[SCM] Samba Shared Repository - branch v3-5-stable updated
Karolin Seeger
kseeger at samba.org
Wed Feb 10 03:09:10 MST 2010
The branch, v3-5-stable has been updated
via 00e133b... WHATSNEW: Update changes since 3.5.0rc2.
via 66dc2e5... Fix off-by-one error in working out the limit of the NetServerEnum comment.
via d99c1b5... Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
via a46c446... tdb: raise version to 1.2.1
via 1991ae2... s3:smbd: use StrCaseCmp() instead of strcasecmp
via 511048d... s3:smbd: Fix really ugly bool vs. int bug!!!
via fb9a59d... s3:passdb: only use gid_to_sid() result if the result is a group of our local sam
via 123ecaf... s3:pdb_ldap: don't search for the users primary group, if we already know it
via 3e531cf... s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.
via c6f299b... s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support
via e725f0d... s3:passdb: speed up pdb_get_group_sid()
via d1e19b3... s3: Make pdb_copy_sam_account also copy the group sid
via c0505ad... s3: shortcut gid_to_sid when "ldapsam:trusted = yes"
via 976b7c4... Missed one check on the memcpy for bug #7063.
via 5d3a3d7... Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
via d8e0a24... s3-docs: Add missing para end tag.
via 5837e2c... WHATSNEW: Add changes since 3.5.0rc2.
via 4caaf04... WHATSNEW: Update changes.
via 324f6b0... Fix bug #6876 for acl_tdb module.
via 4ae91dd... s3:libsmb: fix NetServerEnum3 rap calls.
via abd7f74... s3:smbd: implement api_RNetServerEnum3
via 183bd3a... util: added binsearch.h for binary array searches
via a7d7764... s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()
via ecc9943... s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2
via 78cc7fe... Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
via 184d91b... s3: fix some wrong newlines in de translation strings (cherry picked from commit fb0c03209773059caad8d0aad5899828e5f5e64e) (cherry picked from commit a115b05969564b1c9a2cac0986e113f69dd08d2c)
via 148c653... Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
via 7df2cdc... s3: Fix malformed require_membership_of_sid.
via a81c365... s3: fix build issue on Tru64
via 7625782... s3: normalize "Changing password for" msg IDs and STRs
via 28a1867... Fix bug #7079 - cliconnect gets realm wrong with trusted domains.
via 08c9fee... s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()
via 7c792e9... Add cross option to samba_cv_linux_getgrouplist_ok
via 05b5ca0... s3/smbd: Fix string buffer overflow causing heap corruption
via b538cbe... tdb: fix an early release of the global lock that can cause data corruption
via 728566d... Fix bug #7084 - Create time on directories not stored properly in an EA in new create time code.
via c59b9a3... s3: Simplify the code a bit: Catch (len==0) early
via 023f423... Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
via 92ae65a... s3/vfs_scannedonly: AIX doesn't have MSG_DONTWAIT (cherry picked from commit e95e3270d1f3fece7292359d276ce45913a699ac)
via 8a6058b... Fix bug #7069 - smbget does not return an error status after some errors
via 6e04a25... Fix bug #7072 - Accounts can't be unlocked from ldap.
via a6ae7a5... Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
via b4e0480... s3/winbind_ccache: Fix typo in debug message.
via dbafd8d... Add dependency of bin/smbfilter to libwbclient. (cherry picked from commit 2dd301e5cd6ff97943c4bf9c7cd9b820d6193b45)
via ba68458... VERSION: Raise version number up to 3.5.0.
from 6e42522... WHATSNEW: Update changes.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable
- Log -----------------------------------------------------------------
commit 00e133ba8dae14a1758d8f324f009a2476155208
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Feb 10 11:05:13 2010 +0100
WHATSNEW: Update changes since 3.5.0rc2.
Karolin
(cherry picked from commit 085bd69d49e7605e511060110cc0bab5faf99e62)
commit 66dc2e5d5f8a4700af91f70f938e8d47f82b3507
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 12:17:08 2010 -0800
Fix off-by-one error in working out the limit of the NetServerEnum comment.
Jeremy.
Part of a fix for bug #7122 (Reading a large browselist fails (server returns
invalid values in subsequent SMBtrans replies).
(cherry picked from commit 89a7121a3ff3ad110c3635bb493983fafdcee9f6)
commit d99c1b51b7af9d499eb070c87958c95c3a294aff
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 15:14:38 2010 -0800
Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
There are two problems:
1). The server is off-by-one in the end of buffer space test.
2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
fields in the second and subsequent SMBtrans replies.
This patch fixes both.
Jeremy.
(cherry picked from commit b07a14dc37d2899f662e1cf87064f99c0bd10b25)
commit a46c44628f517da1c05fc247b6ae78b085505ac6
Author: Simo Sorce <idra at samba.org>
Date: Sat Feb 6 10:48:39 2010 -0500
tdb: raise version to 1.2.1
after recent fixes we need to raise the version to 1.2.1 so that
we can require also the right patched version.
Original commit was 70534adee10fc6f5bba2d9304668dc6508e5de5a in master.
source4/min_versions.m4 was copied from the master branch.
