[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-3-28-g5221acf

Karolin Seeger kseeger at samba.org
Thu Aug 28 14:33:06 GMT 2008


The branch, v3-2-stable has been updated
       via  5221acfa459d7cdeaf17fc784d896864114c1e63 (commit)
       via  67cdf03fab740d311d3425f3dc0570e34630327c (commit)
       via  a43743cf7d383993387c2b9f78331abf3c9ccae3 (commit)
       via  caaa7cea1388cee06ada4ec7b9f64350d6d9b8ea (commit)
       via  798ec02bf04dd2b0ae14b0ffc792fbfbcd50a4ef (commit)
       via  7817de6798ecc8f5ea05541460639fb32603237b (commit)
       via  fd7ca5a896e169e42350507e16aee63841591131 (commit)
       via  f04844aa7d50aa5e12c8cc6170d71239422113d1 (commit)
       via  db52767917fd1f4557e662ab241ec4e1df16332b (commit)
       via  509c1efd574e16ff1d34dd940b7e52aeea761849 (commit)
       via  cc6d94bd0444b38b825e8c220abe1b56539cde07 (commit)
       via  eb0a0548e0a898736473156334222e74d445cf22 (commit)
       via  ee30c1981eb46163d829d32ea1ac12572038085c (commit)
       via  d0a926fe3779c840de1b47dfd6e2b4d394eb0c45 (commit)
       via  202192809a23281659a1ed4e808daa7214fa6e03 (commit)
       via  8aef1233286b9aec684a79b4dd47f1799294ef05 (commit)
       via  66c7ac417df8d62541307a86dac962432f4cf51a (commit)
       via  22456840b9de884422bdb5608352ec945d87ab5e (commit)
       via  1c99575f93ffdb3fefd34ccf8cd7d6c214a1e968 (commit)
       via  ad728eae021f03f3681cb4847072351245857556 (commit)
       via  668e41430d3cad749fcb01ade6beadad1653324b (commit)
       via  eb2349c175f98fa51a6390841a227c9c7f19009e (commit)
       via  c1df51abdf366caf3cde84b1399d05abdc36133b (commit)
       via  b3676d078ccdfb07c331811b83550e3f437c7ff5 (commit)
       via  5795219f4825d14a02a2d163ae539057112127b6 (commit)
       via  b8f8560c80d0511352921c21a4d973ad522987cb (commit)
       via  93dd6962f6d31484d7f8ce62f132baaf294aa142 (commit)
       via  6e6be2abaf5e85aef63313f9d198ae77c410388b (commit)
      from  b666d0a4b597218f5f5020bf36d80d84dcbf7259 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable


- Log -----------------------------------------------------------------
commit 5221acfa459d7cdeaf17fc784d896864114c1e63
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 28 12:29:24 2008 +0200

    winbindd: fix invalid sid copy (hit when enumerating sibling domains).
    
    Guenther
    (cherry picked from commit 5eee7423351ffd05486e33ff8eb905babcbc9422)
    (cherry picked from commit 9f0bc4ff17b5a11dc412d0b5bc136476f3209a0c)

commit 67cdf03fab740d311d3425f3dc0570e34630327c
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Aug 27 17:26:59 2008 -0700

    Fix the wcache_invalidate_samlogon calls.
    Jeremy.
    (cherry picked from commit 0a0795fd0310cc44dac0df312325df6d08e38cdb)

commit a43743cf7d383993387c2b9f78331abf3c9ccae3
Author: Ephi Dror <Ephi.Dror at datadomain.com>
Date:   Wed Aug 27 17:26:36 2008 -0700

    Correct the netsamlogon_clear_cached_user function.
    (cherry picked from commit 85dd9c64ca2ffa31d02ee10a3745fd596e80786e)

commit caaa7cea1388cee06ada4ec7b9f64350d6d9b8ea
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Aug 27 11:30:02 2008 -0700

    Be explicit about setting perms for the ldb. Helps others who may use this api.
    Jeremy.
    (cherry picked from commit 9f1bb27bf566069dab48eea125c22a5e20849774)

commit 798ec02bf04dd2b0ae14b0ffc792fbfbcd50a4ef
Author: Steve French <stevef at smfhomehp.(none)>
Date:   Tue Aug 26 13:04:44 2008 -0500

    	mount.cifs: unclear error message with "credentials"
    
