[SCM] Samba Shared Repository - branch v3-5-stable updated
Karolin Seeger
kseeger at samba.org
Wed Aug 3 12:25:09 MDT 2011
The branch, v3-5-stable has been updated
via 439b006 WHATSNEW: Add changes since 3.5.10.
via b1cbf46 Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
via a918549 s3: Test for "__attribute__((destructor))" (cherry picked from commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0)
via 7740410 s3:librpc/gen_ndr: regen after wbint.idl changes
via 735c596 s3:nmbd_subnetdb: close all sockets attached to a subnet in close_subnet() (bug #8276)
via 5d21630 s3:nmbd_packets: make sure create_listen_fdset() returns initialized data (bug #8276)
via 74b0fa9 s3:smbldap: make smbldap_connect_system self contained
via 900f2dc s3:smbldap: add a destructor to smbldap_state, just in case (cherry picked from commit 6a3869da05b0d0e4d47db2502489de359d5e7e45)
via 34fe1d2 s3:smbldap: let smbldap_free_struct do what it claims to (cherry picked from commit df03f6c2c98f65bf9656d27e1cc9dc72cd587e31)
via d23006c s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_close (cherry picked from commit 70856a728a0be1c97e9e13382cd2d880450e07c4)
via e76eea3 s3:smbldap: use smbldap_state as memory context for idle event
via 1560897 s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841) (cherry picked from commit 1a8155d347e2a8de3432ce0fe99d598c25c2bafb)
via f575f3d Fix bug #8254 - "acl check permissions = no" does not work in all cases
via d89e172 s3: increase the log level for missing PIDs on SIGCHLD
via 393e6e3 WHATSNEW: Formatting.
via 426fd35 s3-WHATSNEW 3.5.9 Add information on kerberos change (cherry picked from commit eb7c10ea16ff7db34d8ab71306c7d5d298df8d40)
via 8a98c3f s3: Fix bug 8238 -- KB2536276 prevents access to shares
via c3e04c3 docs: fix the missing parameter description section in the smb.conf manpage
via fc89d0a libreplace: include sys/file.h only when available
via cb731c5 s3-docs Add documentation for 'client use spnego principal' (cherry picked from commit 4829da5bd4989b7e4b7e858af1770f13d9d2e647)
from 6ab1dc2 WHATSNEW: Start release notes for 3.5.11.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable
- Log -----------------------------------------------------------------
commit 439b006e73b330dd84e4b65e25142063a9be25f9
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Aug 3 20:20:58 2011 +0200
WHATSNEW: Add changes since 3.5.10.
Karolin
(cherry picked from commit 529bfe1d43fc8f6c7a1ef93d437f40cd89b1ab63)
commit b1cbf46f992ab6dc48996cf7e7e7740198d04452
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 2 20:49:46 2011 +0200
Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
Make SA_RESETHAND conditional on its existance.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Mon Aug 1 22:03:45 CEST 2011 on sn-devel-104
(cherry picked from commit 0c67efdd68b9808542c090b9fd9920e4e37d85d0)
(cherry picked from commit 490986add9d5e80b24e90dbfe3e3ef23ce5584a0)
commit a91854902ed3114f472521d7a5af315ec3397bd5
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 10 11:53:03 2010 +0200
s3: Test for "__attribute__((destructor))"
(cherry picked from commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0)
Fix bug #8322 (HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR is missing from 3.5.x).
(cherry picked from commit c69ab4252d9aea274f44f96b1e3f41ca57185987)
commit 774041088d1d26f624430222fa71a412265ee108
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 4 11:47:24 2011 +0200
s3:librpc/gen_ndr: regen after wbint.idl changes
metze
Part of a fix for bug #7841 (WINBINDD_LOOKUPRIDS asks the wrong domain).
