97747dee9bc8c196dfe6b89)
commit 15e8e23466ae959bd0efc540c287338dbcd0b7a6
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Wed Aug 20 13:00:40 2008 -0500
nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT
According to the GNU libc nss guide, we should always set
errno to ENOENT when returning NSS_UNAVAIL.
http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface
At least the MQ Series message queing service that runs
on WebSphere will fail if you return any other errno in this case.
(cherry picked from commit ee26664602445fa7798e2061f6bcbef0756d6528)
(cherry picked from commit 29b39723b82f363d32dc4678d6b71a78485c65ce)
commit ebd1f8f9297b31353d094ddccc320a83f02877ce
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 19 16:34:50 2008 +0200
smbd: fix the handling of create_options to pass RAW-OPEN
Some of the bits generate INVALID_PARAMETER and some bits
are ignored when they come from a client, that's why we need
to use bits from the ignored range for our internal usage.
metze
(cherry picked from commit 7b4c8a4e39f310eb450918fa841b0ea1b4af19f7)
(cherry picked from commit 3366ac2857820d87fb36a1357786a3564d258da5)
commit 64ebfe4b2e5b7e3e07a0af424b35000693148e48
Author: Jeff Layton <jlayton at redhat.com>
Date: Tue Aug 19 21:35:35 2008 -0400
cifs.upcall: handle MSKRB5 OID properly
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton at redhat.com>
Acked-by: Steve French <smfrench at gmail.com>
(cherry picked from commit 3d96409c115b3ad4ef29ff75e40b39a26e316afe)
commit 435c10268bb6987ab7e8206cd6c45bd9961c5632
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 19 17:31:46 2008 -0700
Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address
reported by Ted Percival <ted at midg3t.net>.
Jeremy.
(cherry picked from commit 4ac537d1b78c915fe25c219958312cf22f3cba80)
commit a7058ed1ef2622abdb75fe997ce4a5c570898929
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 19 13:29:24 2008 +0200
build: fix linking cifs.upcall when nscd_flush_cache() is found.
Michael
(cherry picked from commit 661b7fdffda40a9ca7cb36627dbaf91cb4357cd0)
(cherry picked from commit 7401c6a5b74c9c82c02923e6eafa6072a5d5678f)
-----------------------------------------------------------------------
Summary of changes:
source/Makefile.in | 10 +++++-----
source/client/cifs.upcall.c | 18 +++++++++++++-----
source/include/smb.h | 15 +++++++++++----
source/lib/interface.c | 7 +++++--
source/m4/aclocal.m4 | 4 ++--
source/nmbd/nmbd.c | 4 ++--
source/nmbd/nmbd_processlogon.c | 2 +-
source/nmbd/nmbd_subnetdb.c | 11 ++++++-----
source/nsswitch/wb_common.c | 20 ++++++++++++++++++--
source/rpc_client/cli_pipe.c | 4 ++--
source/smbd/nttrans.c | 12 ++++++++++++
source/smbd/open.c | 5 +++++
12 files changed, 82 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/Makefile.in b/source/Makefile.in
index 57d5114..2a8bec0 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -1324,7 +1324,7 @@ bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ
@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
- $(LIBTDB_LIBS)
+ $(LIBTDB_LIBS) $(NSCD_LIBS)
bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
@echo Linking $@
@@ -1798,7 +1798,7 @@ shlibs test_shlibs: @LIBADDNS_SHARED@
#
#-------------------------------------------------------------------
-LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
+LIBNETAPI_OBJ0 = lib/netapi/netapi.o \
lib/netapi/cm.o \
librpc/gen_ndr/ndr_libnetapi.o \
lib/netapi/libnetapi.o \
@@ -1807,7 +1807,7 @@ LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
lib/netapi/getdc.o \
lib/netapi/user.o
-LIBNETAPI_OBJ = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \
+LIBNETAPI_OBJ = $(LIBNETAPI_OBJ0) $(LIBNET_OBJ) \
$(LIBSMBCONF_OBJ) \
$(REG_SMBCONF_OBJ) \
$(PARAM_WITHOUT_REG_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -1838,9 +1838,9 @@ $(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME)
@rm -f $@
@ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
-$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1)
+$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ0)
@echo Linking non-shared library $@
- @-$(AR) -rc $@ $(LIBNETAPI_OBJ1)
+ @-$(AR) -rc $@ $(LIBNETAPI_OBJ0)
libnetapi: $(LIBNETAPI)
diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c
index aa5eb57..fd3ed17 100644
--- a/source/client/cifs.upcall.c
+++ b/source/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include "cifs_spnego.h"
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
static const char *prog = "cifs.upcall";