    Thanks to Christophe Curis for the suggestion
    (cherry picked from commit a122df5dc01ed9767c53d77a73aabd44f7c8a7ca)

commit 7817de6798ecc8f5ea05541460639fb32603237b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Sun Aug 24 13:58:05 2008 +1000

    become root for AIO operations
    
    We need to become root for AIO read and write to allow the AIO thread
    to send a completion signal to the parent process when the IO
    completes
    (cherry picked from commit 27b1ae601542ebe2e23ab4ff81eb14f8e03a3caf)

commit fd7ca5a896e169e42350507e16aee63841591131
Author: Andrew Tridgell <tridge at samba.org>
Date:   Tue Aug 26 14:06:42 2008 +1000

    EINVAL is also a valid error return, meaning "this filesystem
    cannot do sendfile for this file"
    (cherry picked from commit dc04b5adf7569b3501cb95f86d01e00276b41c23)

commit f04844aa7d50aa5e12c8cc6170d71239422113d1
Author: Andrew Tridgell <tridge at samba.org>
Date:   Sun Aug 24 13:56:59 2008 +1000

    Avoid a race condition in glibc between AIO and setresuid().
    
    See this test: http://samba.org/~tridge/junkcode/aio_uid.c
    
    The problem is that setresuid() tries to be clever about threads, and
    tries to change the euid of any threads that are running. If a AIO read
    or write completes while this is going on then the signal from the thread
    where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo()
    
    The simplest fix is to try to use setreuid() instead of setresuid(),
    as setreuid() doesn't try to be clever. Unfortunately this also means
    we must use become_root()/unbecome_root() in the aio code.
    (cherry picked from commit 319cea52d259e347061658cfbae56ab350b09671)

commit db52767917fd1f4557e662ab241ec4e1df16332b
Author: David Leonard <David.Leonard at quest.com>
Date:   Mon Aug 25 15:15:35 2008 -0700

    Fix bug 4516, no IPv6 on Solaris 2.6.
    (cherry picked from commit ec178599d37d6633697650c54c3588afedea9b7e)

commit 509c1efd574e16ff1d34dd940b7e52aeea761849
Author: Jeff Layton <jlayton at redhat.com>
Date:   Sun Aug 24 17:31:49 2008 -0400

    cifs.upcall: bump SPNEGO msg version number and don't reject old versions
    
    When we added the ability for the kernel to send sec=mskrb5 to the
    upcall, we subtly broke old cifs.upcall versions that don't understand
    it. Bump the spnego message version to 2 to make this clear. Also,
    change cifs.upcall to not reject requests with a version that's lower
    than the current one, and to send the reply with the same version that
    the request sent. The idea is to try and keep cifs.upcall backward
    compatible with old kernels.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>
    (cherry picked from commit 2744bcbf3f22102911b5a3c4676e7d2f970a86eb)

commit cc6d94bd0444b38b825e8c220abe1b56539cde07
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Aug 22 13:50:53 2008 -0700

    Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
    This one took a *lot* of tracking down :-).
    Jeremy.
    (cherry picked from commit f845c95dcfa0b1630a0057c62941bb8a72ebdd83)

commit eb0a0548e0a898736473156334222e74d445cf22
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date:   Fri Aug 22 10:17:04 2008 -0500

    winbindd: Fix crash in cm_connect_sam()
    
    Fix segv when talking to parent DC (joined to child domain).
    
    The root cause was
    
    (a) storing the parent domain in the cli_state struct caused
        the NTLMSSP pipe bind to fail which made us fallover to
        the schannel code path
    (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
        NULL even though the function indicated success.
    (cherry picked from commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
    (cherry picked from commit 72d138adc200ab36e324721900af1a06d0879318)

commit ee30c1981eb46163d829d32ea1ac12572038085c
Author: Jeff Layton <jlayton at redhat.com>
Date:   Thu Aug 21 21:41:19 2008 -0400

    cifs.upcall: fix build warning
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>
    (cherry picked from commit dffb2d8eea03bb75224c3d8b4d0ab210993c645a)

commit d0a926fe3779c840de1b47dfd6e2b4d394eb0c45
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 21 15:05:35 2008 +0200

    Fix Bug #5710 and make machine account password changing work again.
    