(cherry picked from commit 12a4b5633d5c3488f48f3e7a5084402f6eeeb9c5)
commit 735c596320a952631dc1accc8ead0e57dd96060a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 30 10:09:56 2011 +0200
s3:nmbd_subnetdb: close all sockets attached to a subnet in close_subnet() (bug #8276)
metze
(cherry picked from commit 75e9f2110876137a57632d223248ac51dbfc4569)
(cherry picked from commit 48355dae98885ca0d44dbf4206a0bdf16c64fced)
commit 5d216307cab2a4760fb7567ff03c6c09b5fcf231
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 30 09:56:06 2011 +0200
s3:nmbd_packets: make sure create_listen_fdset() returns initialized data (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-5-test.
metze
(cherry picked from commit 9d5738f779b803fb257537d6308a5f34625cb1b0)
commit 74b0fa966ef86d17e90fda69a9beed537c1d2807
Author: Gregor Beck <gbeck at sernet.de>
Date: Tue Jun 21 08:16:56 2011 +0200
s3:smbldap: make smbldap_connect_system self contained
The last 5 patches address bug #8253 (winbindd panics if verify_idpool() fails).
(cherry picked from commit 1da14b93bc664948699f62cca2fc777c6f7523c9)
commit 900f2dc4a472c25f91a02446185596821010bcc7
Author: Gregor Beck <gbeck at sernet.de>
Date: Tue Jun 21 08:06:28 2011 +0200
s3:smbldap: add a destructor to smbldap_state, just in case
(cherry picked from commit 6a3869da05b0d0e4d47db2502489de359d5e7e45)
commit 34fe1d269f35ca8042d5d7b0193fed58034bb285
Author: Gregor Beck <gbeck at sernet.de>
Date: Tue Jun 21 08:02:53 2011 +0200
s3:smbldap: let smbldap_free_struct do what it claims to
(cherry picked from commit df03f6c2c98f65bf9656d27e1cc9dc72cd587e31)
commit d23006ce4577421832674dcbe88cb8d9e28860d0
Author: Gregor Beck <gbeck at sernet.de>
Date: Tue Jun 21 08:00:59 2011 +0200
s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_close
(cherry picked from commit 70856a728a0be1c97e9e13382cd2d880450e07c4)
commit e76eea3f1f1b4e204516f8f4cd2dd61090a1e046
Author: Gregor Beck <gbeck at sernet.de>
Date: Tue Jun 21 07:51:41 2011 +0200
s3:smbldap: use smbldap_state as memory context for idle event
ensure the event is canceled if the smbldap_state gets freed
this fixes a panic of winbindd if verify_idpool fails
(cherry picked from commit 3d78bea9ac27c3f6c98561e287add632a17ce747)
commit 156089737efcdde23d31fbf866687ff7c0b4f982
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jun 27 14:34:39 2011 +0200
s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
(cherry picked from commit 1a8155d347e2a8de3432ce0fe99d598c25c2bafb)
commit f575f3d88eccc298e512c796dd5b45416b8ba389
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 23 14:42:27 2011 -0700
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
(cherry picked from commit 83357ecf6adafe3d23ada705e79c3af25ad4e734)
commit d89e172a785879372dacf3e8ef79d6dafc899658
Author: David Disseldorp <ddiss at suse.de>
Date: Wed Feb 16 17:23:25 2011 +0100
s3: increase the log level for missing PIDs on SIGCHLD
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring"
messages).
(cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653)
commit 393e6e32b1bcd4906ba9a9155a34f368109d89a6
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Jun 24 21:16:17 2011 +0200
WHATSNEW: Formatting.
Karolin
(cherry picked from commit efd437efea9096837f3f45b47daff3e147cddea8)
commit 426fd350773dbf30808e978274abfd54a06fefb5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 14 22:04:11 2011 +1000
s3-WHATSNEW 3.5.9 Add information on kerberos change
(cherry picked from commit eb7c10ea16ff7db34d8ab71306c7d5d298df8d40)
commit 8a98c3fe25486334a7bbb36f551bd71157a048c3
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jun 16 22:20:49 2011 +0200
s3: Fix bug 8238 -- KB2536276 prevents access to shares
Without this we were not sending the workgroup name in the negprot reply if
plain text passwords are used.
(cherry picked from commit d42bf679b0807ebc47f43c62d4b883e0b5096abb)
commit c3e04c3a0e63813a307f2e6a88077b8945b145f1
Author: Michael Adam <obnox at samba.org>
Date: Tue Apr 5 23:07:01 2011 +0200
docs: fix the missing parameter description section in the smb.conf manpage
The smb.conf (5) manpage recently sometimes failed to contain the
contents of the description of each parameter section. The reason
was a unreliable chain of dependencies in the Makefile.
The error can be reproduced by touching manpages-3/smb.conf.5.xml
and then building the manpages.