(cherry picked from commit 70128dded977498ef5a693214053192f13c93c6b)
commit 1991ae215183133f70943cc367fae82330e8ebde
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 9 18:58:36 2010 +0100
s3:smbd: use StrCaseCmp() instead of strcasecmp
metze
(cherry picked from commit bc8242a08e1bb9489cc8171b1ec02bd2518b1857)
Part of a fix for bug #7119 (support for large browselist).
(cherry picked from commit 89b5ebed83ce8e4363928b2b5ddcc2953762c56c)
commit 511048de06f72d129e7b63717fcc55148fc487dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 9 18:54:41 2010 +0100
s3:smbd: Fix really ugly bool vs. int bug!!!
A comparison function for qsort needs to return an 'int'!
Otherwise you'll get random results depending on the compiler
and the architecture...
metze
(cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
Part of a fix for bug #7119 (support for large browselist).
(cherry picked from commit 81191c8bbdf7517f35245cca6945ed898ae1e0e2)
commit fb9a59d519a86a905ab57411bad666ef6d11dca9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 9 12:57:01 2010 +0100
s3:passdb: only use gid_to_sid() result if the result is a group of our local sam
Otherwise retry with pdb_gid_to_sid().
metze
(cherry picked from commit 4dc2be2264926fe415e4e40e212f94793c9831d1)
Last seven patches address bug #7116 (pdb_ldap performance fixes).
(cherry picked from commit 8946a47fcebe57f459c59ee2cb163e15901ff996)
commit 123ecafdcc5399de9340d30c98baf88593be6d4c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 5 16:20:21 2010 +0100
s3:pdb_ldap: don't search for the users primary group, if we already know it
metze
(cherry picked from commit 6753fb1cf6a834b12b2a9dce3b1a9555390c17be)
(cherry picked from commit da7cb9feacc7cb84499c73ef463d187a7b2754e8)
commit 3e531cf921195a7f75e46a978ec2f1183691cf3d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 3 11:32:41 2010 +0100
s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().
This happens when no domain aliases are used.
metze
(cherry picked from commit 49ace81e19de231825216cbf07c7422687131bb6)
(cherry picked from commit cb31c1df92b195b3fb80b6e21bfba83b8cd867fd)
commit c6f299bd5187a785e87da6183c055709018e0ae8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 4 17:19:57 2010 +0100
s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support
And also store the gid_to_sid mappings in the idmap_cache.
metze
(cherry picked from commit 25038fa85ff69962ca0975f31802218a897aa1ec)
(cherry picked from commit 66a48d2226d245c373b744c7edea60b3daa57f0f)
commit e725f0d07adb59bbf3e95f63703e2c9cb674a930
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 4 17:16:59 2010 +0100
s3:passdb: speed up pdb_get_group_sid()
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().
And also avoid the expensive lookup_sid() call
for wellkown domain groups.
metze
(cherry picked from commit e10d0869567436902c8b8cfb50f8c64148d554cb)
(cherry picked from commit b0c8ff971934ef8aa21abece8693807e0a2ca722)
commit d1e19b382dc75e48e6b0b38d83b57fc76b4c6897
Author: Volker Lendecke <vl at samba.org>
Date: Sun Jan 31 15:18:51 2010 +0100
s3: Make pdb_copy_sam_account also copy the group sid
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b99046fed1bf4a908ed856afb17c3c934c6d305d)
(cherry picked from commit a1862c23346959cd0aa77653bf488e0686d14376)
commit c0505ad627f4abd6796b1414dbbb0aebfe1edf6c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 30 22:28:19 2010 +0100
s3: shortcut gid_to_sid when "ldapsam:trusted = yes"
The normal gid_to_sid behaviour is to call sys_getgrgid()
to get the name for the given gid and then call the
getsamgrnam passdb method for the resulting name.
In the ldapsam:trusted case we can reduce the gid_to_sid
operation to one simple search for the gidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.
metze
(cherry picked from commit 779821df8ecfe3ed2392582b500d26332f0b80fc)
(cherry picked from commit 0fb99386d41241f62312d4bb535976344e5d6492)
commit 976b7c4c1140e51ba53dbc218fa1c4a35f3c489a
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 14:56:12 2010 -0800
Missed one check on the memcpy for bug #7063.
Jeremy.
(cherry picked from commit 60fed68259f430cbd67cd1f347cc3218e3c0ea35)
commit 5d3a3d7b6957eeafe51cc85e144ed51127d409a6
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 14:48:15 2010 -0800
Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Ensure we have no naked memcpy calls. This isn't a crash bug (it's
already checked in the data_blob_talloc_zero() above, but I want to
get into the pattern of having all memcpy's covered by safety checks.
Jeremy.
(cherry picked from commit faf4f9cd5e3d948b93dc94b099e87eceec8a3909)
commit d8e0a2495445c46ad2ab1da387527873cae1a1dc
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Feb 9 16:36:39 2010 +0100
s3-docs: Add missing para end tag.
Karolin
(cherry picked from commit b78de63ef3cde53e3aabbe46654aac5a335f16a8)
commit 5837e2c082ccdbe9d61202de1afaaed8b1782198
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Feb 9 15:28:33 2010 +0100
WHATSNEW: Add changes since 3.5.0rc2.
