[SCM] Samba Shared Repository - branch v3-4-stable updated
Karolin Seeger
kseeger at samba.org
Mon Oct 26 04:53:52 MDT 2009
The branch, v3-4-stable has been updated
via b42a0db... s3:docs: Public is not a synonym for access based shareenum.
via 10bd0b5... s3: Fix crash in pam_winbind, another reference to freed memory.
via 00c42f09.. Fix bug 6829 - smbclient does not show special characters properly. All successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit 587ca743bf1491e97c984ce4bec5a9bd0a1ae69a)
via 6cbf9e8... Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba Jeremy. (cherry picked from commit a572c28ca3daa199d78fc340819c5c9ff53a3ed6)
via 4cdb4ae... s3: Don't fail authentication when one or some group of require-membership-of is invalid.
from 470f322... WHATSNEW: Update changes since 3.4.2.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit b42a0dbc996d8e40b4893b11445435a781de4afa
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Oct 26 10:14:51 2009 +0100
s3:docs: Public is not a synonym for access based shareenum.
Fix build warning.
Karolin
(cherry picked from commit 35dc481289c28a77f354dd76193d6298de32c66d)
(cherry picked from commit 7601427a2db1263b0192c1a78d8bacb7eb0b74da)
(cherry picked from commit d6ecfb23cfc841ad0bfe8ae677ddbbba7fd36f31)
commit 10bd0b5e0dcc25f4e6803ca3507b3b09a85f378c
Author: Bo Yang <boyang at samba.org>
Date: Sat Oct 24 09:20:00 2009 +0800
s3: Fix crash in pam_winbind, another reference to freed memory.
Fix bug #6840.
Signed-off-by: Bo Yang <boyang at samba.org>
(cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8)
(cherry picked from commit a0fbf067011ae50d63c6ed2a79f1ff00c2ce2d11)
commit 00c42f0981a10144dc78b86336f5d5177780a4bd
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 22 15:30:47 2009 -0700
Fix bug 6829 - smbclient does not show special characters properly. All successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy.
(cherry picked from commit 587ca743bf1491e97c984ce4bec5a9bd0a1ae69a)
commit 6cbf9e806644021aef4ad0d1d97c97e1e972e18e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 20 18:10:30 2009 -0700
Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba Jeremy.
(cherry picked from commit a572c28ca3daa199d78fc340819c5c9ff53a3ed6)
commit 4cdb4ae29289ef17ad21871f989f18983bc75d36
Author: Bo Yang <boyang at samba.org>
Date: Thu Oct 15 06:23:48 2009 +0800
s3: Don't fail authentication when one or some group of require-membership-of is invalid.
Signed-off-by: Bo Yang <boyang at samba.org>
(cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392)
Fix bug #6826.