Then smb.conf.5.xml is newer than any of the smbdotconf/*/*.xml
files and hence the intermediate inexistent parameters.*.xml
don't get generated.
This patch fixes this problem by introducing a phony "parameters"
target referencing the parameters.*.xml targets, so that they
get build unconditionally.
Fix bug #7997 (smb.conf.5 manpage truncated in 3.5.8).
(cherry picked from commit 08e64ab50b9202ccbc6c0b397f9ac8cc467c2254)
commit fc89d0a91e62cce3b3546291f496fc12da8c6d16
Author: Björn Jacke <bj at sernet.de>
Date: Sun May 30 21:52:39 2010 +0200
libreplace: include sys/file.h only when available
thanks to Joachim Schmitz <schmitz at hp.com>. This fixes #7460.
(cherry picked from commit a33b6032beb45f7ba07432899236fccb133a6dfc)
commit cb731c5e5c9ce512f45f80453c835c9c34cd88e8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 14 22:16:02 2011 +1000
s3-docs Add documentation for 'client use spnego principal'
(cherry picked from commit 4829da5bd4989b7e4b7e858af1770f13d9d2e647)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 53 ++++++++++++++++++--
docs-xml/Makefile | 10 +++-
.../security/clientusepsnegoprincipal.xml | 28 ++++++++++
lib/replace/system/config.m4 | 2 +-
lib/replace/system/filesys.h | 2 +
lib/replace/system/wait.h | 4 --
lib/tevent/testsuite.c | 2 +
lib/tevent/tevent_signal.c | 4 ++
source3/configure.in | 16 ++++++
source3/lib/smbldap.c | 34 +++++++++----
source3/librpc/gen_ndr/cli_wbint.c | 4 ++
source3/librpc/gen_ndr/cli_wbint.h | 2 +
source3/librpc/gen_ndr/ndr_wbint.c | 16 ++++++
source3/librpc/gen_ndr/wbint.h | 1 +
source3/librpc/idl/wbint.idl | 1 +
source3/nmbd/nmbd_packets.c | 44 ++++++++++-------
source3/nmbd/nmbd_subnetdb.c | 14 ++++-
source3/smbd/file_access.c | 5 ++
source3/smbd/negprot.c | 1 +
source3/smbd/open.c | 13 ++++-
source3/smbd/server.c | 3 +-
source3/winbindd/winbindd_dual_srv.c | 5 +-
source3/winbindd/winbindd_lookuprids.c | 12 ++--
23 files changed, 223 insertions(+), 53 deletions(-)
create mode 100644 docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6a5db3b..36dfb70 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
==============================
Release Notes for Samba 3.5.11
- , 2011
+ August 4, 2011
==============================
@@ -8,14 +8,45 @@ This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.11 include:
-o
+o Fix access to Samba shares when Windows security patch KB2536276 is installed
+ (bug #7460).
+o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
+o Fix Winbind panics if verify_idpool() fails (bug #8253).
Changes since 3.5.10:
--------------------
-o
+o Jeremy Allison <jra at samba.org>
+ * BUG 7462: Make SA_RESETHAND conditional on its existance.
+ * BUG 8254: Make "acl check permissions = no" working in all cases.
+
+
+o Gregor Beck <gbeck at sernet.de>
+ * BUG 8253: Fix Winbind panics if verify_idpool() fails.
+
+
+o David Disseldorp <ddiss at suse.de>
+ * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
+ messages in smbd.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 7460: Include sys/file.h only when available.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
+ * BUG 8238: Fix access to Samba shares when Windows security patch
+ KB2536276 is installed.
+ * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
+ * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
+ * BUG 8276: Close all sockets attached to a subnet in close_subnet().
######################################################################
@@ -112,7 +143,21 @@ Major enhancements in Samba 3.5.9 include:
o Sgid bit lost on folder rename (bug #7996).
o ACL can get lost when files are being renamed (bug #7987).
o Respect "allow trusted domains = no" in Winbind (bug #6966).
+o Samba now follows Windows behaviour as a Kerberos client,
+ requesting a CIFS/ ticket (bug #7893).
+
+New Kerberos behaviour
+----------------------
+A new parameter 'client use spnego principal' defaults to 'no' and
+mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting
+more like Windows when using Kerberos against a CIFS server in
+smbclient, winbind and other Samba client tools. This will change
+which servers we will successfully negotiate kerberos connections to.