Karolin
(cherry picked from commit e504f6c153854016e879a6af3bcffbab7c5652af)
commit 4caaf04ac5e56ed38cfa0c3ab39ed2c748fe6333
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Feb 9 11:36:37 2010 +0100
WHATSNEW: Update changes.
Karolin
(cherry picked from commit d7d33a15a66a0afd0b5004294ed3bf2210ce7361)
commit 324f6b05c8ca404c45196ec4229f2c0e212df882
Author: Jeremy Allison <jra at samba.org>
Date: Mon Feb 8 11:04:38 2010 -0800
Fix bug #6876 for acl_tdb module.
As pointed out by bj at sernet.de, the rmdir module initializer was
duplicated. Fix this properly.
Jeremy.
(cherry picked from commit b5a81d917e52a595f691d42372d727422286a377)
commit 4ae91dde5d0e40e42d0511d4f50180ed37897b27
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 8 18:38:03 2010 +0100
s3:libsmb: fix NetServerEnum3 rap calls.
metze
(cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
Fix bug #7119 (support for large browselist).
(cherry picked from commit 8a3e7bffdad2b1493cc962313bab8b0e58bc5543)
commit abd7f7457cbcd48cf4f366536ce220b7a067fb7c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 5 18:08:46 2010 +0100
s3:smbd: implement api_RNetServerEnum3
This is needed to support large browse lists.
metze
(cherry picked from commit 30eec0656c926d3d85a438dc28f17649b53318f8)
(cherry picked from commit 68119c56d7080e292b7245feec6bb7b2b7c47e79)
commit 183bd3ab62c584239fb36b165c59c3860bae32a6
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Dec 10 14:35:24 2009 +1100
util: added binsearch.h for binary array searches
This was moved from the schema_query code. It will now be used in more
than one place, so best to make it a library macro. I think there are
quite a few places that could benefit from this.
(cherry picked from commit 71943e8858943718affb6a3c0ded2127f07057f0)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 448b8f35d7a7cff73d35304673302178f593c9d0)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6b24639c08b764eb0205c63674e80b303b2be2ac)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit dd7a09d2098fe0951f8dc716aba1bc9c7a485219)
commit a7d776493f2068ee9f0e618a3e5c9f338392b066
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 8 18:45:18 2010 +0100
s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()
metze
(cherry picked from commit 495ac4616654c9e62e14031b7439aff21e42ec91)
(cherry picked from commit 50129a89262a0ae44709d868f30e4fee9f376c4a)
commit ecc994378a687f01cc0635cfc6c6f83e63d3ee23
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 5 16:55:15 2010 +0100
s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2
metze
(cherry picked from commit dc58672c6588a1715698721153b35ed2d594bc67)
(cherry picked from commit 8283604f4e2ed6ab6ce9189859884e7db10392aa)
commit 78cc7feadf925545101ac103b59cd669a0a93b01
Author: Jeremy Allison <jra at samba.org>
Date: Fri Feb 5 16:28:49 2010 -0800
Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
(cherry picked from commit 44030967049202b766dd865861b1fa8fbaa4d69d)
commit 184d91b95c0891f1bc79312fd77444f54c064b19
Author: Björn Jacke <bj at sernet.de>
Date: Tue Feb 9 09:07:54 2010 +0100
s3: fix some wrong newlines in de translation strings
(cherry picked from commit fb0c03209773059caad8d0aad5899828e5f5e64e)
(cherry picked from commit a115b05969564b1c9a2cac0986e113f69dd08d2c)
commit 148c653b3cf26fb8c5211b9dfb214222eab2a2aa
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 2 16:32:51 2010 -0800
Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
Reported and found by Martin Hochreiter <linuxbox at wavenet.at>.
Ensure we copy the right amount of registry data into the outgoing
buffer.
Jeremy.
(cherry picked from commit 110a6f29f0d130753419d5fc5c7b238ab30822ec)
(cherry picked from commit c940cadd00c4ea87e5988288bf241a46a57b9170)
commit 7df2cdc44d1d75acc89bd6f55aa8d47a6eec711b
Author: Bo Yang <boyang at samba.org>
Date: Sun Feb 7 14:45:42 2010 +0800
s3: Fix malformed require_membership_of_sid.
Signed-off-by: Bo Yang <boyang at samba.org>
(cherry picked from commit 913a9f4e420c7a4177e6a7874e8ec2703f447918)
Fix bug #7106.
(cherry picked from commit d8d96fa8f9500d34fab1c7ffdb287a055cc209bb)
commit a81c365f6e5f6185a3fd58f8ae02d09a98956d35
Author: Björn Jacke <bj at sernet.de>
Date: Sun Feb 7 20:10:57 2010 +0100
s3: fix build issue on Tru64
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
(cherry picked from commit 328a6264a7b64dce9378bf9c9c2ab3aeb7d755c7)
(cherry picked from commit 2c6d488537962fdab718aac68cab7f790fe480e5)
commit 762578206fb8e855563a07840557b54dd9277955
Author: Lars Müller <lars at samba.org>
Date: Fri Feb 5 17:38:04 2010 +0100
s3: normalize "Changing password for" msg IDs and STRs
An additional space at the end of the "Changing password for" msgid lead
to untranslated pam_winnind messages.
