[SCM] SAMBA-CTDB repository - branch samba-3.4.2-ctdb-stable updated - 3.4.2-ctdb-23-41-ga649f75

Michael Adam obnox at samba.org
Mon Mar 22 10:58:17 MDT 2010


The branch, samba-3.4.2-ctdb-stable has been updated
       via  a649f75699a47f82496e0ac6234642265311029a (commit)
       via  478adcf4d22a6adc3e68bed870455eeeb1511de1 (commit)
       via  c3b98b20f0d87c5d47656caae1d87d962d849f34 (commit)
       via  4c9a4bd646c9ad95012311fa7a88bcbd69940351 (commit)
       via  c809d82f5c00b73020a2fdea39c3c97551464c55 (commit)
       via  f8730b6bf70d257c503e7e94883679b2bb8d1242 (commit)
       via  79540e7634214235c9576be9bafd6b2bd18d0cab (commit)
       via  f4aaf558a6fc238a5b103ef7e0f75f73eb546d16 (commit)
       via  9d23f55f86eb4c6ce52c5a7c73f8c1b99cd59b12 (commit)
       via  3e6d9017622d5c10c8929d65d525c6baacf5570d (commit)
       via  6e522877ff97ef2999941c2b91aaabc9760d3294 (commit)
       via  c13c8e36b71edc202ef1d53d1598c0f765a5893a (commit)
       via  de2751091125b3239d7779c73e1d26938f85dc14 (commit)
       via  eb8388b8d30a366dd299bc0079cb35a15e51707c (commit)
       via  962b4dae22cd92a5d4bbbd20e452a8a88110b9ae (commit)
       via  4d0248a572c2ddca2e70e94e1e5a7e909b97a08e (commit)
       via  e999807f652cd4d4a97c751319bbfc0d2b713c5e (commit)
       via  1b2971acfd1fc10d5752d4465b8326b5b5dae663 (commit)
       via  c259dfa6e838646a824d16c67e7cdd8ac0ee23e5 (commit)
       via  dfc4855119c86072878f5ee82477cf0a08e3fe24 (commit)
       via  6fcafc77f4b8831af4b42e8585c38bb03793af7a (commit)
       via  68f03885a86d2923ff8c15fb7da41614a173b740 (commit)
       via  5bad7bc8ad317d35d001c8907717018d35b57e6d (commit)
       via  b7f62d3677fb36c3590f14f772702b414099b271 (commit)
       via  8eda2c7e213e3dc5ab9e2caa2746f9d8b82ebe20 (commit)
       via  aa630ae520997a993a26d32c394cb3070c9962f1 (commit)
       via  6cb47b05d96e925ef7be6c6bc6c3cfa7b2c4fea2 (commit)
       via  2c248048c43da5bfacf75fe401a194d44abc692c (commit)
       via  d0aaee99633c851cbd6396bde90eadae1395bba9 (commit)
       via  d1727f701029a327cfe72dcfb11d2e766425bf64 (commit)
       via  785a350afe901e057c04c62f5cef06807d88841f (commit)
       via  d584c1412e7a425cd89d2e785de5b772e2f86d61 (commit)
       via  9b86c5b08056e2efdeda9b1e22a9d826cf49f1cc (commit)
       via  969d131cc67b9cf103c8b4842e703c38e6cec0e1 (commit)
       via  8bfa3cf94e202670ddd37c32dbd65747ef8a3b50 (commit)
       via  13f441946e4e8bbbabb1cfdbd1d679df78802854 (commit)
       via  03b9836e1c16200ac40ea48ea2addc9d5bc2e702 (commit)
       via  506ccddca814ee8b09dacfd07b8e7a2bb398aabc (commit)
       via  d377f427b32899eb0a17ffbf44e03aa0575ffe7d (commit)
       via  5c1a0e6c865fd275a7fe063058b6aba2928ac9c1 (commit)
       via  602c0b18197b85753535aeaec7b0221a118e2e1f (commit)
      from  c20e3e402bd3b256b4ea5dd7f9f84b5336930bb7 (commit)

http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=samba-3.4.2-ctdb-stable


- Log -----------------------------------------------------------------
commit a649f75699a47f82496e0ac6234642265311029a
Author: Michael Adam <obnox at samba.org>
Date:   Mon Mar 22 17:50:41 2010 +0100

    3.4.2-ctdb-stable: bump vendor patch level to 25

commit 478adcf4d22a6adc3e68bed870455eeeb1511de1
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Mar 2 17:02:01 2010 +0100

    s3: Add "net serverid" command
    
    CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
    work when all smbds are restarted. For this, "net serverid wipe" has to be run
    before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
    sessionid.tdb and connections.tdb.
    