    When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use
    NetrServerPasswordSet2 to change the machine password.
    
    Tested with NT4, W2k, W2k3 and W2k8.
    
    Guenther
    (cherry picked from commit 8ae7040a5e64f1a1d2088aeca1dab90470455d8a)

commit 202192809a23281659a1ed4e808daa7214fa6e03
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 21 15:02:03 2008 +0200

    re-run make idl.
    
    Guenther
    (cherry picked from commit f24cef9fa7be45212744d39b7c66804e64147afd)
    (cherry picked from commit 059979f8e7d7d0459f83184ad5b06a8e6281f558)

commit 8aef1233286b9aec684a79b4dd47f1799294ef05
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 21 15:01:36 2008 +0200

    IDL: fix IDL for netr_ServerPasswordSet2().
    
    Guenther
    (cherry picked from commit 7b312a0abc6de5a51555ccfbde7f8f78fc11d043)
    (cherry picked from commit d9fa27a079dde0ebd9c2d6dc1c1bff3ae570f9e8)

commit 66c7ac417df8d62541307a86dac962432f4cf51a
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Aug 21 10:25:51 2008 -0700

    Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid <Douglas_E_Wegscheid at whirlpool.com>.
    Jeremy.
    (cherry picked from commit 02e260ab5254c9691846f7009f685e1b11032f80)

commit 22456840b9de884422bdb5608352ec945d87ab5e
Author: Michael Adam <obnox at samba.org>
Date:   Wed Aug 20 14:56:18 2008 +0200

    build: fix bug #5590 by not linking in the static libs but the objects.
    
    Michael
    (cherry picked from commit 6ad2090391a92ebe822b2d7b80e180c251dc8e7a)
    (cherry picked from commit 24459c7eda080a4fed2d4f2a576c97f878f905f9)

commit 1c99575f93ffdb3fefd34ccf8cd7d6c214a1e968
Author: Michael Adam <obnox at samba.org>
Date:   Wed Aug 20 14:55:24 2008 +0200

    build: fall down to the same place when using an internal lib statically.
    
    Michael
    (cherry picked from commit 702c0bc04668117e3521d687b9b5a87fd7e0f1b1)
    (cherry picked from commit f3ad03d0f909ff862411511d9f63e77047034c01)

commit ad728eae021f03f3681cb4847072351245857556
Author: Michael Adam <obnox at samba.org>
Date:   Wed Aug 20 13:22:13 2008 +0200

    build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency.
    
    Michael
    (cherry picked from commit ead9b9d7167d999d73cf4111f3b321236aac2a15)
    (cherry picked from commit 8dd57f31b2ba621654f989e1ed58bd2dd80b7849)

commit 668e41430d3cad749fcb01ade6beadad1653324b
Author: Günther Deschner <gd at samba.org>
Date:   Wed Aug 20 18:40:58 2008 +0200

    fix build warning.
    
    Guenther
    (cherry picked from commit a75055be5ff7ebe3476cfac86c6597a56a843c23)
    (cherry picked from commit d0a4b9f69984ca5da0007af91013f1bc78dcbf2b)

commit eb2349c175f98fa51a6390841a227c9c7f19009e
Author: Günther Deschner <gd at samba.org>
Date:   Wed Aug 20 20:24:45 2008 +0200

    fix another build warning.
    
    Guenther
    (cherry picked from commit 43693ce6c678b961fa516bbf502af92f87cd5346)
    (cherry picked from commit 2a5ae59f77c05c41c97747dee9bc8c196dfe6b89)

commit c1df51abdf366caf3cde84b1399d05abdc36133b
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date:   Wed Aug 20 13:00:40 2008 -0500

    nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT
    
    According to the GNU libc nss guide, we should always set
    errno to ENOENT when returning NSS_UNAVAIL.
    