(cherry picked from commit f9f1db18834648da73b7b1f6d9472523941e8277)
Fix bug #7102 (normalize "Changing password for" msg IDs and STRs).
(cherry picked from commit f6322442f54d49b8bacec2d8fc7960d0b87d674b)
commit 28a18671d651f102cd5c7d9c58c7084f3ef58f9a
Author: Jeremy Allison <jra at samba.org>
Date: Sat Jan 30 19:24:28 2010 -0800
Fix bug #7079 - cliconnect gets realm wrong with trusted domains.
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
(cherry picked from commit 1983959f53ddd601d771b670a19eea4204e16f4b)
commit 08c9feedd716ad5a413c437c9922018d1b3ab164
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 4 14:03:20 2010 +0100
s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()
When we need to do more than one network operation to get the
browse list we need to use the same 'stype' value each time.
metze
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6)
Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
(cherry picked from commit 4de319afb5dd520b0a72fadeabf70d2aafe262d5)
commit 7c792e9aa8eff7ad88785980a2ff292a81907fc4
Author: Lars Müller <lars at samba.org>
Date: Wed Jan 20 12:41:43 2010 +0100
Add cross option to samba_cv_linux_getgrouplist_ok
"cross" as an option got removed accidentl with commit e5a95132 while
moving in direction of 3.2.
Patch proposed by Richard Sharpe <realrichardsharpe at gmail.com>.
(cherry picked from commit 30ea9932f5ea8a73c84dbab3ae3e997c2ae34e79)
Fix bug #7047.
(cherry picked from commit 4879e70f31e70d357abb3ea4fbb252f3ad4e971f)
commit 05b5ca0c5479a28bfe9a43cc31e813b4c25c2c2b
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Sat Jan 30 13:29:23 2010 -0800
s3/smbd: Fix string buffer overflow causing heap corruption
The destname malloc size was not taking into account the 1 extra byte
needed if a string without a leading '/' was passed in and that slash
was added.
This would cause the '\0' byte to be written past the end of the
malloced destname string and corrupt whatever heap memory was there.
This problem would be hit if a share name was given in smb.conf without
a leading '/' and if it was the exact size of the allocated STRDUP memory
which in some implementations of malloc is a power of 2.
(cherry picked from commit f42971c520360e69c4cdd64bebb02a5f5ba49b94)
Fix bug #7096.
(cherry picked from commit db5ccb70b6ac51ea263889cc9cdd523673ae8ecd)
commit b538cbeb039f0780b462a987342787a8c2c7a625
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 29 18:21:09 2010 +0100
tdb: fix an early release of the global lock that can cause data corruption
There was a bug in tdb where the
tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
(ending the transaction-"mutex") was done before the
/* remove the recovery marker */
This means that when a transaction is committed there is a window where another
opener of the file sees the transaction marker while the transaction committer
is still fully functional and working on it. This led to transaction being
rolled back by that second opener of the file while transaction_commit() gave
no error to the caller.
This patch moves the F_UNLCK to after the recovery marker was removed, closing
this window.
(cherry picked from commit 531059696e17d1ee538310d81af309c107d08e3e)
Fix bug #7085.
(cherry picked from commit ad17c1ab08e15ebf1d3d3aac1e874e9602a15e75)
commit 728566d0e0a05c240cb5bc1f37878f438cf7524e
Author: Jeremy Allison <jra at samba.org>
Date: Mon Feb 1 18:50:43 2010 -0800
Fix bug #7084 - Create time on directories not stored properly in an EA in new create time code.
Remove erroneous optimisation that caused no EA to be set
if calculated btime matched st_ex btime, and calculated DOS
attribute matched existing file attribute.
Jeremy.
(cherry picked from commit f3ee1516e631274531439e0ab7c384d02aff789c)
(cherry picked from commit f68ac68676bb7d3594030ebc89f13980fced32c1)
commit c59b9a315461485ae156f772775a3472cc4c7bf7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 3 07:37:29 2010 +0100
s3: Simplify the code a bit: Catch (len==0) early
Part of a fix for bug #7081.
(cherry picked from commit abcbca12316fadea0db1fa8bc1522789926e8dba)
commit 023f4231537c9926dafea802ffd3bb746cc1ac8b
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 2 16:43:41 2010 -0800
Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich at cac.washington.edu>.
Jeremy.
(cherry picked from commit de24209f0a745ada4220a1751c4ed88ae6eea575)
(cherry picked from commit 6e478ce2483a4376566693d16869d88f0d429951)
commit 92ae65a937b7b35753d7b79719aacc096682bae8
Author: olivier <olivier at virtscano.fakenet>
Date: Fri Jan 29 12:04:35 2010 +0100
s3/vfs_scannedonly: AIX doesn't have MSG_DONTWAIT
(cherry picked from commit e95e3270d1f3fece7292359d276ce45913a699ac)
Fix bug #7076 (vfs_scannedonly does not compile on AIX which does not have
MSG_DONTWAIT).
(cherry picked from commit da2297fe67808a78ca69ed7c37372598192779ca)
commit 8a6058bdf493204eac4ff9d50234caa4bc1edc1b
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jan 28 10:38:24 2010 -0800
Fix bug #7069 - smbget does not return an error status after some errors
A combination patch from Johannes Poehlmann <johannes at lst.de> and
Jeremy. Fix the return codes from smb_download_file() and smb_download_dir().