    Volker

commit c3b98b20f0d87c5d47656caae1d87d962d849f34
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Mar 2 17:02:01 2010 +0100

    s3: Fix a long-standing problem with recycled PIDs
    
    When a samba server process dies hard, it has no chance to clean up its entries
    in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
    
    For locking.tdb and brlock.tdb Samba is robust by checking every time we read
    an entry from the database if the corresponding process still exists. If it
    does not exist anymore, the entry is deleted. This is not 100% failsafe though:
    On systems with a limited PID space there is a non-zero chance that between the
    smbd's death and the fresh access, the PID is recycled by another long-running
    process. This renders all files that had been locked by the killed smbd
    potentially unusable until the new process also dies.
    
    This patch is supposed to fix the problem the following way: Every process ID
    in every database is augmented by a random 64-bit number that is stored in a
    serverid.tdb. Whenever we need to check if a process still exists we know its
    PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
    64-bit number. If it's the same, the process still is a valid smbd holding the
    lock. If it is different, a new smbd has taken over.
    
    I believe this is safe against an smbd that has died hard and the PID has been
    taken over by a non-samba process. This process would not have registered
    itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
    in serverid.tdb. We protect against this case by the parent smbd taking care of
    deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
    CLEAR_IF_FIRST.
    
    While there, this also cleans up overloading connections.tdb with all the
    process entries just for messaging_send_all().
    
    Volker

commit 4c9a4bd646c9ad95012311fa7a88bcbd69940351
Author: Michael Adam <obnox at samba.org>
Date:   Mon Mar 22 17:50:05 2010 +0100

    3.4.2-ctdb-stable: bump vendor patch level to 24

commit c809d82f5c00b73020a2fdea39c3c97551464c55
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Mar 18 12:50:22 2010 +0100

    s3: Implement an asynchronous echo responder process
    
    This replies to echo requests when the main smbd is stuck somewhere
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit f8730b6bf70d257c503e7e94883679b2bb8d1242
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 19 15:47:11 2010 +0100

    s3:smbd: disable SMB encryption when the echo handler is active
    
    metze

commit 79540e7634214235c9576be9bafd6b2bd18d0cab
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:11:05 2010 +0100

    s3:smbd: disallow readbraw and writebraw if the echo handler is active
    
    metze

commit f4aaf558a6fc238a5b103ef7e0f75f73eb546d16
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 19 12:08:13 2010 +0100

    s3:smbd: disable sendfile if the echo handler is active
    
    metze

commit 9d23f55f86eb4c6ce52c5a7c73f8c1b99cd59b12
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 18 20:22:26 2010 +0100

    s3:smbd: don't use recvfile if the echo handler is active
    
    metze

commit 3e6d9017622d5c10c8929d65d525c6baacf5570d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:45:43 2010 +0100

    s3:smbd: setup a shared memory area for the signing state
    
    metze

commit 6e522877ff97ef2999941c2b91aaabc9760d3294
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:43:48 2010 +0100

    s3:smbd: add echo handler information to struct smbd_server_connection
    
    metze

commit c13c8e36b71edc202ef1d53d1598c0f765a5893a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:36:41 2010 +0100

    s3:param: add "async smb echo handler" option
    
    This will enable an extra forked process that will reply
    to SMBecho requests, while the main process is blocked by another
    request.
    
    metze

commit de2751091125b3239d7779c73e1d26938f85dc14
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 18 15:36:19 2010 +0100

    s3:smbd: pass down trusted_channel via receive_smb_talloc()
    
    metze

commit eb8388b8d30a366dd299bc0079cb35a15e51707c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 19 12:04:32 2010 +0100

    s3:smbd: let reply_readbraw_error use the locked socket
    
    metze

commit 962b4dae22cd92a5d4bbbd20e452a8a88110b9ae
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 19 12:02:27 2010 +0100

    s3:smbd: send keepalive packets under the socket lock
    
    metze

commit 4d0248a572c2ddca2e70e94e1e5a7e909b97a08e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 18 09:23:48 2010 +0100

    s3:smbd: smbd_[un]lock_socket() while accessing the socket to the client
    
    metze

commit e999807f652cd4d4a97c751319bbfc0d2b713c5e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:34:07 2010 +0100

    s3:smbd: add smbd_[un]lock_socket() dummies
    
    metze

commit 1b2971acfd1fc10d5752d4465b8326b5b5dae663
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:31:57 2010 +0100

    s3:smbd: add an option to skip signings checks srv_check_sign_mac for trusted channels
    
    metze

commit c259dfa6e838646a824d16c67e7cdd8ac0ee23e5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Mar 17 15:07:07 2010 +0100

    s3:libsmb: add a smb_signing_init_ex() function
    
    Make it possible to overload memory handling functions.
    
    metze

commit dfc4855119c86072878f5ee82477cf0a08e3fe24
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 09:30:39 2010 +0100

    lib/util: add allocate_anonymous_shared()
    
    metze

commit 6fcafc77f4b8831af4b42e8585c38bb03793af7a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 10:12:42 2010 +0100

    lib/async_sock: handle queue = NULL in writev_send()
    
    metze

commit 68f03885a86d2923ff8c15fb7da41614a173b740
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 22 16:04:58 2010 +0100

    s3:smbd: use new simplified smb_signing code in the server
    
    We keep the seqnum/mid mapping in the smb_request structure.
    