typedef enum _secType {
KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
- *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+ *secblob = gen_negTokenInit(oid, tkt_wrapped);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
if (strncmp(tkn + 4, "krb5", 4) == 0) {
retval |= DKD_HAVE_SEC;
*sec = KRB5;
+ } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+ retval |= DKD_HAVE_SEC;
+ *sec = MS_KRB5;
}
} else if (strncmp(tkn, "uid=", 4) == 0) {
errno = 0;
@@ -219,7 +222,7 @@ int main(const int argc, char *const argv[])
uid_t uid;
int kernel_upcall_version;
int c, use_cifs_service_prefix = 0;
- char *buf, *hostname = NULL;
+ char *buf, *oid, *hostname = NULL;
openlog(prog, 0, LOG_DAEMON);
@@ -301,6 +304,7 @@ int main(const int argc, char *const argv[])
// do mech specific authorization
switch (sectype) {
+ case MS_KRB5:
case KRB5:{
char *princ;
size_t len;
@@ -319,8 +323,12 @@ int main(const int argc, char *const argv[])
}
strlcpy(princ + 5, hostname, len - 5);
- rc = handle_krb5_mech(OID_KERBEROS5, princ,
- &secblob, &sess_key);
+ if (sectype == MS_KRB5)
+ oid = OID_KERBEROS5_OLD;
+ else
+ oid = OID_KERBEROS5;
+
+ rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
SAFE_FREE(princ);
break;
}
diff --git a/source/include/smb.h b/source/include/smb.h
index cef6819..3c7058f 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1377,12 +1377,19 @@ struct bitmap {
#define FILE_DELETE_ON_CLOSE 0x1000
#define FILE_OPEN_BY_FILE_ID 0x2000
-/* Private create options used by the ntcreatex processing code. From Samba4. */
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x01000000
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x02000000
+#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK (0x008F0480)
+
+#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK (0xFF100030)
+
+/*
+ * Private create options used by the ntcreatex processing code. From Samba4.
+ * We reuse some ignored flags for private use.
+ */
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS 0x00010000
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB 0x00020000
/* Private options for streams support */
-#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
+#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x00040000
/* Responses when opening a file. */
#define FILE_WAS_SUPERSEDED 0
diff --git a/source/lib/interface.c b/source/lib/interface.c
index eb0af9e..2e7c270 100644
--- a/source/lib/interface.c
+++ b/source/lib/interface.c
@@ -131,15 +131,18 @@ int iface_count(void)
}
/****************************************************************************
- How many interfaces do we have (v4 only) ?
+ How many non-loopback IPv4 interfaces do we have ?
**************************************************************************/
-int iface_count_v4(void)
+int iface_count_v4_nl(void)
{
int ret = 0;
struct interface *i;
for (i=local_interfaces;i;i=i->next) {
+ if (is_loopback_addr(&i->ip)) {
+ continue;
+ }
if (i->ip.ss_family == AF_INET) {
ret++;
}
diff --git a/source/m4/aclocal.m4 b/source/m4/aclocal.m4
index 53ad46c..9a4213d 100644
--- a/source/m4/aclocal.m4
+++ b/source/m4/aclocal.m4
@@ -139,7 +139,7 @@ if eval test x"$build_lib" = "xyes" ; then
LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
AC_MSG_RESULT(yes)
if test x"$USESHARED" != x"true" -o x"$[LINK_]LIBUC" = "xSTATIC" ; then
- LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
+ enable_static=yes
else
LIBUC[_LIBS]=LIBLIBS
fi
@@ -152,7 +152,7 @@ else
AC_MSG_RESULT(shared library not selected, but will supply static library)
fi
if test $enable_static = yes; then
- LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
+ LIBUC[_STATIC]=[\$\(]LIBUC[_OBJ0\)]
fi
m4_popdef([LIBNAME])
diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c
index af4acc8..b72be2b 100644
--- a/source/nmbd/nmbd.c
+++ b/source/nmbd/nmbd.c
@@ -293,8 +293,8 @@ static void reload_interfaces(time_t t)
BlockSignals(false, SIGTERM);
- /* We only count IPv4 interfaces here. */
- while (iface_count_v4() == 0 && !got_sig_term) {
+ /* We only count IPv4, non-loopback interfaces here. */
+ while (iface_count_v4_nl() == 0 && !got_sig_term) {
sleep(5);
load_interfaces();
}
diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c
index 6e110dd..d99b535 100644
--- a/source/nmbd/nmbd_processlogon.c
+++ b/source/nmbd/nmbd_processlogon.c
@@ -399,7 +399,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
char *component, *dc, *q1;
char *q_orig = q;
int str_offset;
- char *saveptr;
+ char *saveptr = NULL;