Jeremy.
(cherry picked from commit f387ed88e8b5b32eb121724d99d73d8ce55e745e)
(cherry picked from commit 23408bb31b0ca690a5e7a3dffa798075cab265ad)
commit 6e04a25778e83a8347c0b4dd64f2a22abe819445
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jan 27 16:55:47 2010 -0800
Fix bug #7072 - Accounts can't be unlocked from ldap.
Fix suggested by Andy Hanton <andyhanton at gmail.com>. The LOGIN_CACHE
struct contains two time_t entries, but was being written to and
read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers.
This would break on machines with a 64-bit time_t. Use correct int
sizes for tdb_pack/tdb_unpack.
We have to fix this properly before 2037 :-).
Contains fixes from master 627fb85092f728065b6d772c41aeb75018154e86
and 69fd8461b8792f4fee1b61db03953044565492c6.
Jeremy.
(cherry picked from commit 0c3c061abb55742da4d7e97e3c4b348ba78a3698)
commit a6ae7a552f851a399991262377cc0e062e40ac20
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jan 26 16:51:57 2010 -0800
Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.
Jeremy.
(cherry picked from commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db)
(cherry picked from commit b30792299e8fc2057c4e825c2f9457a54096852a)
commit b4e04801c1bdc3cd7162b68ad53582fa5382606d
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jan 28 15:10:54 2010 +0100
s3/winbind_ccache: Fix typo in debug message.
Karolin
(cherry picked from commit 139634563824a92c98091786e17b82d480df4a8a)
(cherry picked from commit c994cd476073573a2bd2c9525ce199822e655a46)
commit dbafd8d167954861da76320ad6c8b4b23ac4c680
Author: Lars Müller <lars at samba.org>
Date: Tue Jan 26 22:54:15 2010 +0100
Add dependency of bin/smbfilter to libwbclient.
(cherry picked from commit 2dd301e5cd6ff97943c4bf9c7cd9b820d6193b45)
Fix bug #7071 (Missing dependency of smbfilter to libwbclient).
(cherry picked from commit ec4bd3b7728a2d3db2116b4260120a3346478e2a)
commit ba68458e5b6799a94ac8631ffef712a091a2e2a6
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jan 26 19:37:12 2010 +0100
VERSION: Raise version number up to 3.5.0.
Karolin
(cherry picked from commit 06dfc7f2d63491b80497813c70311fefcdf2ec49)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 76 ++++++-
docs-xml/smbdotconf/misc/widelinks.xml | 13 +-
docs-xml/smbdotconf/protocol/unixextensions.xml | 4 +
lib/tdb/common/transaction.c | 15 +-
lib/tdb/configure.ac | 2 +-
lib/util/binsearch.h | 68 ++++++
nsswitch/pam_winbind.c | 12 +
source3/Makefile.in | 2 +-
source3/VERSION | 2 +-
source3/configure.in | 21 ++-
source3/include/proto.h | 2 +
source3/include/smb.h | 3 +-
source3/include/smbldap.h | 5 +
source3/lib/system.c | 65 ++++++-
source3/libads/kerberos.c | 52 +++++
source3/libsmb/cliconnect.c | 25 ++-
source3/libsmb/clirap.c | 31 ++-
source3/locale/net/de.po | 16 +-
source3/locale/pam_winbind/ar.po | 4 +-
source3/locale/pam_winbind/cs.po | 2 +-
source3/locale/pam_winbind/da.po | 2 +-
source3/locale/pam_winbind/es.po | 4 +-
source3/locale/pam_winbind/fi.po | 4 +-
source3/locale/pam_winbind/fr.po | 4 +-
source3/locale/pam_winbind/hu.po | 2 +-
source3/locale/pam_winbind/it.po | 4 +-
source3/locale/pam_winbind/ja.po | 4 +-
source3/locale/pam_winbind/ko.po | 2 +-
source3/locale/pam_winbind/nb.po | 4 +-
source3/locale/pam_winbind/nl.po | 4 +-
source3/locale/pam_winbind/pl.po | 4 +-
source3/locale/pam_winbind/pt_BR.po | 2 +-
source3/locale/pam_winbind/ru.po | 4 +-
source3/locale/pam_winbind/sv.po | 4 +-
source3/locale/pam_winbind/zh_CN.po | 4 +-
source3/locale/pam_winbind/zh_TW.po | 2 +-
source3/modules/vfs_acl_common.c | 14 +-
source3/modules/vfs_acl_tdb.c | 3 +-
source3/modules/vfs_expand_msdfs.c | 18 ++-
source3/modules/vfs_scannedonly.c | 2 +-
source3/param/loadparm.c | 2 +-
source3/passdb/login_cache.c | 25 ++-
source3/passdb/passdb.c | 4 +
source3/passdb/pdb_get_set.c | 45 ++++-
source3/passdb/pdb_ldap.c | 263 +++++++++++++++++++----
source3/rpc_server/srv_spoolss_nt.c | 16 ++-
source3/smbd/dosmode.c | 7 -
source3/smbd/ipc.c | 3 +
source3/smbd/lanman.c | 234 +++++++++++++++++++-
source3/smbd/server.c | 8 +
source3/smbd/service.c | 11 +-
source3/smbd/trans2.c | 37 ----
source3/smbd/vfs.c | 2 +-
source3/utils/smbget.c | 83 ++++----
source3/winbindd/winbindd_ccache_access.c | 2 +-
source4/min_versions.m4 | 6 +-
56 files changed, 1010 insertions(+), 249 deletions(-)
create mode 100644 lib/util/binsearch.h
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1a30e15..7560bc5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,11 @@
- ================================
- Release Notes for Samba 3.5.0rc2
- January 26, 2010
- ================================
+ =============================
+ Release Notes for Samba 3.5.0
+ February 16, 2010
+ =============================
+
+
+This is the first stable release of Samba 3.5.