    This also moves one global variable into the
    smbd_server_connection struct.
    
    metze
    (cherry picked from commit c16c90a1cb3b0e2ceadd3dea835a4e69acfc2fae)

commit 5bad7bc8ad317d35d001c8907717018d35b57e6d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 9 08:42:05 2009 +0100

    s3:libsmb: add a much simplified smb_siging infrastructure
    
    It's the job of the caller to maintain the seqnum/mid mapping.
    
    Hopefully we can use this code in s4 later too.
    
    metze
    (cherry picked from commit 2654653f55ed5744cc9fca6a79127386f55425e1)

commit b7f62d3677fb36c3590f14f772702b414099b271
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Mar 8 17:47:08 2009 +0100

    s3:libsmb: rename smb_signing.c => clisigning.c
    
    This prepares a large simplification of the smb_signing code
    
    metze
    (cherry picked from commit 1a48d0793b9d3a76aff76580661626e5cd95f427)

commit 8eda2c7e213e3dc5ab9e2caa2746f9d8b82ebe20
Author: Michael Adam <obnox at samba.org>
Date:   Fri Feb 12 16:46:33 2010 +0100

    s3:configure: prevent using external libtalloc with version >= 1.4.0
    
    There was an ABI change and this results in an error
    "undefined symbol: _talloc_free"
    
    Michael

commit aa630ae520997a993a26d32c394cb3070c9962f1
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Oct 27 16:29:20 2009 +0100

    s3:configure: Fix typo in libtalloc check.
    
    Fix bug #6849. Thanks to Mike Frysinger <vapier at gentoo.org> for reporting
    and providing the patch!
    
    Karolin
    (cherry picked from commit 5897c3de95b8f9fad4e136d2fc1a390fb366b7b9)

commit 6cb47b05d96e925ef7be6c6bc6c3cfa7b2c4fea2
Author: Michael Adam <obnox at samba.org>
Date:   Sat Jan 23 01:16:13 2010 +0100

    async_req: fix compile warning (typename is a C++ reserved word)

commit 2c248048c43da5bfacf75fe401a194d44abc692c
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Jun 4 23:43:31 2009 +0200

    clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.
    
    Both functions exist in MIT Kerberos >= 1.7, but only
    krb5_free_keytab_entry_contents has a prototype.
    (cherry picked from commit b65ba0e26c781647e097f3f6fa279c7f3f7f4bd2)
    
    Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586).
    (cherry picked from commit 15439ea62c29764207a8ad8b99fac4ce720cf3ad)

commit d0aaee99633c851cbd6396bde90eadae1395bba9
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Oct 16 10:40:50 2009 +1100

    s3: fixed krb5 build problem on ubuntu karmic
    
    Karmic has MIT krb5 1.7-beta3, which has the symbol
    krb5_auth_con_set_req_cksumtype but no prototype for it.
    
    See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
    (cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e)
    
    Part of a fix for bug #6918.
    (cherry picked from commit 1c34ec61f968a65709e3672be2ce5a1aa0752470)

commit d1727f701029a327cfe72dcfb11d2e766425bf64
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 5 16:46:36 2010 +0100

    s3: Add the "ctdb locktime warn threshold" parameter
    
    This is mainly a debugging aid for post-mortem analysis in case a cluster file
    system is slow.

commit 785a350afe901e057c04c62f5cef06807d88841f
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Mar 22 11:19:10 2010 +0100

    s3: Add "log writeable files on exit" parameter
    
    This boolean option controls whether at exit time the server dumps a list of
    files with debug level 0 that were still open for write. This is an
    administrative aid to find the files that were potentially corrupt if the
    network connection died.

commit d584c1412e7a425cd89d2e785de5b772e2f86d61
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Mar 22 09:16:57 2010 +0100

    s3: file_walk_table -> files_forall
    
    This is more in line with the rest of the Samba code, like connections_forall
    etc.

commit 9b86c5b08056e2efdeda9b1e22a9d826cf49f1cc
Author: Michael Adam <obnox at samba.org>
Date:   Tue Mar 2 14:43:53 2010 +0100

    s3:net: add a command "net registry setsd_sdd"
    
    This permits to set the security descriptor of a registry
    key from the unix command line.
    
