[SCM] Samba Shared Repository - branch v3-5-stable updated
Karolin Seeger
kseeger at samba.org
Mon Nov 5 01:04:56 MST 2012
The branch, v3-5-stable has been updated
via 8d88de0 WHATSNEW: Prepare release notes for Samba 3.5.19.
via 3985669 Revert "Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new share via MMC)"
via c1a451c s3: fix compile of krb5 locator on Solaris
via 2c24bca lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259)
via d99ed10 Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case).
via 41d3ec2 s3-libsmb: Initialise ticket to ensure we do not invalid memory
via a812254 autoconf: fix --with(out)-sendfile-support option handling
via 84cee26 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
via 1219874 Only apply masks on non-default ACL entries when setting the ACL. (cherry picked from commit 580f61622c449aee8420e3519e764706d11c20fc)
via c9b8583 Use is_default_acl variable in canonicalise_acl(). (cherry picked from commit 9647be9699b464ee5060e8ccc8328adef6d6641d)
via 917f214 Reformat spacing to be even. (cherry picked from commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef)
via d8584b6 html docs: Remove link to Using Samba.
via d68a305 Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new share via MMC)
via 228cdfb s3-smbd: Don't segfault if user specified ports out for range.
via f3e9504 Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.
via bf27038 Fix bug #9016 - Connection to outbound trusted domain goes offline.
via 3243e66 quota: add supprt for gfs2
from 5deaf47 WHATSNEW: Start release notes for Samba 3.5.19.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable
- Log -----------------------------------------------------------------
commit 8d88de0c5fa4836c163e4588b5a58d8ff607e05f
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Nov 1 09:30:00 2012 +0100
WHATSNEW: Prepare release notes for Samba 3.5.19.
Karolin
(cherry picked from commit 4067d192f62d6fc20e1cdf8820656b03aa9f5931)
commit 3985669176ad4989133f9a7a8995ce6c69504bf2
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Oct 31 11:40:26 2012 +0100
Revert "Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new share via MMC)"
This reverts commit 157b88da4db727eafa682c7fc7eab11d5955f57b.
This one seems to break make test on my system.
Karolin
(cherry picked from commit 92bd768ed56585c2a45d0ca41eec9e6a1e3701ae)
commit c1a451cacc441b47a92699805697cc123f449e06
Author: Björn Jacke <bj at sernet.de>
Date: Tue May 29 08:01:40 2012 +0200
s3: fix compile of krb5 locator on Solaris
the krb5 locator plugin on Solaris needs LIBREPLACE_LIBS (bug #8732)
Autobuild-User: Björn Jacke <bj at sernet.de>
Autobuild-Date: Tue May 29 09:58:42 CEST 2012 on sn-devel-104
(cherry picked from commit 3085225e72c75abf84d7740334459cd971ee4c56)
(cherry picked from commit 7ca265423a36c114ac9216a780e005956967eae7)
(cherry picked from commit 31518a6acd3399a29499b5f758e36115cf3db78b)
commit 2c24bca3212207fa594bd85a054cba5bcee40bb0
Author: Matthieu Patou <mat at matws.net>
Date: Thu Sep 27 01:22:57 2012 -0700
lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259)
It avoid bugs when one of the buffer is supposed to contain a string
that is not null terminated (ie. label->label) and that we don't force
the last byte to 0.
(similar to commit 03c4dceaab82ca2c60c9ce0e09fddd071f98087b)
(cherry picked from commit ee5a100eaa7cef525a8bc9d1390d7bbdbbfc84fa)
commit d99ed100df916a95ffaf7872247ae731b4f42d64
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 24 15:54:07 2012 -0700
Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case).
Simple fix for 3.5.x, tested and confirmed as working by original reporter
"Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm at audi.de>.
(cherry picked from commit c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8)
commit 41d3ec2ed53d45128d13483ef6920c21839d8250
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 1 16:55:04 2012 +1100
s3-libsmb: Initialise ticket to ensure we do not invalid memory
The free is however a talloc_free(), which has additional protection against
freeing the wrong thing.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
(cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178)
Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory.