-This is the second release candidate of Samba 3.5. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
Major enhancements in Samba 3.5.0 include:
@@ -14,6 +13,7 @@ General changes:
o Add support for full Windows timestamp resolution
o The Using Samba HTML book has been removed.
o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind.
+o The default value of "wide links" has been changed to "no".
Protocol changes:
o Experimental implementation of SMB2
@@ -45,6 +45,11 @@ connecting to a Samba server using Nautilus without re-entering username and
password. This feature is enabled by default and can be disabled per application
by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
+The default value of "wide links" has been changed to "no" to avoid an insecure
+default configuration ("wide links = yes" and "unix extensions = yes"). For
+more details, please see http://www.samba.org/samba/news/symlink_attack.html.
+
+
Protocol changes
================
@@ -89,6 +94,7 @@ smb.conf changes
debug hires timestamp Changed Default yes
ldap deref New auto
ldap follow referral New auto
+ wide links Changed Default no
New configure options
@@ -120,6 +126,60 @@ o Stefan Metzmacher <metze at samba.org>
* Implement the new SMB2 protocol (experimental).
+Changes since 3.5.0rc2
+----------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6876: Fix duplicate initializer in the rmdir module.
+ * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit.
+ * BUG 7067: Fix failing of smbd to respond to a read or a write caused by
+ Linux asynchronous IO (aio).
+ * BUG 7069: Fix 'smbget' error status.
+ * BUG 7072: Fix unlocking of accounts from ldap.
+ * BUG 7079 Cliconnect gets realm wrong with trusted domains.
+ * BUG 7081: Fix vfs_expand_msdfs.
+ * BUG 7084: Fix storing of create time on directories in an EA in new
+ create time code.
+ * BUG 7104: "wide links" and "unix extensions" are incompatible.
+ * BUG 7122: Fix reading of large browselist.
+
+
+o Steven Danneman <steven.danneman at isilon.com>
+ * BUG 7096: Fix string buffer overflow causing heap corruption in smbd.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 7103: Fix build issue on Tru64.
+ * Fix some wrong newlines in de translation strings.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 7085: Fix an early release of the global lock that can cause data
+ corruption in libtdb.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 7098: Fix results of 'smbclient -L' with a large browse list.
+ * BUG 7116: Add pdb_ldap performance fixes.
+ * BUG 7119: Support large browselist.
+
+
+o Lars Müller <lars at samba.org>
+ * BUG 7071: Fix build of 'smbfilter'.
+ * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok.
+ * BUG 7102: Normalize "Changing password for" msg IDs and STRs.
+
+
+o Olivier Sessink <olivier at virtscano.fakenet>
+ * BUG 7076: Fix build of vfs_scannedonly on AIX.
+
+
+o Bo Yang <boyang at samba.org>
+ * BUG 7106: Fix malformed require_membership_of_sid.
+
+
+
Changes since 3.5.0rc1
----------------------
diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index fb707c1..1c30bb7 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -9,10 +9,15 @@
server are always allowed; this parameter controls access only
to areas that are outside the directory tree being exported.</para>
- <para>Note that setting this parameter can have a negative
- effect on your server performance due to the extra system calls
- that Samba has to do in order to perform the link checks.</para>
+ <para>Note: Turning this parameter on when UNIX extensions are enabled
+ will allow UNIX clients to create symbolic links on the share that
+ can point to files or directories outside restricted path exported
+ by the share definition. This can cause access to areas outside of
+ the share. Due to this problem, this parameter will be automatically
+ disabled (with a message in the log file) if the
+ <smbconfoption name="unix extensions"/> option is on.
+ </para>
</description>
-<value type="default">yes</value>
+<value type="default">no</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index da9ad10..d816648 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -10,6 +10,10 @@
by supporting features such as symbolic links, hard links, etc...
These extensions require a similarly enabled client, and are of
no current use to Windows clients.</para>
+ <para>
+ Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+ parameter will automatically be disabled.