    http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface
    
    At least the MQ Series message queing service that runs
    on WebSphere will fail if you return any other errno in this case.
    (cherry picked from commit ee26664602445fa7798e2061f6bcbef0756d6528)
    (cherry picked from commit 29b39723b82f363d32dc4678d6b71a78485c65ce)

commit b3676d078ccdfb07c331811b83550e3f437c7ff5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 19 16:34:50 2008 +0200

    smbd: fix the handling of create_options to pass RAW-OPEN
    
    Some of the bits generate INVALID_PARAMETER and some bits
    are ignored when they come from a client, that's why we need
    to use bits from the ignored range for our internal usage.
    
    metze
    (cherry picked from commit 7b4c8a4e39f310eb450918fa841b0ea1b4af19f7)
    (cherry picked from commit 3366ac2857820d87fb36a1357786a3564d258da5)

commit 5795219f4825d14a02a2d163ae539057112127b6
Author: Jeff Layton <jlayton at redhat.com>
Date:   Tue Aug 19 21:35:35 2008 -0400

    cifs.upcall: handle MSKRB5 OID properly
    
    When the kernel sends the upcall a sec=mskrb5 parameter, that means
    the the MSKRB5 OID is preferred by the server. This patch fixes the
    upcall to use that OID in place of the "normal" krb5 OID when it
    gets a sec=mskrb5 parameter.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>
    Acked-by: Steve French <smfrench at gmail.com>
    (cherry picked from commit 3d96409c115b3ad4ef29ff75e40b39a26e316afe)

commit b8f8560c80d0511352921c21a4d973ad522987cb
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Aug 19 17:31:46 2008 -0700

    Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address
    reported by Ted Percival <ted at midg3t.net>.
    Jeremy.
    (cherry picked from commit 4ac537d1b78c915fe25c219958312cf22f3cba80)

commit 93dd6962f6d31484d7f8ce62f132baaf294aa142
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 19 13:29:24 2008 +0200

    build: fix linking cifs.upcall when nscd_flush_cache() is found.
    
    Michael
    (cherry picked from commit 661b7fdffda40a9ca7cb36627dbaf91cb4357cd0)
    (cherry picked from commit 7401c6a5b74c9c82c02923e6eafa6072a5d5678f)

commit 6e6be2abaf5e85aef63313f9d198ae77c410388b
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Aug 28 16:04:42 2008 +0200

    VERSION: Raise version number up tp 3.2.4.
    
    Karolin

-----------------------------------------------------------------------

Summary of changes:
 source/Makefile.in                    |   10 ++--
 source/VERSION                        |    2 +-
 source/client/cifs.upcall.c           |   21 +++++++---
 source/client/cifs_spnego.h           |    2 +-
 source/client/mount.cifs.c            |    5 +-
 source/configure.in                   |   24 ++++++-----
 source/groupdb/mapping_ldb.c          |    3 +
 source/include/smb.h                  |   15 +++++--
 source/lib/interface.c                |    7 ++-
 source/lib/util_str.c                 |    5 +-
 source/librpc/gen_ndr/cli_netlogon.c  |    6 +-
 source/librpc/gen_ndr/cli_netlogon.h  |    6 +-
 source/librpc/gen_ndr/ndr_netlogon.c  |   38 ++++++++++++++---
 source/librpc/gen_ndr/netlogon.h      |    4 +-
 source/librpc/idl/netlogon.idl        |    6 +-
 source/libsmb/samlogon_cache.c        |   54 ++++++++----------------
 source/libsmb/trusts_util.c           |   75 +++++++++++++++++++++++----------
 source/m4/aclocal.m4                  |    4 +-
 source/nmbd/nmbd.c                    |    4 +-
 source/nmbd/nmbd_processlogon.c       |    2 +-
 source/nmbd/nmbd_subnetdb.c           |   11 +++--
 source/nsswitch/wb_common.c           |   20 ++++++++-
 source/nsswitch/winbind_nss_solaris.c |   25 ++++++++++-
 source/rpc_client/cli_pipe.c          |    4 +-
 source/smbd/aio.c                     |    8 +++-
 source/smbd/nttrans.c                 |   12 +++++
 source/smbd/open.c                    |    5 ++
 source/smbd/reply.c                   |    5 +-
 source/smbd/sesssetup.c               |   23 ++++++----
 source/winbindd/winbindd_ads.c        |    2 +-
 source/winbindd/winbindd_cache.c      |   23 ++++++++++-
 source/winbindd/winbindd_cm.c         |   12 ++++-
 source/winbindd/winbindd_pam.c        |    4 +-
 33 files changed, 301 insertions(+), 146 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/Makefile.in b/source/Makefile.in
index 57d5114..2a8bec0 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -1324,7 +1324,7 @@ bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ
 	@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
 		-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
-		$(LIBTDB_LIBS)
+		$(LIBTDB_LIBS) $(NSCD_LIBS)
 
 bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
 	@echo Linking $@
@@ -1798,7 +1798,7 @@ shlibs test_shlibs: @LIBADDNS_SHARED@
 #
 #-------------------------------------------------------------------
 
-LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
+LIBNETAPI_OBJ0 = lib/netapi/netapi.o \
 		 lib/netapi/cm.o \
 		 librpc/gen_ndr/ndr_libnetapi.o \
 		 lib/netapi/libnetapi.o \
@@ -1807,7 +1807,7 @@ LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
 		 lib/netapi/getdc.o \
 		 lib/netapi/user.o
 
-LIBNETAPI_OBJ  = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \
+LIBNETAPI_OBJ  = $(LIBNETAPI_OBJ0) $(LIBNET_OBJ) \
 		 $(LIBSMBCONF_OBJ) \
 		 $(REG_SMBCONF_OBJ) \
 		 $(PARAM_WITHOUT_REG_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -1838,9 +1838,9 @@ $(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME)
 	@rm -f $@
 	@ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
 
-$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1)
+$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ0)
 	@echo Linking non-shared library $@
-	@-$(AR) -rc $@ $(LIBNETAPI_OBJ1)
+	@-$(AR) -rc $@ $(LIBNETAPI_OBJ0)
 
 libnetapi: $(LIBNETAPI)
 
diff --git a/source/VERSION b/source/VERSION
index 97c5d51..3307650 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c
index aa5eb57..7cb5166 100644
--- a/source/client/cifs.upcall.c
+++ b/source/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
 
 #include "cifs_spnego.h"
 
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
 static const char *prog = "cifs.upcall";
 typedef enum _secType {
 	KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
 	tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
 
 	/* and wrap that in a shiny SPNEGO wrapper */
-	*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+	*secblob = gen_negTokenInit(oid, tkt_wrapped);
 
 	data_blob_free(&tkt_wrapped);
 	data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
 			if (strncmp(tkn + 4, "krb5", 4) == 0) {
 				retval |= DKD_HAVE_SEC;
 				*sec = KRB5;
+			} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+				retval |= DKD_HAVE_SEC;
+				*sec = MS_KRB5;
 			}
 		} else if (strncmp(tkn, "uid=", 4) == 0) {
 			errno = 0;
@@ -220,6 +223,7 @@ int main(const int argc, char *const argv[])
 	int kernel_upcall_version;
 	int c, use_cifs_service_prefix = 0;
 	char *buf, *hostname = NULL;
+	const char *oid;
 
 	openlog(prog, 0, LOG_DAEMON);
 
@@ -280,7 +284,7 @@ int main(const int argc, char *const argv[])
 	}
 	SAFE_FREE(buf);
 
-	if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
+	if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
 		syslog(LOG_WARNING,
 		       "incompatible kernel upcall version: 0x%x",
 		       kernel_upcall_version);
@@ -301,6 +305,7 @@ int main(const int argc, char *const argv[])
 
 	// do mech specific authorization
 	switch (sectype) {
+	case MS_KRB5:
 	case KRB5:{
 			char *princ;
 			size_t len;
@@ -319,8 +324,12 @@ int main(const int argc, char *const argv[])
 			}
 			strlcpy(princ + 5, hostname, len - 5);
 
-			rc = handle_krb5_mech(OID_KERBEROS5, princ,
-					      &secblob, &sess_key);
+			if (sectype == MS_KRB5)
+				oid = OID_KERBEROS5_OLD;
+			else
+				oid = OID_KERBEROS5;
+
+			rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
 			SAFE_FREE(princ);
 			break;
 		}
@@ -344,7 +353,7 @@ int main(const int argc, char *const argv[])
 		rc = 1;
 		goto out;
 	}
-	keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
+	keydata->version = kernel_upcall_version;
 	keydata->flags = 0;
 	keydata->sesskey_len = sess_key.length;
 	keydata->secblob_len = secblob.length;
diff --git a/source/client/cifs_spnego.h b/source/client/cifs_spnego.h
index 13909dd..f8753a7 100644
--- a/source/client/cifs_spnego.h
+++ b/source/client/cifs_spnego.h
@@ -23,7 +23,7 @@
 #ifndef _CIFS_SPNEGO_H
 #define _CIFS_SPNEGO_H
 