(cherry picked from commit f383e5f549f9f2075a064ba3d88fa9b34c5e3389)
-----------------------------------------------------------------------
Summary of changes:
.../smbdotconf/security/accessbasedshareenum.xml | 1 -
nsswitch/pam_winbind.c | 35 +++++++++++++++++---
source3/libsmb/clidfs.c | 9 +++++
source3/libsmb/libsmb_server.c | 8 ++++
source3/smbd/blocking.c | 26 ++++++++++----
5 files changed, 65 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/accessbasedshareenum.xml b/docs-xml/smbdotconf/security/accessbasedshareenum.xml
index c2977c4..8b94648 100644
--- a/docs-xml/smbdotconf/security/accessbasedshareenum.xml
+++ b/docs-xml/smbdotconf/security/accessbasedshareenum.xml
@@ -3,7 +3,6 @@
context="S"
basic="1" advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <synonym>public</synonym>
<description>
<para>If this parameter is <constant>yes</constant> for a
service, then the share hosted by the service will only be visible
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 132d637..ec05f75 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1053,7 +1053,23 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
current_name,
sid_list_buffer,
sid_list_buffer_size)) {
- goto out;
+ /*
+ * If one group name failed, we must not fail
+ * the authentication totally, continue with
+ * the following group names. If user belongs to
+ * one of the valid groups, we must allow it
+ * login. -- BoYang
+ */
+
+ _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+ "check if group %s is valid group.", current_name,
+ current_name);
+ _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+ "to sid, please contact your administrator to see "
+ "if group %s is valid."), current_name, current_name);
+ SAFE_FREE(current_name);
+ search_location = comma + 1;
+ continue;
}
SAFE_FREE(current_name);
@@ -1069,7 +1085,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
if (!winbind_name_to_sid_string(ctx, user, search_location,
sid_list_buffer,
sid_list_buffer_size)) {
- goto out;
+ _pam_log(ctx, LOG_INFO, "cannot convert group %s to sid, "
+ "check if group %s is valid group.", search_location,
+ search_location);
+ _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+ "to sid, please contact your administrator to see "
+ "if group %s is valid."), search_location, search_location);
}
result = true;
@@ -1763,7 +1784,7 @@ static int winbind_auth_request(struct pwb_context *ctx,
if (logon.blobs) {
wbcFreeMemory(logon.blobs);
}
- if (info && info->blobs) {
+ if (info && info->blobs && !p_info) {
wbcFreeMemory(info->blobs);
}
if (error && !p_error) {
@@ -3117,10 +3138,14 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
free(username_ret);
}
- wbcFreeMemory(info);
- wbcFreeMemory(policy);
}
+ if (info && info->blobs) {
+ wbcFreeMemory(info->blobs);
+ }
+ wbcFreeMemory(info);
+ wbcFreeMemory(policy);
+
goto out;
}
} else {
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 5e944f1..53dc6d7 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -216,6 +216,15 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
return NULL;
}
d_printf("Anonymous login successful\n");
+ status = cli_init_creds(c, "", lp_workgroup(), "");
+ } else {
+ status = cli_init_creds(c, username, lp_workgroup(), password);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
+ cli_shutdown(c);
+ return NULL;
}
if ( show_sessetup ) {
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 60849c8..cf2d1d5 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -500,6 +500,14 @@ again:
}
}
+ status = cli_init_creds(c, username_used,
+ *pp_workgroup, *pp_password);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
+ cli_shutdown(c);
+ return NULL;
+ }
+
DEBUG(4,(" session setup ok\n"));
status = cli_tcon_andx(c, share, "?????", *pp_password,
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 4284993..f4d88d8 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -48,6 +48,22 @@ static void brl_timeout_fn(struct event_context *event_ctx,
}
/****************************************************************************
+ We need a version of timeval_min that treats zero timval as infinite.
+****************************************************************************/
+
+static struct timeval timeval_brl_min(const struct timeval *tv1,
+ const struct timeval *tv2)
+{
+ if (timeval_is_zero(tv1)) {
+ return *tv2;
+ }
+ if (timeval_is_zero(tv2)) {
+ return *tv1;
+ }
+ return timeval_min(tv1, tv2);
+}
+
+/****************************************************************************
After a change to blocking_lock_queue, recalculate the timed_event for the
next processing.
****************************************************************************/
@@ -70,19 +86,13 @@ static bool recalc_brl_timeout(void)
*/
if (blr->blocking_pid == 0xFFFFFFFF) {
struct timeval psx_to = timeval_current_ofs(10, 0);
- next_timeout = timeval_min(&next_timeout, &psx_to);
+ next_timeout = timeval_brl_min(&next_timeout, &psx_to);
}
continue;
}
- if (timeval_is_zero(&next_timeout)) {
- next_timeout = blr->expire_time;
- }
- else {
- next_timeout = timeval_min(&next_timeout,
- &blr->expire_time);
- }
+ next_timeout = timeval_brl_min(&next_timeout, &blr->expire_time);
}
if (timeval_is_zero(&next_timeout)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list