[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Thu Dec 15 17:09:03 MST 2011


The branch, master has been updated
       via  d62de8d lib/param: Set s4 "host msdfs = true" by default
       via  77a551d loadparm: fixed service list handling
       via  fae42c1 pidfile: use set_close_on_exec()
       via  9f4c3da s4-socket: use set_close_on_exec()
       via  d581c9d genrand: use set_close_on_exec()
       via  3b56f64 lib/util: added set_close_on_exec()
       via  9782501 dynconfig: added SBINDIR and BINDIR as updated dynconfig variables
      from  1355f0a s3: Fix a typo

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d62de8d83e451a8c562dd59d8599c2a325c7ac1f
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Dec 16 09:26:04 2011 +1100

    lib/param: Set s4 "host msdfs = true" by default
    
    This matches the s3 loadparm, and makes this feature available
    by default for our users in a DC environment.  (This is needed
    for the correct operation of GPOs).
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Fri Dec 16 01:08:34 CET 2011 on sn-devel-104

commit 77a551d613059fd2df0fbfbd86f206c2b59e91a7
Author: Andrew Tridgell <tridge at samba.org>
Date:   Tue Dec 6 11:30:24 2011 +1100

    loadparm: fixed service list handling
    
    when you have:
    
      server services = +smb -s3fs
    
    and 'smb' is already in the list, then this should not be an
    error. This ensures that a config that specifically sets the services
    it wants doesn't generate an error if the service list being set
    happens to be the default

commit fae42c1f41435bf087c23d384cd6147dd9f7f4ef
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Nov 30 15:18:54 2011 +1100

    pidfile: use set_close_on_exec()
    
    this prevents a fd leak to child processes

commit 9f4c3da734adbabf457074563f3fb3fae7b85585
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Nov 30 15:18:45 2011 +1100

    s4-socket: use set_close_on_exec()
    
    this prevents a fd leak to child processes

commit d581c9d284e7c635b0379d57e95cb32e682f0f02
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Nov 30 15:18:08 2011 +1100

    genrand: use set_close_on_exec()
    
    this prevents a fd leak to child processes

commit 3b56f64923a71a90734c5167d549e4eb14002d18
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Nov 30 15:17:47 2011 +1100

    lib/util: added set_close_on_exec()
    
    this was already in tevent_util.c, but library layering prevented us
    from using it in some other libraries

commit 9782501f0b9fafa171c4ed830abd8433b0be1f1b
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Nov 30 10:07:30 2011 +1100