+This is due to Samba no longer trusting a server-provided hint which
+is not available from Windows 2008 or later. For correct operation
+with all clients, all aliases for a server should be recorded as a as
+a servicePrincipalName on the server's record in AD.
Changes since 3.5.8:
--------------------
diff --git a/docs-xml/Makefile b/docs-xml/Makefile
index 40a6c7b..40aa161 100644
--- a/docs-xml/Makefile
+++ b/docs-xml/Makefile
@@ -181,7 +181,15 @@ $(TEXINFODIR)/%.info: $(TEXINFODIR)/%.texi
$(MAKEINFO) --no-validate --force -o $@ "$<"
# Manpages
-$(MANPAGEDIR3)/smb.conf.5.xml: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/parameters.global.xml
+$(MANPAGEDIR3)/smb.conf.5.xml: parameters
+
+# The phony parameters target exists in order to always create the
+# the parameters xml files. Otherwise, when parameters.*.xml does not exist
+# yet, the parameters are not generated when smb.conf.5.xml is newer than
+# any smbdotconf/*/*.xml file ...
+.PHONY: parameters
+
+parameters: $(SMBDOTCONFDOC)/parameters.all.xml $(SMBDOTCONFDOC)/parameters.service.xml $(SMBDOTCONFDOC)/parameters.global.xml
$(SMBDOTCONFDOC)/parameters.all.xml: $(wildcard $(SMBDOTCONFDOC)/*/*.xml) $(SMBDOTCONFDOC)/generate-file-list.sh
$(SMBDOTCONFDOC)/generate-file-list.sh $(SMBDOTCONFDOC) > $@
diff --git a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
new file mode 100644
index 0000000..6ec1eb1
--- /dev/null
+++ b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="client use spnego principal"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter determines whether or not
+ <citerefentry><refentrytitle>smbclient</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> and other samba components
+ acting as a client will attempt to use the server-supplied
+ principal sometimes given in the SPNEGO exchange.</para>
+
+ <para>If enabled, Samba can attempt to use Kerberos to contact
+ servers known only by IP address. Kerberos relies on names, so
+ ordinarily cannot function in this situation. </para>
+
+ <para>If disabled, Samba will use the name used to look up the
+ server when asking the KDC for a ticket. This avoids situations
+ where a server may impersonate another, soliciting authentication
+ as one principal while being known on the network as another.
+ </para>
+
+ <para>Note that Windows XP SP2 and later versions already follow
+ this behaviour, and Windows Vista and later servers no longer
+ supply this 'rfc4178 hint' principal on the server side.</para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/lib/replace/system/config.m4 b/lib/replace/system/config.m4
index 39c2f58..b8568a5 100644
--- a/lib/replace/system/config.m4
+++ b/lib/replace/system/config.m4
@@ -1,7 +1,7 @@
# filesys
AC_HEADER_DIRENT
AC_CHECK_HEADERS(fcntl.h sys/fcntl.h sys/resource.h sys/ioctl.h sys/mode.h sys/filio.h sys/fs/s5param.h sys/filsys.h)
-AC_CHECK_HEADERS(sys/acl.h acl/libacl.h)
+AC_CHECK_HEADERS(sys/acl.h acl/libacl.h sys/file.h)
# select
AC_CHECK_HEADERS(sys/select.h)
diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h
index 22e3d23..6cf2dd2 100644
--- a/lib/replace/system/filesys.h
+++ b/lib/replace/system/filesys.h
@@ -77,7 +77,9 @@
#include <sys/filio.h>
#endif
+#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
+#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
diff --git a/lib/replace/system/wait.h b/lib/replace/system/wait.h
index 79583ad..497f559 100644
--- a/lib/replace/system/wait.h
+++ b/lib/replace/system/wait.h
@@ -44,10 +44,6 @@
#include <setjmp.h>
#endif
-#ifndef SA_RESETHAND
-#define SA_RESETHAND SA_ONESHOT
-#endif
-
#if !defined(HAVE_SIG_ATOMIC_T_TYPE)
typedef int sig_atomic_t;
#endif
diff --git a/lib/tevent/testsuite.c b/lib/tevent/testsuite.c