+ </para>
</description>
<value type="default">yes</value>
diff --git a/lib/tdb/common/transaction.c b/lib/tdb/common/transaction.c
index 20f2bfc..b8988ea 100644
--- a/lib/tdb/common/transaction.c
+++ b/lib/tdb/common/transaction.c
@@ -135,6 +135,9 @@ struct tdb_transaction {
bool prepared;
tdb_off_t magic_offset;
+ /* set when the GLOBAL_LOCK has been taken */
+ bool global_lock_taken;
+
/* old file size before transaction */
tdb_len_t old_map_size;
@@ -603,6 +606,11 @@ int _tdb_transaction_cancel(struct tdb_context *tdb)
}
}
+ if (tdb->transaction->global_lock_taken) {
+ tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
+ tdb->transaction->global_lock_taken = false;
+ }
+
/* remove any global lock created during the transaction */
if (tdb->global_lock.count != 0) {
tdb_brlock(tdb, FREELIST_TOP, F_UNLCK, F_SETLKW, 0, 4*tdb->header.hash_size);
@@ -947,11 +955,12 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
return -1;
}
+ tdb->transaction->global_lock_taken = true;
+
if (!(tdb->flags & TDB_NOSYNC)) {
/* write the recovery data to the end of the file */
if (transaction_setup_recovery(tdb, &tdb->transaction->magic_offset) == -1) {
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_prepare_commit: failed to setup recovery data\n"));
- tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
_tdb_transaction_cancel(tdb);
return -1;
}
@@ -966,7 +975,6 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
tdb->transaction->old_map_size) == -1) {
tdb->ecode = TDB_ERR_IO;
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_prepare_commit: expansion failed\n"));
- tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
_tdb_transaction_cancel(tdb);
return -1;
}
@@ -1056,7 +1064,6 @@ int tdb_transaction_commit(struct tdb_context *tdb)
tdb_transaction_recover(tdb);
_tdb_transaction_cancel(tdb);
- tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_commit: write failed\n"));
return -1;
@@ -1072,8 +1079,6 @@ int tdb_transaction_commit(struct tdb_context *tdb)
return -1;
}
- tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
-
/*
TODO: maybe write to some dummy hdr field, or write to magic
offset without mmap, before the last sync, instead of the
diff --git a/lib/tdb/configure.ac b/lib/tdb/configure.ac
index dac7bb2..3951219 100644
--- a/lib/tdb/configure.ac
+++ b/lib/tdb/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ(2.50)
AC_DEFUN([SMB_MODULE_DEFAULT], [echo -n ""])
AC_DEFUN([SMB_LIBRARY_ENABLE], [echo -n ""])
AC_DEFUN([SMB_ENABLE], [echo -n ""])
-AC_INIT(tdb, 1.2.0)
+AC_INIT(tdb, 1.2.1)
AC_CONFIG_SRCDIR([common/tdb.c])
AC_CONFIG_HEADER(include/config.h)
AC_LIBREPLACE_ALL_CHECKS
diff --git a/lib/util/binsearch.h b/lib/util/binsearch.h
new file mode 100644
index 0000000..ac83990
--- /dev/null
+++ b/lib/util/binsearch.h
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ a generic binary search macro
+
+ Copyright (C) Andrew Tridgell 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _BINSEARCH_H
+#define _BINSEARCH_H
+
+/* a binary array search, where the array is an array of pointers to structures,
+ and we want to find a match for 'target' on 'field' in those structures.
+
+ Inputs:
+ array: base pointer to an array of structures
+ arrray_size: number of elements in the array
+ field: the name of the field in the structure we are keying off
+ target: the field value we are looking for
+ comparison_fn: the comparison function
+ result: where the result of the search is put
+
+ if the element is found, then 'result' is set to point to the found array element. If not,
+ then 'result' is set to NULL.
+
+ The array is assumed to be sorted by the same comparison_fn as the
+ search (with, for example, qsort)
+ */
+#define BINARY_ARRAY_SEARCH_P(array, array_size, field, target, comparison_fn, result) do { \
+ int32_t _b, _e; \
+ (result) = NULL; \
+ if (array_size) { for (_b = 0, _e = (array_size)-1; _b <= _e; ) { \
+ int32_t _i = (_b+_e)/2; \
+ int _r = comparison_fn(target, array[_i]->field); \
+ if (_r == 0) { (result) = array[_i]; break; } \
+ if (_r < 0) _e = _i - 1; else _b = _i + 1; \
+ }} } while (0)
+
+/*
+ like BINARY_ARRAY_SEARCH_P, but assumes that the array is an array
+ of structures, rather than pointers to structures
+
+ result points to the found structure, or NULL
+ */
+#define BINARY_ARRAY_SEARCH(array, array_size, field, target, comparison_fn, result) do { \
+ int32_t _b, _e; \
+ (result) = NULL; \
+ if (array_size) { for (_b = 0, _e = (array_size)-1; _b <= _e; ) { \
+ int32_t _i = (_b+_e)/2; \
+ int _r = comparison_fn(target, array[_i].field); \
+ if (_r == 0) { (result) = &array[_i]; break; } \
+ if (_r < 0) _e = _i - 1; else _b = _i + 1; \
+ }} } while (0)
+
+#endif
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 3e13517..b802036 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1137,6 +1137,7 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
char *current_name = NULL;
const char *search_location;
const char *comma;
+ int len;
if (sid_list_buffer_size > 0) {
sid_list_buffer[0] = 0;
@@ -1192,6 +1193,17 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
_make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
"to sid, please contact your administrator to see "
"if group %s is valid."), search_location, search_location);
+ /*
+ * The lookup of the last name failed..