domain = get_mydnsdomname(talloc_tos());
if (!domain) {
diff --git a/source/nmbd/nmbd_subnetdb.c b/source/nmbd/nmbd_subnetdb.c
index a4422d2..225def5 100644
--- a/source/nmbd/nmbd_subnetdb.c
+++ b/source/nmbd/nmbd_subnetdb.c
@@ -195,19 +195,20 @@ struct subnet_record *make_normal_subnet(const struct interface *iface)
bool create_subnets(void)
{
/* We only count IPv4 interfaces whilst we're waiting. */
- int num_interfaces = iface_count_v4();
+ int num_interfaces;
int i;
struct in_addr unicast_ip, ipzero;
try_interfaces_again:
- if (iface_count_v4() == 0) {
- DEBUG(0,("create_subnets: No local interfaces !\n"));
+ /* Only count IPv4, non-loopback interfaces. */
+ if (iface_count_v4_nl() == 0) {
+ DEBUG(0,("create_subnets: No local IPv4 non-loopback interfaces !\n"));
DEBUG(0,("create_subnets: Waiting for an interface to appear ...\n"));
}
- /* We only count IPv4 interfaces here. */
- while (iface_count_v4() == 0) {
+ /* We only count IPv4, non-loopback interfaces here. */
+ while (iface_count_v4_nl() == 0) {
void (*saved_handler)(int);
/*
diff --git a/source/nsswitch/wb_common.c b/source/nsswitch/wb_common.c
index b113fc3..6e6d2bb 100644
--- a/source/nsswitch/wb_common.c
+++ b/source/nsswitch/wb_common.c
@@ -176,11 +176,13 @@ static int winbind_named_pipe_sock(const char *dir)
/* Check permissions on unix socket directory */
if (lstat(dir, &st) == -1) {
+ errno = ENOENT;
return -1;
}
if (!S_ISDIR(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
+ errno = ENOENT;
return -1;
}
@@ -199,6 +201,7 @@ static int winbind_named_pipe_sock(const char *dir)
the winbindd daemon is not running. */
if (lstat(path, &st) == -1) {
+ errno = ENOENT;
SAFE_FREE(path);
return -1;
}
@@ -208,6 +211,7 @@ static int winbind_named_pipe_sock(const char *dir)
if (!S_ISSOCK(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
+ errno = ENOENT;
return -1;
}
@@ -368,6 +372,7 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
restart:
if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
+ errno = ENOENT;
return -1;
}
@@ -564,7 +569,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
if (winbind_write_sock(request, sizeof(*request),
request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1) {
+ need_priv) == -1)
+ {
+ /* Set ENOENT for consistency. Required by some apps */
+ errno = ENOENT;
+
return NSS_STATUS_UNAVAIL;
}
@@ -572,7 +581,11 @@ NSS_STATUS winbindd_send_request(int req_type, int need_priv,
(winbind_write_sock(request->extra_data.data,
request->extra_len,
request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1)) {
+ need_priv) == -1))
+ {
+ /* Set ENOENT for consistency. Required by some apps */
+ errno = ENOENT;
+
return NSS_STATUS_UNAVAIL;
}
@@ -596,6 +609,9 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response)
/* Wait for reply */
if (winbindd_read_reply(response) == -1) {
+ /* Set ENOENT for consistency. Required by some apps */
+ errno = ENOENT;
+
return NSS_STATUS_UNAVAIL;
}
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 425eb26..35256d7 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -823,8 +823,8 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli,
while(1) {
RPC_HDR rhdr;
- char *ret_data;
- uint32 ret_data_len;
+ char *ret_data = NULL;
+ uint32 ret_data_len = 0;
/* Ensure we have enough data for a pdu. */
ret = cli_pipe_get_current_pdu(cli, &rhdr, ¤t_pdu);
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index ae7bd8b..0b48fa2 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -490,6 +490,12 @@ void reply_ntcreate_and_X(struct smb_request *req)
fname));
/*
+ * we need to remove ignored bits when they come directly from the client
+ * because we reuse some of them for internal stuff
+ */
+ create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
+ /*
* If it's an IPC, use the pipe handler.
*/
@@ -899,6 +905,12 @@ static void call_nt_transact_create(connection_struct *conn,
allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
#endif
+ /*
+ * we need to remove ignored bits when they come directly from the client
+ * because we reuse some of them for internal stuff
+ */
+ create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 2184e69..ea10cdc 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -2614,6 +2614,11 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
goto fail;
}
+ if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
if (req == NULL) {
oplock_request |= INTERNAL_OPEN_ONLY;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list