    Michael
    (cherry picked from commit 27ae935a8df409ce7557bd369250fa450120fdfe)
    (cherry picked from commit 3648046962a7cce0f9caeef6bd199ab1878bfdc1)

commit 969d131cc67b9cf103c8b4842e703c38e6cec0e1
Author: Michael Adam <obnox at samba.org>
Date:   Fri Feb 26 09:37:45 2010 +0100

    s3:net: add new subcommand "net registry getsd_sddl" to print secdesc in sddl format
    
    Michael
    (cherry picked from commit caa27bb165a69766585ec4a13a6c09fa774d3b48)
    (cherry picked from commit a885950fbfa049bc9b5474a42940430e1d6d6f6a)

commit 8bfa3cf94e202670ddd37c32dbd65747ef8a3b50
Author: Michael Adam <obnox at samba.org>
Date:   Fri Feb 26 09:31:03 2010 +0100

    s3:net: refactor getting of secdesc out of net_registry_getsd()
    
    New net_registry_getsd_internal does the work(),
    net_registry_getsd() just prints the result.
    This in preparation to add support for other output formats
    than the currently used display_sec_desc().
    
    Michael
    (cherry picked from commit 9a9a70f62e31e03d427275fabc2f00bb418ffa8d)

commit 13f441946e4e8bbbabb1cfdbd1d679df78802854
Author: Michael Adam <obnox at samba.org>
Date:   Tue Aug 11 23:35:48 2009 +0200

    s3:smbcacls: forbid change of debug level from config file
    
    Michael
    (cherry picked from commit a038f1e05b8b7acb5e99257e59178e1ece4ce156)
    (cherry picked from commit 2a684ee14be97e4d8e4b5a5f9ca59dafa439097f)

commit 03b9836e1c16200ac40ea48ea2addc9d5bc2e702
Author: Michael Adam <obnox at samba.org>
Date:   Mon Mar 15 12:16:52 2010 +0100

    s3:smbcacls: also honour the "--sddl" flag when setting ACLs.
    
    Michael
    (cherry picked from commit bd5c0f1b09598d817be854e7df9369a98a3fdf9f)

commit 506ccddca814ee8b09dacfd07b8e7a2bb398aabc
Author: Michael Adam <obnox at samba.org>
Date:   Sun Feb 28 22:20:03 2010 +0100

    s3:smbcacls: add switch "--sddl" to output acls as sddl encoded strings
    (cherry picked from commit 9cea4d5969d3061689e7399e0a97f7f83ed31976)
    (cherry picked from commit 734008358b7df2db2cea9f71a04196cf14223211)

commit d377f427b32899eb0a17ffbf44e03aa0575ffe7d
Author: Michael Adam <obnox at samba.org>
Date:   Sun Feb 28 22:15:23 2010 +0100

    s3: build sddl.c in samba3
    (cherry picked from commit 72f4af8cc539674560fe683a7701637f4fac9dfe)

commit 5c1a0e6c865fd275a7fe063058b6aba2928ac9c1
Author: Michael Adam <obnox at samba.org>
Date:   Sun Feb 28 22:01:49 2010 +0100

    libcli/security: fix sddl.c to be able to build it from source3
    (cherry picked from commit f37030b33afa989adaafa6d3d02751bd286f879b)
    (cherry picked from commit 617d711e0b86704b918483a8161410ac1bb80cd8)

commit 602c0b18197b85753535aeaec7b0221a118e2e1f
Author: Michael Adam <obnox at samba.org>
Date:   Fri Feb 26 18:32:21 2010 +0100

    s4:move the sddl code down to the top level
    
    Michael
    (cherry picked from commit 8a8e4a620636b098ae56f46be6112d9e68b1c665)

