[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5250-ge5f0f6b

Karolin Seeger kseeger at samba.org
Wed May 6 07:26:31 GMT 2009 

The branch, v3-3-test has been updated
       via  e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc (commit)
       via  65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c (commit)
       via  1921d77fa2490bd19aded05924a62795641231ea (commit)
       via  1d345210381b1f543c2ccaa6e66f52532916413e (commit)
       via  a100a9c48d73df69851099e15253a65f2dbc9f65 (commit)
      from  02368626a273368a3b731d2b413e90d91ed15c5c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc
Author: Volker Lendecke <vl at samba.org>
Date:   Mon May 4 14:39:56 2009 +0200

    Do not crash in ctdbd_traverse if ctdbd is not around

commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c
Author: Volker Lendecke <vl at samba.org>
Date:   Mon May 4 12:36:13 2009 +0200

    3.3: Increase debug level of "create_connection_server_info failed" message
    
    I don't think we should unconditionally send every refused connection attempt
    to a share to syslog, that's where all debug level 0 messages end up.

commit 1921d77fa2490bd19aded05924a62795641231ea
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 5 17:02:46 2009 +0200

    s3:mark registry shares without path unavailable in the server, too
    
    This prevents users from getting access to "/" in misconfigured setups.
    
    Michael

commit 1d345210381b1f543c2ccaa6e66f52532916413e
Author: Michael Adam <obnox at samba.org>
Date:   Tue Apr 28 01:24:27 2009 +0200

    s3:loadparm: mark registry shares without path unavailable
    
    ...just as with text config.
    This applies to testparm and friends.
    smbd is fixed in a second patch.
    
    Michael

commit a100a9c48d73df69851099e15253a65f2dbc9f65
Author: Michael Adam <obnox at samba.org>
Date:   Mon Apr 27 18:10:14 2009 +0200

    s3:loadparm: prevent infinite include nesting.
    
    This introduces a hard coded MAX_INCLUDE_DEPTH of 100.
    When this is exceeded, handle_include (and hence lp_load) fails.
    
    One could of course implement a more intelligent loop detection
    in the include-tree, but this would require some restructuring
    of the internal loadparm housekeeping. Maybe as a second improvement
    step.
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source/lib/ctdbd_conn.c |    5 +++++
 source/param/loadparm.c |   24 ++++++++++++++++++++++--
 source/smbd/service.c   |    6 +++++-
 3 files changed, 32 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/ctdbd_conn.c b/source/lib/ctdbd_conn.c
index 7c32d57..465c09a 100644
--- a/source/lib/ctdbd_conn.c
+++ b/source/lib/ctdbd_conn.c
@@ -1094,6 +1094,11 @@ NTSTATUS ctdbd_traverse(uint32 db_id,
 	struct ctdbd_traverse_state state;
 
 	status = ctdbd_init_connection(NULL, &conn);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("ctdbd_init_connection failed: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
 
 	t.db_id = db_id;
 	t.srvid = conn->rand_srvid;
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 5cb9476..c7b06a4 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -6585,6 +6585,9 @@ static bool process_registry_service(struct smbconf_service *service)
 			return false;
 		}
 	}
+	if (iServiceIndex >= 0) {
+		return  service_ok(iServiceIndex);
+	}
 	return true;
 }
 
@@ -6672,6 +6675,10 @@ done:
 	return ret;
 }
 
+#define MAX_INCLUDE_DEPTH 100
+
+static uint8_t include_depth;
+
 static struct file_lists {
 	struct file_lists *next;
 	char *name;
@@ -6859,12 +6866,22 @@ static bool handle_include(int snum, const char *pszParmValue, char **ptr)
 {
 	char *fname;
 
+	if (include_depth >= MAX_INCLUDE_DEPTH) {
+		DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
+			  include_depth));
+		return false;
+	}
+
 	if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
 		if (!bAllowIncludeRegistry) {
 			return true;
 		}
 		if (bInGlobalSection) {
-			return process_registry_globals();
+			bool ret;
+			include_depth++;
+			ret = process_registry_globals();
+			include_depth--;
+			return ret;
 		} else {
 			DEBUG(1, ("\"include = registry\" only effective "
 				  "in %s section\n", GLOBAL_NAME));
@@ -6881,7 +6898,10 @@ static bool handle_include(int snum, const char *pszParmValue, char **ptr)
 	string_set(ptr, fname);
 
 	if (file_exist(fname, NULL)) {
-		bool ret = pm_process(fname, do_section, do_parameter, NULL);
+		bool ret;
+		include_depth++;
+		ret = pm_process(fname, do_section, do_parameter, NULL);
+		include_depth--;
 		SAFE_FREE(fname);
 		return ret;
 	}
diff --git a/source/smbd/service.c b/source/smbd/service.c
index 5e75fce..4724dd7 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -286,6 +286,10 @@ static int load_registry_service(const char *servicename)
 		TALLOC_FREE(value);
 	}
 
+	if (!service_ok(res)) {
+		res = -1;
+	}
+
  error:
 
 	TALLOC_FREE(key);
@@ -736,7 +740,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		&conn->server_info);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("create_connection_server_info failed: %s\n",
+		DEBUG(1, ("create_connection_server_info failed: %s\n",
 			  nt_errstr(status)));
 		*pstatus = status;
 		conn_free(conn);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list