index f9aca91..41f7345 100644
--- a/lib/tevent/testsuite.c
+++ b/lib/tevent/testsuite.c
@@ -101,7 +101,9 @@ static bool test_event_context(struct torture_context *test,
#ifdef SA_RESTART
se1 = event_add_signal(ev_ctx, ev_ctx, SIGALRM, SA_RESTART, count_handler, &alarm_count);
#endif
+#ifdef SA_RESETHAND
se2 = event_add_signal(ev_ctx, ev_ctx, SIGALRM, SA_RESETHAND, count_handler, &alarm_count);
+#endif
#ifdef SA_SIGINFO
se3 = event_add_signal(ev_ctx, ev_ctx, SIGUSR1, SA_SIGINFO, count_handler, &info_count);
#endif
diff --git a/lib/tevent/tevent_signal.c b/lib/tevent/tevent_signal.c
index 45f65cf..2e9f20a 100644
--- a/lib/tevent/tevent_signal.c
+++ b/lib/tevent/tevent_signal.c
@@ -355,16 +355,20 @@ int tevent_common_check_signal(struct tevent_context *ev)
(void*)&sig_state->sig_info[i][ofs],
se->private_data);
}
+#ifdef SA_RESETHAND
if (se->sa_flags & SA_RESETHAND) {
talloc_free(se);
}
+#endif
continue;
}
#endif
se->handler(ev, se, i, count, NULL, se->private_data);
+#ifdef SA_RESETHAND
if (se->sa_flags & SA_RESETHAND) {
talloc_free(se);
}
+#endif
}
#ifdef SA_SIGINFO
diff --git a/source3/configure.in b/source3/configure.in
index 2c9fe1e..2494593 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -1331,6 +1331,22 @@ if test x"$samba_cv_stat_dos_flags" = x"yes" ; then
AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct])
fi
+AC_CACHE_CHECK([whether we can compile with __attribute__((destructor))],
+ samba_cv_function_attribute_destructor,
+ [
+ AC_COMPILE_IFELSE(
+ [
+ __attribute__((destructor))
+ static void cleanup(void) { }
+ ],
+ samba_cv_function_attribute_destructor=yes)
+ ])
+
+if test x"$samba_cv_function_attribute_destructor" = xyes ; then
+ AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
+ [whether we can compile with __attribute__((destructor))])
+fi
+
#####################################
# needed for SRV lookups
AC_CHECK_LIB(resolv, dn_expand)
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 7aa36ba..c2ac343 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1093,8 +1093,9 @@ static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
/*******************************************************************
connect to the ldap server under system privilege.
******************************************************************/
-static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_struct)
+static int smbldap_connect_system(struct smbldap_state *ldap_state)
{
+ LDAP *ldap_struct = ldap_state->ldap_struct;
int rc;
int version;
@@ -1105,7 +1106,8 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
/* get the default dn and password only if they are not set already */
if (!fetch_ldap_pw(&bind_dn, &bind_secret)) {
DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n"));
- return LDAP_INVALID_CREDENTIALS;
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto done;
}
smbldap_set_creds(ldap_state, false, bind_dn, bind_secret);
SAFE_FREE(bind_dn);
@@ -1151,7 +1153,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
ld_error ? ld_error : "(unknown)"));
SAFE_FREE(ld_error);
ldap_state->num_failures++;
- return rc;
+ goto done;
}
ldap_state->num_failures = 0;
@@ -1166,6 +1168,11 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n"));
DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n",
ldap_state->paged_results ? "does" : "does not"));
+done:
+ if (rc != 0) {
+ ldap_unbind(ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ }
return rc;
}
@@ -1220,9 +1227,7 @@ static int smbldap_open(struct smbldap_state *ldap_state)
return rc;
}
- if ((rc = smbldap_connect_system(ldap_state, ldap_state->ldap_struct))) {
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
+ if ((rc = smbldap_connect_system(ldap_state))) {