    dynconfig: added SBINDIR and BINDIR as updated dynconfig variables
    
    this allows these to work correctly in a build environment, pointing
    at bin/

-----------------------------------------------------------------------

Summary of changes:
 dynconfig/wscript                |    2 ++
 lib/param/loadparm.c             |   20 ++++++--------------
 lib/util/blocking.c              |   18 ++++++++++++++++++
 lib/util/genrand.c               |    9 +++++++++
 lib/util/samba_util.h            |    5 +++++
 source4/lib/socket/socket_ip.c   |    4 ++++
 source4/lib/socket/socket_unix.c |    4 ++++
 source4/smbd/pidfile.c           |    2 ++
 8 files changed, 50 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/dynconfig/wscript b/dynconfig/wscript
index 28f6e8d..374ede2 100755
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -340,6 +340,8 @@ def dynconfig_cflags(bld, list=None):
     override = { 'MODULESDIR'    : 'bin/modules',
                  'PYTHONDIR'     : 'bin/python',
                  'PYTHONARCHDIR' : 'bin/python',
+                 'BINDIR'        : 'bin',
+                 'SBINDIR'       : 'bin',
                  'CODEPAGEDIR'   : os.path.join(bld.env.srcdir, 'codepages'),
                  'SCRIPTSBINDIR' : os.path.join(bld.env.srcdir, 'source4/scripting/bin'),
                  'SETUPDIR'      : os.path.join(bld.env.srcdir, 'source4/setup') }
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 48b5221..8ed9ced 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2509,23 +2509,13 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr,
 			char **new_list = str_list_make(mem_ctx,
 							pszParmValue, NULL);
 			for (i=0; new_list[i]; i++) {
-				if (new_list[i][0] == '+' && new_list[i][1] &&
-				    (!str_list_check(*(const char ***)parm_ptr,
-						     &new_list[i][1]))) {
-					*(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
-										 &new_list[i][1]);
-				} else if (new_list[i][0] == '-' && new_list[i][1]) {
-#if 0 /* This is commented out because we sometimes parse the list
-       * twice, and so we can't assert on this */
+				if (new_list[i][0] == '+' && new_list[i][1]) {
 					if (!str_list_check(*(const char ***)parm_ptr,
 							    &new_list[i][1])) {
-						DEBUG(0, ("Unsupported value for: %s = %s, %s is not in the original list [%s]\n",
-							  pszParmName, pszParmValue, new_list[i],
-							  str_list_join_shell(mem_ctx, *(const char ***)parm_ptr, ' ')));
-						return false;
-
+						*(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr,
+											 &new_list[i][1]);
 					}
-#endif
+				} else if (new_list[i][0] == '-' && new_list[i][1]) {
 					str_list_remove(*(const char ***)parm_ptr,
 							&new_list[i][1]);
 				} else {
@@ -3295,6 +3285,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
 	lpcfg_do_global_parameter(lp_ctx, "max mux", "50");
 	lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
+	lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
+
 	lpcfg_do_global_parameter(lp_ctx, "password level", "0");
 	lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
 	lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
diff --git a/lib/util/blocking.c b/lib/util/blocking.c
index f5933cc..9dede7a 100644
--- a/lib/util/blocking.c
+++ b/lib/util/blocking.c
@@ -60,3 +60,21 @@ _PUBLIC_ int set_blocking(int fd, bool set)
 	return fcntl( fd, F_SETFL, val);
 #undef FLAG_TO_SET
 }
+
+
+_PUBLIC_ bool set_close_on_exec(int fd)
+{
+#ifdef FD_CLOEXEC
+	int val;
+
+	val = fcntl(fd, F_GETFD, 0);
+	if (val >= 0) {
+		val |= FD_CLOEXEC;
+		val = fcntl(fd, F_SETFD, val);
+		if (val != -1) {
+			return true;
+		}
+	}
+#endif
+	return false;
+}
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 7fe55f3..b8d3c78 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -172,6 +172,9 @@ static int do_reseed(bool use_fd, int fd)
 	if (use_fd) {
 		if (fd == -1) {
 			fd = open( "/dev/urandom", O_RDONLY,0);
+			if (fd != -1) {
+				set_close_on_exec(fd);
+			}
 		}
 		if (fd != -1
 		    && (read(fd, seed_inbuf, sizeof(seed_inbuf)) == sizeof(seed_inbuf))) {
@@ -232,6 +235,9 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 		if (bytes_since_reseed < 40) {
 			if (urand_fd == -1) {
 				urand_fd = open( "/dev/urandom", O_RDONLY,0);
+				if (urand_fd != -1) {
+					set_close_on_exec(urand_fd);
+				}
 			}
 			if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
 				return;
@@ -269,6 +275,9 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
 {
 	if (urand_fd == -1) {
 		urand_fd = open( "/dev/urandom", O_RDONLY,0);
+		if (urand_fd != -1) {
+			set_close_on_exec(urand_fd);
+		}
 	}
 	if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
 		return;
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 9a76fa9..3b5169d 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -668,6 +668,11 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid,
 _PUBLIC_ int set_blocking(int fd, bool set);
 
 /**
+   set close on exec on a file descriptor if available
+ **/
+_PUBLIC_ bool set_close_on_exec(int fd);
+
+/**
  Sleep for a specified number of milliseconds.
 **/
 _PUBLIC_ void smb_msleep(unsigned int t);
diff --git a/source4/lib/socket/socket_ip.c b/source4/lib/socket/socket_ip.c
index cab51be..d2d5779 100644
--- a/source4/lib/socket/socket_ip.c
+++ b/source4/lib/socket/socket_ip.c
@@ -50,6 +50,8 @@ static NTSTATUS ipv4_init(struct socket_context *sock)
 		return map_nt_error_from_unix_common(errno);
 	}
 
+	set_close_on_exec(sock->fd);
+
 	sock->backend_name = "ipv4";
 	sock->family = AF_INET;
 
@@ -610,6 +612,8 @@ static NTSTATUS ipv6_init(struct socket_context *sock)
 		return map_nt_error_from_unix_common(errno);
 	}
 
+	set_close_on_exec(sock->fd);
+
 	sock->backend_name = "ipv6";
 	sock->family = AF_INET6;
 
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index d492f01..ab9b06d 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -59,6 +59,8 @@ static NTSTATUS unixdom_init(struct socket_context *sock)
 
 	sock->backend_name = "unix";
 
+	set_close_on_exec(sock->fd);
+
 	return NT_STATUS_OK;
 }
 
@@ -198,6 +200,8 @@ static NTSTATUS unixdom_accept(struct socket_context *sock,
 		}
 	}
 
+	set_close_on_exec(new_fd);
+
 	(*new_sock) = talloc(NULL, struct socket_context);
 	if (!(*new_sock)) {
 		close(new_fd);
diff --git a/source4/smbd/pidfile.c b/source4/smbd/pidfile.c
index 71a203b..85a6322 100644
--- a/source4/smbd/pidfile.c
+++ b/source4/smbd/pidfile.c
@@ -107,6 +107,8 @@ void pidfile_create(const char *piddir, const char *name)
 		exit(1);
 	}
 
+	set_close_on_exec(fd);
+
 	if (fcntl_lock(fd,F_SETLK,0,1,F_WRLCK)==false) {
 		DEBUG(0,("ERROR: %s : fcntl lock of file %s failed. Error was %s\n",  
               name, pidFile, strerror(errno)));


-- 
Samba Shared Repository


More information about the samba-cvs mailing list