-#define CIFS_SPNEGO_UPCALL_VERSION 1
+#define CIFS_SPNEGO_UPCALL_VERSION 2
 
 /*
  * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.
diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c
index c24c22e..af50cd9 100644
--- a/source/client/mount.cifs.c
+++ b/source/client/mount.cifs.c
@@ -196,7 +196,7 @@ static int open_cred_file(char * file_name)
 	line_buf = (char *)malloc(4096);
 	if(line_buf == NULL) {
 		fclose(fs);
-		return -ENOMEM;
+		return ENOMEM;
 	}
 
 	while(fgets(line_buf,4096,fs)) {
@@ -533,7 +533,8 @@ static int parse_options(char ** optionsp, int * filesys_flags)
 			if (value && *value) {
 				rc = open_cred_file(value);
 				if(rc) {
-					printf("error %d opening credential file %s\n",rc, value);
+					printf("error %d (%s) opening credential file %s\n",
+						rc, strerror(rc), value);
 					return 1;
 				}
 			} else {
diff --git a/source/configure.in b/source/configure.in
index 0012b17..0086be7 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -2603,30 +2603,32 @@ AC_CHECK_FUNCS(getpagesize)
 ################################################
 # look for a method of setting the effective uid
 seteuid=no;
+
 if test $seteuid = no; then
-AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
+AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[
 AC_TRY_RUN([
 #define AUTOCONF_TEST 1
-#define USE_SETRESUID 1
+#define USE_SETREUID 1
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"],
-           samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
-if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
-    seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
+           samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)])
+if test x"$samba_cv_USE_SETREUID" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available])
 fi
 fi
 
-
+# we check for setresuid second as it conflicts with AIO on Linux. 
+# see http://samba.org/~tridge/junkcode/aio_uid.c
 if test $seteuid = no; then
-AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[
+AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
 AC_TRY_RUN([
 #define AUTOCONF_TEST 1
-#define USE_SETREUID 1
+#define USE_SETRESUID 1
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"],
-           samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)])
-if test x"$samba_cv_USE_SETREUID" = x"yes"; then
-    seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether setreuid() is available])
+           samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
+if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETRESUID,1,[Whether setresuid() is available])
 fi
 fi
 
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index ce65d7c..7ce879f 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -60,6 +60,9 @@ static bool init_group_mapping(void)
 	ldb = ldb_init(NULL);
 	if (ldb == NULL) goto failed;
 
+	/* Ensure this db is created read/write for root only. */
+	ldb_set_create_perms(ldb, 0600);
+
 	existed = file_exist(db_path, NULL);
 
 	if (lp_parm_bool(-1, "groupmap", "nosync", False)) {
diff --git a/source/include/smb.h b/source/include/smb.h
index cef6819..3c7058f 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1377,12 +1377,19 @@ struct bitmap {
 #define FILE_DELETE_ON_CLOSE      0x1000
 #define FILE_OPEN_BY_FILE_ID	  0x2000
 
-/* Private create options used by the ntcreatex processing code. From Samba4. */
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS     0x01000000
-#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB     0x02000000
+#define NTCREATEX_OPTIONS_MUST_IGNORE_MASK      (0x008F0480)
+
+#define NTCREATEX_OPTIONS_INVALID_PARAM_MASK    (0xFF100030)
+
+/*
+ * Private create options used by the ntcreatex processing code. From Samba4.
+ * We reuse some ignored flags for private use.
+ */
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS     0x00010000
+#define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB     0x00020000
 
 /* Private options for streams support */
-#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
+#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x00040000
 