return rc;
}
@@ -1234,7 +1239,7 @@ static int smbldap_open(struct smbldap_state *ldap_state)
if (ldap_state->event_context != NULL) {
ldap_state->idle_event = event_add_timed(
- ldap_state->event_context, NULL,
+ ldap_state->event_context, ldap_state,
timeval_current_ofs(SMBLDAP_IDLE_TIME, 0),
smbldap_idle_fn, ldap_state);
}
@@ -1259,6 +1264,8 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state)
smbldap_delete_state(ldap_state);
+ TALLOC_FREE(ldap_state->idle_event);
+
DEBUG(5,("The connection to the LDAP server was closed\n"));
/* maybe free the results here --metze */
@@ -1745,7 +1752,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx,
DEBUG(10,("ldap connection not idle...\n"));
state->idle_event = event_add_timed(
- event_ctx, NULL,
+ event_ctx, state,
timeval_add(&now, SMBLDAP_IDLE_TIME, 0),
smbldap_idle_fn,
private_data);
@@ -1771,13 +1778,17 @@ void smbldap_free_struct(struct smbldap_state **ldap_state)
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
- TALLOC_FREE((*ldap_state)->idle_event);
-
- *ldap_state = NULL;
+ TALLOC_FREE(*ldap_state);
/* No need to free any further, as it is talloc()ed */
}
+static int smbldap_state_destructor(struct smbldap_state *state)
+{
+ smbldap_free_struct(&state);
+ return 0;
+}
+
/**********************************************************************
Intitalise the 'general' ldap structures, on which ldap operations may be conducted
@@ -1801,6 +1812,7 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx,
(*smbldap_state)->event_context = event_ctx;
+ talloc_set_destructor(*smbldap_state, smbldap_state_destructor);
return NT_STATUS_OK;
}
diff --git a/source3/librpc/gen_ndr/cli_wbint.c b/source3/librpc/gen_ndr/cli_wbint.c
index 7200d2a..bf6b04b 100644
--- a/source3/librpc/gen_ndr/cli_wbint.c
+++ b/source3/librpc/gen_ndr/cli_wbint.c
@@ -2508,6 +2508,7 @@ static void rpccli_wbint_LookupRids_done(struct tevent_req *subreq);
struct tevent_req *rpccli_wbint_LookupRids_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct rpc_pipe_client *cli,
+ struct dom_sid *_domain_sid /* [in] [ref] */,
struct wbint_RidArray *_rids /* [in] [ref] */,
const char **_domain_name /* [out] [ref,charset(UTF8)] */,
struct wbint_Principals *_names /* [out] [ref] */)
@@ -2525,6 +2526,7 @@ struct tevent_req *rpccli_wbint_LookupRids_send(TALLOC_CTX *mem_ctx,
state->dispatch_recv = cli->dispatch_recv;
/* In parameters */
+ state->orig.in.domain_sid = _domain_sid;
state->orig.in.rids = _rids;
/* Out parameters */
@@ -2614,6 +2616,7 @@ NTSTATUS rpccli_wbint_LookupRids_recv(struct tevent_req *req,
NTSTATUS rpccli_wbint_LookupRids(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
+ struct dom_sid *domain_sid /* [in] [ref] */,
struct wbint_RidArray *rids /* [in] [ref] */,
const char **domain_name /* [out] [ref,charset(UTF8)] */,
struct wbint_Principals *names /* [out] [ref] */)
@@ -2622,6 +2625,7 @@ NTSTATUS rpccli_wbint_LookupRids(struct rpc_pipe_client *cli,
NTSTATUS status;
/* In parameters */
+ r.in.domain_sid = domain_sid;
r.in.rids = rids;
status = cli->dispatch(cli,
diff --git a/source3/librpc/gen_ndr/cli_wbint.h b/source3/librpc/gen_ndr/cli_wbint.h
index c4f9a81..6470816 100644
--- a/source3/librpc/gen_ndr/cli_wbint.h
+++ b/source3/librpc/gen_ndr/cli_wbint.h
@@ -223,6 +223,7 @@ NTSTATUS rpccli_wbint_DsGetDcName(struct rpc_pipe_client *cli,
struct tevent_req *rpccli_wbint_LookupRids_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct rpc_pipe_client *cli,
+ struct dom_sid *_domain_sid /* [in] [ref] */,
struct wbint_RidArray *_rids /* [in] [ref] */,
const char **_domain_name /* [out] [ref,charset(UTF8)] */,
struct wbint_Principals *_names /* [out] [ref] */);