(cherry picked from commit e96f50c9bb145a6af2c023e8ff4c3e8888c5a4a6)
(cherry picked from commit 8013e2e96fd54446584cb91c0120acf41d9e8d46)
commit a812254ce8bbe67234a185054661e6c2f01b1134
Author: Björn Jacke <bj at sernet.de>
Date: Fri Sep 14 00:02:22 2012 +0200
autoconf: fix --with(out)-sendfile-support option handling
this fixes bug #8344
(cherry picked from commit a1db9aada46e2e7eefc989f888d22650320533de)
(cherry picked from commit f156a357e6af0aaa6b1bcddc521761d43409e70f)
commit 84cee26dfac47f3a8cb47b6b58da9290d4fde41a
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 10:15:54 2012 -0700
When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
Fix bug #9236 - ACL masks incorrectly applied when setting ACLs.
(cherry picked from commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594)
commit 12198746841f2ca5a6614148625957f27c79cb85
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 13:01:59 2012 -0700
Only apply masks on non-default ACL entries when setting the ACL.
(cherry picked from commit 580f61622c449aee8420e3519e764706d11c20fc)
commit c9b858347a025a48ef5bee1eefc21be58ce81d98
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 09:55:09 2012 -0700
Use is_default_acl variable in canonicalise_acl().
(cherry picked from commit 9647be9699b464ee5060e8ccc8328adef6d6641d)
commit 917f21433057d743123aaaf7fc5742ffdafb4827
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 12:38:16 2012 -0700
Reformat spacing to be even.
(cherry picked from commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef)
commit d8584b6148492d2696670a57b4fd8c102365b146
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Oct 4 11:43:20 2012 +0200
html docs: Remove link to Using Samba.
Thanks to Christian Perrier <bubulle at debian.org> for reporting!
Fix bug #7826 - HTML docs index file still points to Using Samba.
Karolin
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104
(cherry picked from commit 1bf209dd7e5a0f0001b3d1e3798093772bbd3fd3)
(cherry picked from commit e521734eda77b483594452a878acfadabbd08c2d)
commit d68a305aa286d4c68ab8482624735e03c71d2697
Author: Jeremy Allison <jra at samba.org>
Date: Wed May 23 22:22:17 2012 +0200
Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new share via MMC)
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 157b88da4db727eafa682c7fc7eab11d5955f57b)
commit 228cdfb2ccdbe36cb3bb559f2f847f59f084ae96
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 25 14:28:22 2012 +0200
s3-smbd: Don't segfault if user specified ports out for range.
(cherry picked from commit 50d324b7e070de4672eff3fb6231923e6dca807a)
Signed-off-by: Andreas Schneider <asn at samba.org>
Fix bug #9218 - Samba panics if a user specifies an invalid port number.
(cherry picked from commit 60b15f3b646d10e027e8288132db5b942261de8f)
commit f3e95040096b727665a34263a1e1295ffedf1932
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 25 16:35:09 2012 -0700
Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.
Not the correct fix for the specific issue, but a general fix to
make sure this can never happen again.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104
(cherry picked from commit 83f60672e1b3069e6b1b90b376460da895e37df3)
(cherry picked from commit d0b872ea7ca112d047b9ee2d10d1a75a2ee4aed3)
(cherry picked from commit 1b85990b833fe4ef2007e82ffe26ee18f87cb464)
commit bf27038ead0be058cf7f3fca19ddc67ed808c8a0
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jul 13 16:25:23 2012 -0700
Fix bug #9016 - Connection to outbound trusted domain goes offline.
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
(cherry picked from commit 726ecf6a915ff534af4076e9d0cdebf8b5435d61)
(cherry picked from commit d4faae3dbdfdd600bbf9bddb2589b8a6dc8434b6)
(cherry picked from commit 265ff5579b2671db250928b631b35e4df3b9a7f6)
commit 3243e66f5a1da68287f3e8bccf07b35c73457ef6
Author: Björn Jacke <bj at sernet.de>
Date: Tue Sep 18 13:57:30 2012 +0200
quota: add supprt for gfs2
gfs2 uses the same generic quota interface as xfs and it has the same base
block/quota block size ratio and seems to work nice with the xfs quota module.