+ * It results in require_member_of_sid ends with ','
+ * It is malformated parameter here, overwrite the last ','.
+ */
+ len = strlen(sid_list_buffer);
+ if (len) {
+ if (sid_list_buffer[len - 1] == ',') {
+ sid_list_buffer[len - 1] = '\0';
+ }
+ }
}
result = true;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 37c39ca..6474231 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1770,7 +1770,7 @@ bin/debug2html at EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@ $(LIBTA
@$(CC) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(DYNEXP) \
$(LIBS) $(LIBTALLOC_LIBS)
-bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
diff --git a/source3/VERSION b/source3/VERSION
index f9eb732..13358fe 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/source3/configure.in b/source3/configure.in
index 89994af..449645f 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -1210,7 +1210,9 @@ main() {
#endif
exit(0);
}
-], [samba_cv_linux_getgrouplist_ok=yes], [samba_cv_linux_getgrouplist_ok=no])])
+], [samba_cv_linux_getgrouplist_ok=yes],
+ [samba_cv_linux_getgrouplist_ok=no],
+ [samba_cv_linux_getgrouplist_ok=cross])])
if test x"$samba_cv_linux_getgrouplist_ok" = x"yes"; then
AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
fi
@@ -1921,7 +1923,7 @@ AC_ARG_ENABLE(external_libtdb,
if test "x$enable_external_libtdb" != xno
then
- PKG_CHECK_MODULES(LIBTDB, tdb >= 1.1.7,
+ PKG_CHECK_MODULES(LIBTDB, tdb >= 1.2.1,
[ enable_external_libtdb=yes ],
[
if test x$enable_external_libtdb = xyes; then
@@ -3605,6 +3607,9 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_get_creds_opt_set_impersonate, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_creds, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_credentials_for_user, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_host_realm, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
+
# MIT krb5 1.8 does not expose this call (yet)
AC_CHECK_DECLS(krb5_get_credentials_for_user, [], [], [#include <krb5.h>])
@@ -3947,6 +3952,18 @@ if test x"$with_ads_support" != x"no"; then
[Whether the WRFILE:-keytab is supported])
fi
+ AC_CACHE_CHECK([for krb5_realm type],
+ samba_cv_HAVE_KRB5_REALM_TYPE,[
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [krb5_realm realm;],
+ samba_cv_HAVE_KRB5_REALM_TYPE=yes,
+ samba_cv_HAVE_KRB5_REALM_TYPE=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_REALM_TYPE" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_REALM_TYPE,1,
+ [Whether the type krb5_realm exists])
+ fi
+
AC_CACHE_CHECK([for krb5_princ_realm returns krb5_realm or krb5_data],
samba_cv_KRB5_PRINC_REALM_RETURNS_REALM,[
AC_TRY_COMPILE([#include <krb5.h>],
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 32f389d..37e6eb9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1797,6 +1797,8 @@ char* kerberos_standard_des_salt( void );
bool kerberos_secrets_store_des_salt( const char* salt );
char* kerberos_secrets_fetch_des_salt( void );
char *kerberos_get_default_realm_from_ccache( void );
+char *kerberos_get_realm_from_hostname(const char *hostname);
+
bool kerberos_secrets_store_salting_principal(const char *service,
int enctype,
const char *principal);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index bc7a90d..041c96b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1723,7 +1723,8 @@ minimum length == 24.
enum smbd_capability {
KERNEL_OPLOCK_CAPABILITY,
DMAPI_ACCESS_CAPABILITY,
- LEASE_CAPABILITY
+ LEASE_CAPABILITY,
+ KILL_CAPABILITY
};
/*
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index e3b03d4..ec0e9f5 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -196,6 +196,11 @@ struct ldapsam_privates {
/* ldap server location parameter */
char *location;
+
+ struct {
+ char *filter;
+ LDAPMessage *result;
+ } search_cache;
};
/* Functions shared between pdb_ldap.c and pdb_nds.c. */
diff --git a/source3/lib/system.c b/source3/lib/system.c
index a58d903..9c1da3a 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -883,6 +883,11 @@ char *sys_getwd(char *s)
#if defined(HAVE_POSIX_CAPABILITIES)
+/* This define hasn't made it into the glibc capabilities header yet. */
+#ifndef SECURE_NO_SETUID_FIXUP
+#define SECURE_NO_SETUID_FIXUP 2
+#endif
+
/**************************************************************************
Try and abstract process capabilities (for systems that have them).
****************************************************************************/
@@ -913,6 +918,32 @@ static bool set_process_capability(enum smbd_capability capability,
}
#endif
+#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP)
+ /* New way of setting capabilities as "sticky". */
+
+ /*
+ * Use PR_SET_SECUREBITS to prevent setresuid()
+ * atomically dropping effective capabilities on
+ * uid change. Only available in Linux kernels
+ * 2.6.26 and above.
+ *
+ * See here:
+ * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html
+ * for details.
+ *
+ * Specifically the CAP_KILL capability we need
+ * to allow Linux threads under different euids
+ * to send signals to each other.
+ */
+
+ if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) {
+ DEBUG(0,("set_process_capability: "
+ "prctl PR_SET_SECUREBITS failed with error %s\n",
+ strerror(errno) ));
+ return false;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list