-----------------------------------------------------------------------

Summary of changes:
 .../smbdotconf/misc/ctdblocktimewarnthreshold.xml  |   16 +
 .../smbdotconf/misc/logwriteablefilesonexit.xml    |   16 +
 lib/async_req/async_req.c                          |    4 +-
 lib/async_req/async_req.h                          |    2 +-
 lib/async_req/async_sock.c                         |    7 +
 lib/util/util.c                                    |   28 +
 lib/util/util.h                                    |    5 +
 libcli/security/config.mk                          |    2 +-
 libcli/security/sddl.c                             |  598 +++++++++++
 libcli/security/sddl.h                             |   32 +
 source3/Makefile.in                                |    8 +-
 source3/VERSION                                    |    2 +-
 source3/configure.in                               |   24 +-
 source3/include/includes.h                         |    3 +
 source3/include/messages.h                         |    1 +
 source3/include/proto.h                            |   40 +-
 source3/include/serverid.h                         |   56 +
 source3/include/smb.h                              |    2 +
 source3/include/smb_signing.h                      |   51 +
 source3/lib/dbwrap_ctdb.c                          |   12 +
 source3/lib/messages.c                             |   21 +-
 source3/lib/serverid.c                             |  277 +++++
 source3/lib/util.c                                 |    9 +
 source3/libsmb/clikrb5.c                           |   20 +-
 source3/libsmb/clisigning.c                        |  673 +++++++++++++
 source3/libsmb/smb_signing.c                       | 1051 +++++---------------
 source3/locking/brlock.c                           |    2 +-
 source3/locking/locking.c                          |    2 +-
 source3/modules/vfs_aio_fork.c                     |    2 +-
 source3/nmbd/nmbd.c                                |    7 +-
 source3/param/loadparm.c                           |   47 +-
 source3/printing/nt_printing.c                     |    2 +-
 source3/printing/printing.c                        |    7 +-
 source3/smbd/aio.c                                 |   13 +-
 source3/smbd/blocking.c                            |    5 +-
 source3/smbd/files.c                               |    2 +-
 source3/smbd/globals.h                             |   23 +
 source3/smbd/ipc.c                                 |    4 +
 source3/smbd/negprot.c                             |    6 +-
 source3/smbd/notify.c                              |    7 +-
 source3/smbd/nttrans.c                             |    3 +-
 source3/smbd/open.c                                |    9 -
 source3/smbd/oplock.c                              |   27 +-
 source3/smbd/password.c                            |    8 +-
 source3/smbd/pipes.c                               |    1 +
 source3/smbd/process.c                             |  583 +++++++++++-
 source3/smbd/reply.c                               |   56 +-
 source3/smbd/server.c                              |   68 ++-
 source3/smbd/service.c                             |    2 +-
 source3/smbd/sesssetup.c                           |   25 -
 source3/smbd/signing.c                             |  260 +++++
 source3/smbd/trans2.c                              |   15 +-
 source3/utils/net.c                                |    7 +
 source3/utils/net_proto.h                          |    4 +
 source3/utils/net_registry.c                       |  166 +++-
 source3/utils/net_serverid.c                       |  172 ++++
 source3/utils/smbcacls.c                           |   19 +-
 source3/winbindd/winbindd.c                        |    7 +-
 source3/winbindd/winbindd_proto.h                  |    3 -
 source4/libcli/security/config.mk                  |    2 +-
 source4/libcli/security/sddl.c                     |  598 -----------
 source4/libcli/security/security.h                 |    1 +
 62 files changed, 3518 insertions(+), 1607 deletions(-)
 create mode 100644 docs-xml/smbdotconf/misc/ctdblocktimewarnthreshold.xml
 create mode 100644 docs-xml/smbdotconf/misc/logwriteablefilesonexit.xml
 create mode 100644 libcli/security/sddl.c
 create mode 100644 libcli/security/sddl.h
 create mode 100644 source3/include/serverid.h
 create mode 100644 source3/include/smb_signing.h
 create mode 100644 source3/lib/serverid.c
 create mode 100644 source3/libsmb/clisigning.c
 create mode 100644 source3/smbd/signing.c
 create mode 100644 source3/utils/net_serverid.c
 delete mode 100644 source4/libcli/security/sddl.c


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/misc/ctdblocktimewarnthreshold.xml b/docs-xml/smbdotconf/misc/ctdblocktimewarnthreshold.xml
new file mode 100644
index 0000000..149d8d6
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/ctdblocktimewarnthreshold.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="ctdb locktime warn threshold"
+                 context="G"
+		 type="integer"
+                 advanced="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>In a cluster, ctdb is very unhappy if tdb database locks
+	are held for extended periods of time. This parameter adds a
+	warning threshold in milliseconds. If Samba holds a lock for
+	longer that ctdb locktime warn threshold milliseconds, a debug
+	level 0 message is printed when the lock is released. This is
+	mainly a debugging aid for post-mortem analysis.</para>
+	<para>If this parameter is set to 0, no message is printed.</para>
+</description>
+<value type="default">0</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/misc/logwriteablefilesonexit.xml b/docs-xml/smbdotconf/misc/logwriteablefilesonexit.xml
new file mode 100644
index 0000000..1c75457
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/logwriteablefilesonexit.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="log writeable files on exit"
+		 context="G"
+		 type="boolean"
+		 advanced="1" developer="0"
+		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	This boolean option controls whether at exit time the server
+	dumps a list of files with debug level 0 that were still open
+	for write. This is an administrative aid to find the files
+	that were potentially corrupt if the network connection died.
+	</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/lib/async_req/async_req.c b/lib/async_req/async_req.c
index 69c3ed6..ce7445f 100644
--- a/lib/async_req/async_req.c
+++ b/lib/async_req/async_req.c
@@ -297,7 +297,7 @@ bool async_req_enqueue(struct async_req_queue *queue, struct tevent_context *ev,
 }
 
 bool _async_req_setup(TALLOC_CTX *mem_ctx, struct async_req **preq,
-		      void *pstate, size_t state_size, const char *typename)
+		      void *pstate, size_t state_size, const char *type_name)
 {
 	struct async_req *req;
 	void **ppstate = (void **)pstate;
@@ -312,7 +312,7 @@ bool _async_req_setup(TALLOC_CTX *mem_ctx, struct async_req **preq,
 		TALLOC_FREE(req);
 		return false;
 	}
-	talloc_set_name_const(state, typename);
+	talloc_set_name_const(state, type_name);
 	req->private_data = state;
 