 /* Responses when opening a file. */
 #define FILE_WAS_SUPERSEDED 0
diff --git a/source/lib/interface.c b/source/lib/interface.c
index eb0af9e..2e7c270 100644
--- a/source/lib/interface.c
+++ b/source/lib/interface.c
@@ -131,15 +131,18 @@ int iface_count(void)
 }
 
 /****************************************************************************
- How many interfaces do we have (v4 only) ?
+ How many non-loopback IPv4 interfaces do we have ?
 **************************************************************************/
 
-int iface_count_v4(void)
+int iface_count_v4_nl(void)
 {
 	int ret = 0;
 	struct interface *i;
 
 	for (i=local_interfaces;i;i=i->next) {
+		if (is_loopback_addr(&i->ip)) {
+			continue;
+		}
 		if (i->ip.ss_family == AF_INET) {
 			ret++;
 		}
diff --git a/source/lib/util_str.c b/source/lib/util_str.c
index c36d512..a2458c8 100644
--- a/source/lib/util_str.c
+++ b/source/lib/util_str.c
@@ -2006,6 +2006,7 @@ bool str_list_sub_basic( char **list, const char *smb_name,
 
 bool str_list_substitute(char **list, const char *pattern, const char *insert)
 {
+	TALLOC_CTX *ctx = list;
 	char *p, *s, *t;
 	ssize_t ls, lp, li, ld, i, d;
 
@@ -2028,7 +2029,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
 			t = *list;
 			d = p -t;
 			if (ld) {
-				t = (char *) SMB_MALLOC(ls +ld +1);
+				t = TALLOC_ARRAY(ctx, char, ls +ld +1);
 				if (!t) {
 					DEBUG(0,("str_list_substitute: "
 						"Unable to allocate memory"));
@@ -2036,7 +2037,7 @@ bool str_list_substitute(char **list, const char *pattern, const char *insert)
 				}
 				memcpy(t, *list, d);
 				memcpy(t +d +li, p +lp, ls -d -lp +1);
-				SAFE_FREE(*list);
+				TALLOC_FREE(*list);
 				*list = t;
 				ls += ld;
 				s = t +d +li;
diff --git a/source/librpc/gen_ndr/cli_netlogon.c b/source/librpc/gen_ndr/cli_netlogon.c
index 61f4103..f5b4715 100644
--- a/source/librpc/gen_ndr/cli_netlogon.c
+++ b/source/librpc/gen_ndr/cli_netlogon.c
@@ -1534,9 +1534,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
 					const char *account_name /* [in] [charset(UTF16)] */,
 					enum netr_SchannelType secure_channel_type /* [in]  */,
 					const char *computer_name /* [in] [charset(UTF16)] */,
-					struct netr_Authenticator credential /* [in]  */,
-					struct netr_CryptPassword new_password /* [in]  */,
-					struct netr_Authenticator *return_authenticator /* [out] [ref] */)
+					struct netr_Authenticator *credential /* [in] [ref] */,
+					struct netr_Authenticator *return_authenticator /* [out] [ref] */,
+					struct netr_CryptPassword *new_password /* [in] [ref] */)
 {
 	struct netr_ServerPasswordSet2 r;
 	NTSTATUS status;
diff --git a/source/librpc/gen_ndr/cli_netlogon.h b/source/librpc/gen_ndr/cli_netlogon.h
index 2968732..2033315 100644
--- a/source/librpc/gen_ndr/cli_netlogon.h
+++ b/source/librpc/gen_ndr/cli_netlogon.h
@@ -239,9 +239,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
 					const char *account_name /* [in] [charset(UTF16)] */,
 					enum netr_SchannelType secure_channel_type /* [in]  */,
 					const char *computer_name /* [in] [charset(UTF16)] */,
-					struct netr_Authenticator credential /* [in]  */,
-					struct netr_CryptPassword new_password /* [in]  */,
-					struct netr_Authenticator *return_authenticator /* [out] [ref] */);
+					struct netr_Authenticator *credential /* [in] [ref] */,
+					struct netr_Authenticator *return_authenticator /* [out] [ref] */,
+					struct netr_CryptPassword *new_password /* [in] [ref] */);
 NTSTATUS rpccli_netr_ServerPasswordGet(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
 				       const char *server_name /* [in] [unique,charset(UTF16)] */,
diff --git a/source/librpc/gen_ndr/ndr_netlogon.c b/source/librpc/gen_ndr/ndr_netlogon.c
index ce61f8d..eff816c 100644
--- a/source/librpc/gen_ndr/ndr_netlogon.c
+++ b/source/librpc/gen_ndr/ndr_netlogon.c
@@ -12310,8 +12310,14 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr,
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
 		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
-		NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		if (r->in.new_password == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.return_authenticator == NULL) {
@@ -12327,7 +12333,9 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
 {
 	uint32_t _ptr_server_name;
 	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_credential_0;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_new_password_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -12364,8 +12372,20 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr,
 		}
 		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
 		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
-		NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, &r->in.new_password));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.new_password);
+		}
+		_mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_CryptPassword(ndr, NDR_SCALARS, r->in.new_password));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
 		ZERO_STRUCTP(r->out.return_authenticator);
 	}
@@ -12401,8 +12421,14 @@ _PUBLIC_ void ndr_print_netr_ServerPasswordSet2(struct ndr_print *ndr, const cha
 		ndr_print_string(ndr, "account_name", r->in.account_name);
 		ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
 		ndr_print_string(ndr, "computer_name", r->in.computer_name);
-		ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
-		ndr_print_netr_CryptPassword(ndr, "new_password", &r->in.new_password);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "new_password", r->in.new_password);
+		ndr->depth++;
+		ndr_print_netr_CryptPassword(ndr, "new_password", r->in.new_password);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
diff --git a/source/librpc/gen_ndr/netlogon.h b/source/librpc/gen_ndr/netlogon.h
index 9e86051..1cea1f0 100644
--- a/source/librpc/gen_ndr/netlogon.h
+++ b/source/librpc/gen_ndr/netlogon.h
@@ -1355,8 +1355,8 @@ struct netr_ServerPasswordSet2 {
 		const char *account_name;/* [charset(UTF16)] */
 		enum netr_SchannelType secure_channel_type;
 		const char *computer_name;/* [charset(UTF16)] */
-		struct netr_Authenticator credential;
-		struct netr_CryptPassword new_password;
+		struct netr_Authenticator *credential;/* [ref] */
+		struct netr_CryptPassword *new_password;/* [ref] */
 	} in;
 