(People using gfs should be aware that quota reporting is lagging quite a bit
on gfs. If you copy a file on a gfs volume the quota values are being updated
with a delay of 30s here with kernel 3.5. This reporting can lead to data
corruption if a client thinks he can write but actually he suddently can't.)
(cherry picked from commit 0b57d1c07520f4995412f224945324fef29f5989)
Fix bug #9172 - quota on gfs2 being reported wrong.
(cherry picked from commit 16a3b6e02d1bb8345984ab6a8c81e446d8de2f54)
(cherry picked from commit bea45125fc10d0eef02c5cedb5585f70eebe9450)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 27 +++++++++++++++++++-
docs-xml/htmldocs.html | 4 ---
libcli/auth/smbencrypt.c | 5 +++-
source3/Makefile.in | 2 +-
source3/configure.in | 35 ++++++++++++++-----------
source3/lib/sysquotas.c | 2 +
source3/libaddns/dnsmarshall.c | 24 ++++++++--------
source3/libsmb/cliconnect.c | 1 +
source3/libsmb/clispnego.c | 5 +++
source3/smbd/posix_acls.c | 55 +++++++++++++++++++++++++++------------
source3/smbd/server.c | 23 ++++++++--------
source3/winbindd/winbindd_cm.c | 6 ----
12 files changed, 121 insertions(+), 68 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1551865..5bf1c53 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -8,12 +8,37 @@ This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.19 include:
-o
+o Connection to outbound trusted domain goes offline (bug #9016).
+o ACL masks incorrectly applied when setting ACLs (bug #9236).
+o Samba panics if a user specifies an invalid port number (bug #9218).
+
Changes since 3.5.17:
---------------------
o Jeremy Allison <jra at samba.org>
+ * BUG 9016: Connection to outbound trusted domain goes offline.
+ * BUG 9117: smbclient can't connect to a Windows 7 server using NTLMv2.
+ * BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free.
+ * BUG 9236: ACL masks incorrectly applied when setting ACLs.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8788: libsmb: Initialise ticket to ensure we do not free invalid memory.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 8344: autoconf: Fix --with(out)-sendfile-support option handling.
+ * BUG 8732: Fix compile of krb5 locator on Solaris.
+ * BUG 9172: Add quota support for gfs2.
+
+
+o Matthieu Patou <mat at matws.net>
+ * BUG 9259: lib-addns: Ensure that allocated buffer are pre set to 0.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9218: Samba panics if a user specifies an invalid port number.
######################################################################
diff --git a/docs-xml/htmldocs.html b/docs-xml/htmldocs.html
index 44fcc0f..6fb9e73 100644
--- a/docs-xml/htmldocs.html
+++ b/docs-xml/htmldocs.html
@@ -23,10 +23,6 @@
<td valign="top">This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework.</td>
</tr>
<tr>
- <td valign="top"><a href="using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
- <td valign="top"><i>Using Samba</i>, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.</td>
-</tr>
-<tr>
<td valign="top"><a href="manpages/index.html">Man pages</a></td>
<td valign="top">The Samba man pages in HTML.</td>
</tr>
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index f7c60e7..e821dbc 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -471,8 +471,11 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx,
/* We don't use the NT# directly. Instead we use it mashed up with
the username and domain.
This prevents username swapping during the auth exchange
+ NB. *DON'T* tell ntv2_owf_gen() to uppercase the domain
+ name here, we may have already been added to an NTLMSSP
+ exchange in the non-uppercase form.