 	*preq = req;
diff --git a/lib/async_req/async_req.h b/lib/async_req/async_req.h
index 7a9220b..706f007 100644
--- a/lib/async_req/async_req.h
+++ b/lib/async_req/async_req.h
@@ -157,7 +157,7 @@ bool async_req_enqueue(struct async_req_queue *queue,
 		       void (*trigger)(struct async_req *req));
 
 bool _async_req_setup(TALLOC_CTX *mem_ctx, struct async_req **preq,
-		      void *pstate, size_t state_size, const char *typename);
+		      void *pstate, size_t state_size, const char *type_name);
 
 #define async_req_setup(_mem_ctx, _preq, _pstate, type) \
 	_async_req_setup((_mem_ctx), (_preq), (_pstate), sizeof(type), #type)
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index 39705f4..09ab7d0 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -404,6 +404,13 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
 		goto fail;
 	}
 
+	if (queue == NULL) {
+		writev_trigger(result, NULL);
+		if (!tevent_req_is_in_progress(result)) {
+			return tevent_req_post(result, ev);
+		}
+		return result;
+	}
 	if (!tevent_queue_add(queue, ev, result, writev_trigger, NULL)) {
 		goto fail;
 	}
diff --git a/lib/util/util.c b/lib/util/util.c
index 0148bdb..8989377 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -25,6 +25,8 @@
 #include "system/network.h"
 #include "system/filesys.h"
 #include "system/locale.h"
+#include "system/shmem.h"
+
 #undef malloc
 #undef strcasecmp
 #undef strncasecmp
@@ -921,4 +923,30 @@ bool next_token_no_ltrim_talloc(TALLOC_CTX *ctx,
 	return next_token_internal_talloc(ctx, ptr, pp_buff, sep, false);
 }
 
+/* Map a shared memory buffer of at least nelem counters. */
+void *allocate_anonymous_shared(size_t bufsz)
+{
+	void *buf;
+	size_t pagesz = getpagesize();
+
+	if (bufsz % pagesz) {
+		bufsz = (bufsz + pagesz) % pagesz; /* round up to pagesz */
+	}
+
+#ifdef MAP_ANON
+	/* BSD */
+	buf = mmap(NULL, bufsz, PROT_READ|PROT_WRITE, MAP_ANON|MAP_SHARED,
+			-1 /* fd */, 0 /* offset */);
+#else
+	buf = mmap(NULL, bufsz, PROT_READ|PROT_WRITE, MAP_FILE|MAP_SHARED,
+			open("/dev/zero", O_RDWR), 0 /* offset */);
+#endif
+
+	if (buf == MAP_FAILED) {
+		return NULL;
+	}
+
+	return buf;
+
+}
 
diff --git a/lib/util/util.h b/lib/util/util.h
index defef12..8bae4d1 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -771,4 +771,9 @@ bool unmap_file(void *start, size_t size);
 
 void print_asc(int level, const uint8_t *buf,int len);
 
+/**
+ * Allocate anonymous shared memory of the given size
+ */
+void *allocate_anonymous_shared(size_t bufsz);
+
 #endif /* _SAMBA_UTIL_H_ */
diff --git a/libcli/security/config.mk b/libcli/security/config.mk
index 56d8e13..501857c 100644
--- a/libcli/security/config.mk
+++ b/libcli/security/config.mk
@@ -2,4 +2,4 @@
 PRIVATE_DEPENDENCIES = TALLOC
 
