[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1204-g6c55518
Steven Danneman
sdanneman at samba.org
Wed Aug 26 17:36:55 MDT 2009
The branch, master has been updated
via 6c55518d471950d8ebaf0df47634116802d6f735 (commit)
via bc4b253b2c793a2fce6614ee7fadf1713f558776 (commit)
via 5469866242f0dfbdc7260c86cfca196b10e4af21 (commit)
from 32f9d20dff043cca5b81ff855c44a71bf18e41e4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6c55518d471950d8ebaf0df47634116802d6f735
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Wed Aug 26 16:17:38 2009 -0700
s3/smbd: open the share_info.tdb on startup instead of tconx
This is a small performance optimization. Instead of opening the tdb
on every smb connection in the forked child process, we now open it in
the parent and share the fd.
This also reduces the total fd usage in the system.
commit bc4b253b2c793a2fce6614ee7fadf1713f558776
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Wed Aug 26 10:36:48 2009 -0700
s3/debug: make SPENGO OID list appear under one debug header
commit 5469866242f0dfbdc7260c86cfca196b10e4af21
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Wed Jul 29 16:13:44 2009 -0700
s3/winbindd: Remove unnecessary check for NULL SID
There's a known bug in some Windows implementations of
DsEnumerateDomainTrusts() where domain SIDs are not returned for
transitively trusted domains within the same forest.
Jerry originally worked around this in the winbindd parent by checking
for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved
these checks into the child process in commit 3bdfcbac making the
initial patch unecessary.
I've removed it and added a clarifying comment to the child process.
If ever this SID is needed we could add an extra DsEnumerateDomainTrusts()
call in trusted_domains() as suggested by the Microsoft KB.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 1 +
source3/lib/sharesec.c | 2 +-
source3/libsmb/cliconnect.c | 5 ++++-
source3/smbd/server.c | 9 +++++++++
source3/winbindd/winbindd_ads.c | 6 +++++-
source3/winbindd/winbindd_util.c | 9 ++-------
6 files changed, 22 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 50ac834..0da8c25 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -721,6 +721,7 @@ struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx, const char *name,
/* The following definitions come from lib/sharesec.c */
+bool share_info_db_init(void);
SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access);
SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize);
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index a1d30f1..799d983 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -37,7 +37,7 @@ static int delete_fn(struct db_record *rec, void *priv)
return 0;
}
-static bool share_info_db_init(void)
+bool share_info_db_init(void)
{
const char *vstring = "INFO/version";
int32 vers_id;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 7726611..239dfc8 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1010,7 +1010,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
/* make sure the server understands kerberos */
for (i=0;OIDs[i];i++) {
- DEBUG(3,("got OID=%s\n", OIDs[i]));
+ if (i == 0)
+ DEBUG(3,("got OID=%s\n", OIDs[i]));
+ else
+ DEBUGADD(3,("got OID=%s\n", OIDs[i]));
if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
strcmp(OIDs[i], OID_KERBEROS5) == 0) {
cli->got_kerberos_mechanism = True;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index ace3124..09ad8d8 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1218,6 +1218,15 @@ extern void build_options(bool screen);
return -1;
}
+ /* Open the share_info.tdb here, so we don't have to open
+ after the fork on every single connection. This is a small
+ performance improvment and reduces the total number of system
+ fds used. */
+ if (!share_info_db_init()) {
+ DEBUG(0,("ERROR: failed to load share info db.\n"));
+ exit(1);
+ }
+
/* only start the background queue daemon if we are
running as a daemon -- bad things will happen if
smbd is launched via inetd and we fork a copy of
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a9df61d..b5fe080 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1379,9 +1379,13 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(10,("trusted_domains: Skipping external trusted domain "
"%s because it is outside of our primary domain\n",
trusts.array[i].netbios_name));
- continue;
+ continue;
}
+ /* We must check that the SID of each trusted domain
+ * was returned to work around a bug in Windows:
+ * http://support.microsoft.com/kb/922832 */
+
(*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name);
(*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name);
if (trusts.array[i].sid) {
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 5c2ebab..ff8c101 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -322,13 +322,8 @@ static void trustdom_recv(void *private_data, bool success)
*q = '\0';
if (!string_to_sid(&sid, sidstr)) {
- /* Allow NULL sid for sibling domains */
- if ( strcmp(sidstr,"S-0-0") == 0) {
- sid_copy( &sid, &global_sid_NULL);
- } else {
- DEBUG(0, ("Got invalid trustdom response\n"));
- break;
- }
+ DEBUG(0, ("Got invalid trustdom response\n"));
+ break;
}
/* use the real alt_name if we have one, else pass in NULL */
--
Samba Shared Repository
More information about the samba-cvs
mailing list