*/
- if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) {
+ if (!ntv2_owf_gen(nt_hash, user, domain, false, ntlm_v2_hash)) {
return false;
}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index d1a8780..aebfc3b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -2547,7 +2547,7 @@ bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) $(LIBTDB)
bin/winbind_krb5_locator. at SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT)
@echo "Linking $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5LIBS) \
- @SONAMEFLAG@`basename $@`
+ $(LIBREPLACE_LIBS) @SONAMEFLAG@`basename $@`
bin/pam_winbind. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) $(LIBTALLOC) $(LIBWBCLIENT)
@echo "Linking shared library $@"
diff --git a/source3/configure.in b/source3/configure.in
index 2494593..9d7fb5d 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -5696,16 +5696,23 @@ fi
#################################################
# check for sendfile support
-with_sendfile_support=yes
-AC_MSG_CHECKING(whether to check to support sendfile)
+AC_MSG_CHECKING(whether sendfile support should be built in)
AC_ARG_WITH(sendfile-support,
-[AS_HELP_STRING([--with-sendfile-support], [Check for sendfile support (default=yes)])],
+[AS_HELP_STRING([--with-sendfile-support], [Whether sendfile support should be built in (default=auto)])],
[ case "$withval" in
- yes)
-
- AC_MSG_RESULT(yes);
+ yes|no)
+ AC_MSG_RESULT($withval);
+ with_sendfile_support=$withval
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ with_sendfile_support=auto
+ ;;
+ esac ],
+)
- case "$host_os" in
+if test x$with_sendfile_support != xno ; then
+ case "$host_os" in
*linux* | gnu* | k*bsd*-gnu | kopensolaris*-gnu)
AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
AC_TRY_LINK([#include <sys/sendfile.h>],
@@ -5941,14 +5948,12 @@ samba_cv_HAVE_SENDFILE=yes,samba_cv_HAVE_SENDFILE=no)])
;;
*)
;;
- esac
- ;;
- *)
- AC_MSG_RESULT(no)
- ;;
- esac ],
- AC_MSG_RESULT(yes)
-)
+ esac
+fi
+
+if test x$with_sendfile_support = xyes -a x"$samba_cv_HAVE_SENDFILE" != xyes ; then
+ AC_MSG_ERROR(sendfile support requested but sendfile not available )
+fi
############################################
# See if we have the Linux readahead syscall.
diff --git a/source3/lib/sysquotas.c b/source3/lib/sysquotas.c
index 3d4697c..6682a80 100644
--- a/source3/lib/sysquotas.c
+++ b/source3/lib/sysquotas.c
@@ -176,6 +176,8 @@ static struct {
} sys_quota_backends[] = {
#ifdef HAVE_XFS_QUOTAS
{"xfs", sys_get_xfs_quota, sys_set_xfs_quota},
+ {"gfs", sys_get_xfs_quota, sys_set_xfs_quota},
+ {"gfs2", sys_get_xfs_quota, sys_set_xfs_quota},
#endif /* HAVE_XFS_QUOTAS */
{NULL, NULL, NULL}
};
diff --git a/source3/libaddns/dnsmarshall.c b/source3/libaddns/dnsmarshall.c
index 5530290..b2e84eb 100644
--- a/source3/libaddns/dnsmarshall.c
+++ b/source3/libaddns/dnsmarshall.c
@@ -27,7 +27,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx)
{
struct dns_buffer *result;
- if (!(result = talloc(mem_ctx, struct dns_buffer))) {
+ if (!(result = talloc_zero(mem_ctx, struct dns_buffer))) {
return NULL;
}
@@ -39,7 +39,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx)
*/
result->size = 2;
- if (!(result->data = TALLOC_ARRAY(result, uint8, result->size))) {
+ if (!(result->data = TALLOC_ZERO_ARRAY(result, uint8, result->size))) {
TALLOC_FREE(result);
return NULL;
}
@@ -216,14 +216,14 @@ static void dns_unmarshall_label(TALLOC_CTX *mem_ctx,
return;
}
- if (!(label = talloc(mem_ctx, struct dns_domain_label))) {
+ if (!(label = talloc_zero(mem_ctx, struct dns_domain_label))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