 LIBSECURITY_COMMON_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/security/, \
-					dom_sid.o)
+					dom_sid.o sddl.o)
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
new file mode 100644
index 0000000..1c49409
--- /dev/null
+++ b/libcli/security/sddl.c
@@ -0,0 +1,598 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   security descriptor description language functions
+
+   Copyright (C) Andrew Tridgell 		2005
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "system/locale.h"
+
+struct flag_map {
+	const char *name;
+	uint32_t flag;
+};
+
+/*
+  map a series of letter codes into a uint32_t
+*/
+static bool sddl_map_flags(const struct flag_map *map, const char *str, 
+			   uint32_t *flags, size_t *len)
+{
+	const char *str0 = str;
+	if (len) *len = 0;
+	*flags = 0;
+	while (str[0] && isupper(str[0])) {
+		int i;
+		for (i=0;map[i].name;i++) {
+			size_t l = strlen(map[i].name);
+			if (strncmp(map[i].name, str, l) == 0) {
+				*flags |= map[i].flag;
+				str += l;
+				if (len) *len += l;
+				break;
+			}
+		}
+		if (map[i].name == NULL) {
+			DEBUG(1, ("Unknown flag - %s in %s\n", str, str0));
+			return false;
+		}
+	}
+	return true;
+}
+
+/*
+  a mapping between the 2 letter SID codes and sid strings
+*/
+static const struct {
+	const char *code;
+	const char *sid;
+	uint32_t rid;
+} sid_codes[] = {
+	{ "AO", SID_BUILTIN_ACCOUNT_OPERATORS },
+	{ "BA", SID_BUILTIN_ADMINISTRATORS },
+	{ "RU", SID_BUILTIN_PREW2K },
+	{ "PO", SID_BUILTIN_PRINT_OPERATORS },
+	{ "RS", SID_BUILTIN_RAS_SERVERS },
+
+	{ "AU", SID_NT_AUTHENTICATED_USERS },
+	{ "SY", SID_NT_SYSTEM },
+	{ "PS", SID_NT_SELF },
+	{ "WD", SID_WORLD },
+	{ "ED", SID_NT_ENTERPRISE_DCS },
+
+	{ "CO", SID_CREATOR_OWNER },
+	{ "CG", SID_CREATOR_GROUP },
+
+	{ "DA", NULL, DOMAIN_RID_ADMINS },
+	{ "EA", NULL, DOMAIN_RID_ENTERPRISE_ADMINS },
+	{ "DD", NULL, DOMAIN_RID_DCS },
+	{ "DU", NULL, DOMAIN_RID_USERS },
+	{ "CA", NULL, DOMAIN_RID_CERT_ADMINS },
+};
+
+/*
+  decode a SID
+  It can either be a special 2 letter code, or in S-* format
+*/
+static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp,
+				       const struct dom_sid *domain_sid)
+{
+	const char *sddl = (*sddlp);
+	int i;
+
+	/* see if its in the numeric format */
+	if (strncmp(sddl, "S-", 2) == 0) {
+		struct dom_sid *sid;
+		char *sid_str;
+		size_t len = strspn(sddl+2, "-0123456789");
+		sid_str = talloc_strndup(mem_ctx, sddl, len+2);
+		if (!sid_str) {
+			return NULL;
+		}
+		(*sddlp) += len+2;
+		sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+		talloc_free(sid_str);
+		return sid;
+	}
+
+	/* now check for one of the special codes */
+	for (i=0;i<ARRAY_SIZE(sid_codes);i++) {
+		if (strncmp(sid_codes[i].code, sddl, 2) == 0) break;
+	}
+	if (i == ARRAY_SIZE(sid_codes)) {
+		DEBUG(1,("Unknown sddl sid code '%2.2s'\n", sddl));
+		return NULL;
+	}
+
+	(*sddlp) += 2;
+
+	if (sid_codes[i].sid == NULL) {
+		return dom_sid_add_rid(mem_ctx, domain_sid, sid_codes[i].rid);
+	}
+
+	return dom_sid_parse_talloc(mem_ctx, sid_codes[i].sid);
+}
+
+static const struct flag_map ace_types[] = {
+	{ "AU", SEC_ACE_TYPE_SYSTEM_AUDIT },
+	{ "AL", SEC_ACE_TYPE_SYSTEM_ALARM },
+	{ "OA", SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT },
+	{ "OD", SEC_ACE_TYPE_ACCESS_DENIED_OBJECT },
+	{ "OU", SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT },
+	{ "OL", SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT },
+	{ "A",  SEC_ACE_TYPE_ACCESS_ALLOWED },
+	{ "D",  SEC_ACE_TYPE_ACCESS_DENIED },
+	{ NULL, 0 }
+};
+
+static const struct flag_map ace_flags[] = {
+	{ "OI", SEC_ACE_FLAG_OBJECT_INHERIT },
+	{ "CI", SEC_ACE_FLAG_CONTAINER_INHERIT },
+	{ "NP", SEC_ACE_FLAG_NO_PROPAGATE_INHERIT },
+	{ "IO", SEC_ACE_FLAG_INHERIT_ONLY },
+	{ "ID", SEC_ACE_FLAG_INHERITED_ACE },
+	{ "SA", SEC_ACE_FLAG_SUCCESSFUL_ACCESS },
+	{ "FA", SEC_ACE_FLAG_FAILED_ACCESS },
+	{ NULL, 0 },
+};
+
+static const struct flag_map ace_access_mask[] = {
+	{ "RP", SEC_ADS_READ_PROP },