@@ -231,6 +232,7 @@ NTSTATUS rpccli_wbint_LookupRids_recv(struct tevent_req *req,
NTSTATUS *result);
NTSTATUS rpccli_wbint_LookupRids(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
+ struct dom_sid *domain_sid /* [in] [ref] */,
struct wbint_RidArray *rids /* [in] [ref] */,
const char **domain_name /* [out] [ref,charset(UTF8)] */,
struct wbint_Principals *names /* [out] [ref] */);
diff --git a/source3/librpc/gen_ndr/ndr_wbint.c b/source3/librpc/gen_ndr/ndr_wbint.c
index 5bb6832..27c668e 100644
--- a/source3/librpc/gen_ndr/ndr_wbint.c
+++ b/source3/librpc/gen_ndr/ndr_wbint.c
@@ -2076,6 +2076,10 @@ _PUBLIC_ void ndr_print_wbint_DsGetDcName(struct ndr_print *ndr, const char *nam
static enum ndr_err_code ndr_push_wbint_LookupRids(struct ndr_push *ndr, int flags, const struct wbint_LookupRids *r)
{
if (flags & NDR_IN) {
+ if (r->in.domain_sid == NULL) {
+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+ }
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->in.domain_sid));
if (r->in.rids == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
@@ -2104,6 +2108,7 @@ static enum ndr_err_code ndr_push_wbint_LookupRids(struct ndr_push *ndr, int fla
static enum ndr_err_code ndr_pull_wbint_LookupRids(struct ndr_pull *ndr, int flags, struct wbint_LookupRids *r)
{
uint32_t _ptr_domain_name;
+ TALLOC_CTX *_mem_save_domain_sid_0;
TALLOC_CTX *_mem_save_rids_0;
TALLOC_CTX *_mem_save_domain_name_0;
TALLOC_CTX *_mem_save_domain_name_1;
@@ -2112,6 +2117,13 @@ static enum ndr_err_code ndr_pull_wbint_LookupRids(struct ndr_pull *ndr, int fla
ZERO_STRUCT(r->out);
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+ NDR_PULL_ALLOC(ndr, r->in.domain_sid);
+ }
+ _mem_save_domain_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_sid, LIBNDR_FLAG_REF_ALLOC);
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->in.domain_sid));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_sid_0, LIBNDR_FLAG_REF_ALLOC);
+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->in.rids);
}
_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
@@ -2170,6 +2182,10 @@ _PUBLIC_ void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name
if (flags & NDR_IN) {
ndr_print_struct(ndr, "in", "wbint_LookupRids");
ndr->depth++;
+ ndr_print_ptr(ndr, "domain_sid", r->in.domain_sid);
+ ndr->depth++;
+ ndr_print_dom_sid(ndr, "domain_sid", r->in.domain_sid);
+ ndr->depth--;
ndr_print_ptr(ndr, "rids", r->in.rids);
ndr->depth++;
ndr_print_wbint_RidArray(ndr, "rids", r->in.rids);
diff --git a/source3/librpc/gen_ndr/wbint.h b/source3/librpc/gen_ndr/wbint.h
index 2add7fc..4ba45ad 100644
--- a/source3/librpc/gen_ndr/wbint.h
+++ b/source3/librpc/gen_ndr/wbint.h
@@ -276,6 +276,7 @@ struct wbint_DsGetDcName {
struct wbint_LookupRids {
struct {
+ struct dom_sid *domain_sid;/* [ref] */
struct wbint_RidArray *rids;/* [ref] */
} in;
diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl
index d12fae8..3258a32 100644
--- a/source3/librpc/idl/wbint.idl
+++ b/source3/librpc/idl/wbint.idl
@@ -140,6 +140,7 @@ interface wbint
);
NTSTATUS wbint_LookupRids(
+ [in] dom_sid *domain_sid,
[in] wbint_RidArray *rids,
[out,string,charset(UTF8)] char **domain_name,
[out] wbint_Principals *names
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 0eafb2c..e53eebb 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -1729,19 +1729,23 @@ only use %d.\n", count, FD_SETSIZE));
for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) {
/* We have to ignore sockets outside FD_SETSIZE. */
- continue;
+ sock_array[num++] = -1;
+ } else {
+ FD_SET(subrec->nmb_sock,pset);
+ sock_array[num++] = subrec->nmb_sock;
+ *maxfd = MAX( *maxfd, subrec->nmb_sock);
--
Samba Shared Repository
More information about the samba-cvs
mailing list