 	struct {
diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl
index 98cf1e7..74535fc 100644
--- a/source/librpc/idl/netlogon.idl
+++ b/source/librpc/idl/netlogon.idl
@@ -1182,9 +1182,9 @@ interface netlogon
 		[in]  [string,charset(UTF16)] uint16 account_name[],
 		[in]  netr_SchannelType secure_channel_type,
 		[in]  [string,charset(UTF16)] uint16 computer_name[],
-		[in]  netr_Authenticator credential,
-		[in]  netr_CryptPassword new_password,
-		[out,ref] netr_Authenticator *return_authenticator
+		[in,ref] netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[in,ref] netr_CryptPassword *new_password
 		);
 
 	/****************/
diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c
index 2d2588f..4abe5bb 100644
--- a/source/libsmb/samlogon_cache.c
+++ b/source/libsmb/samlogon_cache.c
@@ -59,48 +59,30 @@ bool netsamlogon_cache_shutdown(void)
  Clear cache getpwnam and getgroups entries from the winbindd cache
 ***********************************************************************/
 
-void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3)
+void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3)
 {
-	bool got_tdb = false;
-	DOM_SID sid;
-	fstring key_str, sid_string;
-
-	/* We may need to call this function from smbd which will not have
-	   winbindd_cache.tdb open.  Open the tdb if a NULL is passed. */
-
-	if (!tdb) {
-		tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
-				   WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
-				   TDB_DEFAULT, O_RDWR, 0600);
-		if (!tdb) {
-			DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n"));
-			return;
-		}
-		got_tdb = true;
-	}
-
-	sid_copy(&sid, info3->base.domain_sid);
-	sid_append_rid(&sid, info3->base.rid);
-
-	/* Clear U/SID cache entry */
-
-	fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
-
-	DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key_str));
-
-	tdb_delete(tdb, string_tdb_data(key_str));
+	DOM_SID	user_sid;
+	fstring keystr, tmp;
 
-	/* Clear UG/SID cache entry */
+	if (!info3) {
+		return;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list