+	{ "WP", SEC_ADS_WRITE_PROP },
+	{ "CR", SEC_ADS_CONTROL_ACCESS },
+	{ "CC", SEC_ADS_CREATE_CHILD },
+	{ "DC", SEC_ADS_DELETE_CHILD },
+	{ "LC", SEC_ADS_LIST },
+	{ "LO", SEC_ADS_LIST_OBJECT },
+	{ "RC", SEC_STD_READ_CONTROL },
+	{ "WO", SEC_STD_WRITE_OWNER },
+	{ "WD", SEC_STD_WRITE_DAC },
+	{ "SD", SEC_STD_DELETE },
+	{ "DT", SEC_ADS_DELETE_TREE },
+	{ "SW", SEC_ADS_SELF_WRITE },
+	{ "GA", SEC_GENERIC_ALL },
+	{ "GR", SEC_GENERIC_READ },
+	{ "GW", SEC_GENERIC_WRITE },
+	{ "GX", SEC_GENERIC_EXECUTE },
+	{ NULL, 0 }
+};
+
+/*
+  decode an ACE
+  return true on success, false on failure
+  note that this routine modifies the string
+*/
+static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char *str,
+			    const struct dom_sid *domain_sid)
+{
+	const char *tok[6];
+	const char *s;
+	int i;
+	uint32_t v;
+	struct dom_sid *sid;
+
+	ZERO_STRUCTP(ace);
+
+	/* parse out the 6 tokens */
+	tok[0] = str;
+	for (i=0;i<5;i++) {
+		char *ptr = strchr(str, ';');
+		if (ptr == NULL) return false;
+		*ptr = 0;
+		str = ptr+1;
+		tok[i+1] = str;
+	}
+
+	/* parse ace type */
+	if (!sddl_map_flags(ace_types, tok[0], &v, NULL)) {
+		return false;
+	}
+	ace->type = v;
+
+	/* ace flags */
+	if (!sddl_map_flags(ace_flags, tok[1], &v, NULL)) {
+		return false;
+	}
+	ace->flags = v;
+	
+	/* access mask */
+	if (strncmp(tok[2], "0x", 2) == 0) {
+		ace->access_mask = strtol(tok[2], NULL, 16);
+	} else {
+		if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL)) {
+			return false;
+		}
+		ace->access_mask = v;
+	}
+
+	/* object */
+	if (tok[3][0] != 0) {
+		NTSTATUS status = GUID_from_string(tok[3], 
+						   &ace->object.object.type.type);
+		if (!NT_STATUS_IS_OK(status)) {
+			return false;
+		}
+		ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT;
+	}
+
+	/* inherit object */
+	if (tok[4][0] != 0) {
+		NTSTATUS status = GUID_from_string(tok[4], 
+						   &ace->object.object.inherited_type.inherited_type);
+		if (!NT_STATUS_IS_OK(status)) {
+			return false;
+		}
+		ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT;
+	}
+
+	/* trustee */
+	s = tok[5];
+	sid = sddl_decode_sid(mem_ctx, &s, domain_sid);
+	if (sid == NULL) {
+		return false;
+	}
+	ace->trustee = *sid;
+	talloc_free(sid);
+
+	return true;
+}
+
+static const struct flag_map acl_flags[] = {
+	{ "P", SEC_DESC_DACL_PROTECTED },
+	{ "AR", SEC_DESC_DACL_AUTO_INHERIT_REQ },
+	{ "AI", SEC_DESC_DACL_AUTO_INHERITED },
+	{ NULL, 0 }
+};
+
+/*
+  decode an ACL
+*/
+static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, 
+					    const char **sddlp, uint32_t *flags,
+					    const struct dom_sid *domain_sid)
+{
+	const char *sddl = *sddlp;
+	struct security_acl *acl;
+	size_t len;
+
+	*flags = 0;
+
+	acl = talloc_zero(sd, struct security_acl);
+	if (acl == NULL) return NULL;
+	acl->revision = SECURITY_ACL_REVISION_NT4;
+
+	if (isupper(sddl[0]) && sddl[1] == ':') {
+		/* its an empty ACL */
+		return acl;
+	}
+
+	/* work out the ACL flags */
+	if (!sddl_map_flags(acl_flags, sddl, flags, &len)) {
+		talloc_free(acl);
+		return NULL;
+	}
+	sddl += len;
+
+	/* now the ACEs */
+	while (*sddl == '(') {
+		char *astr;
+		len = strcspn(sddl+1, ")");
+		astr = talloc_strndup(acl, sddl+1, len);
+		if (astr == NULL || sddl[len+1] != ')') {
+			talloc_free(acl);
+			return NULL;
+		}
+		acl->aces = talloc_realloc(acl, acl->aces, struct security_ace, 
+					   acl->num_aces+1);
+		if (acl->aces == NULL) {
+			talloc_free(acl);
+			return NULL;
+		}
+		if (!sddl_decode_ace(acl->aces, &acl->aces[acl->num_aces], 
+				     astr, domain_sid)) {
+			talloc_free(acl);
+			return NULL;
+		}
+		switch (acl->aces[acl->num_aces].type) {
+		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+			acl->revision = SECURITY_ACL_REVISION_ADS;
+			break;
+		default:
+			break;
+		}
+		talloc_free(astr);
+		sddl += len+2;
+		acl->num_aces++;
+	}
+
+	(*sddlp) = sddl;
+	return acl;


-- 
SAMBA-CTDB repository


More information about the samba-cvs mailing list