label->len = len;
- if (!(label->label = TALLOC_ARRAY(label, char, len+1))) {
+ if (!(label->label = TALLOC_ZERO_ARRAY(label, char, len+1))) {
buf->error = ERROR_DNS_NO_MEMORY;
goto error;
}
@@ -250,7 +250,7 @@ void dns_unmarshall_domain_name(TALLOC_CTX *mem_ctx,
if (!ERR_DNS_IS_OK(buf->error)) return;
- if (!(name = talloc(mem_ctx, struct dns_domain_name))) {
+ if (!(name = talloc_zero(mem_ctx, struct dns_domain_name))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
@@ -281,7 +281,7 @@ static void dns_unmarshall_question(TALLOC_CTX *mem_ctx,
if (!(ERR_DNS_IS_OK(buf->error))) return;
- if (!(q = talloc(mem_ctx, struct dns_question))) {
+ if (!(q = talloc_zero(mem_ctx, struct dns_question))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
@@ -314,7 +314,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx,
if (!(ERR_DNS_IS_OK(buf->error))) return;
- if (!(r = talloc(mem_ctx, struct dns_rrec))) {
+ if (!(r = talloc_zero(mem_ctx, struct dns_rrec))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
@@ -329,7 +329,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx,
if (!(ERR_DNS_IS_OK(buf->error))) return;
if (r->data_length != 0) {
- if (!(r->data = TALLOC_ARRAY(r, uint8, r->data_length))) {
+ if (!(r->data = TALLOC_ZERO_ARRAY(r, uint8, r->data_length))) {
buf->error = ERROR_DNS_NO_MEMORY;
return;
}
@@ -406,22 +406,22 @@ DNS_ERROR dns_unmarshall_request(TALLOC_CTX *mem_ctx,
err = ERROR_DNS_NO_MEMORY;
if ((req->num_questions != 0) &&
- !(req->questions = TALLOC_ARRAY(req, struct dns_question *,
+ !(req->questions = TALLOC_ZERO_ARRAY(req, struct dns_question *,
req->num_questions))) {
goto error;
}
if ((req->num_answers != 0) &&
- !(req->answers = TALLOC_ARRAY(req, struct dns_rrec *,
+ !(req->answers = TALLOC_ZERO_ARRAY(req, struct dns_rrec *,
req->num_answers))) {
goto error;
}
if ((req->num_auths != 0) &&
- !(req->auths = TALLOC_ARRAY(req, struct dns_rrec *,
+ !(req->auths = TALLOC_ZERO_ARRAY(req, struct dns_rrec *,
req->num_auths))) {
goto error;
}
if ((req->num_additionals != 0) &&
- !(req->additionals = TALLOC_ARRAY(req, struct dns_rrec *,
+ !(req->additionals = TALLOC_ZERO_ARRAY(req, struct dns_rrec *,
req->num_additionals))) {
goto error;
}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index e858280..7b00469 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1178,6 +1178,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
(p=strchr_m(user2,*lp_winbind_separator()))) {
*p = 0;
user = p+1;
+ strupper_m(user2);
workgroup = user2;
}
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 3322529..3200380 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -136,6 +136,10 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
bool ret;
ASN1_DATA *data;
+ for (i = 0; i < ASN1_MAX_OIDS; i++) {
+ OIDs[i] = NULL;
+ }
+
data = asn1_init(talloc_tos());
if (data == NULL) {
return false;
@@ -383,6 +387,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
bool ret;
ASN1_DATA *data;
int data_remaining;
+ *ticket = data_blob_null;
data = asn1_init(talloc_tos());
if (data == NULL) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 78b373a..646efa4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1342,12 +1342,13 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
****************************************************************************/
static bool ensure_canon_entry_valid(canon_ace **pp_ace,
- const struct share_params *params,
- const bool is_directory,
- const DOM_SID *pfile_owner_sid,
- const DOM_SID *pfile_grp_sid,
- const SMB_STRUCT_STAT *pst,
- bool setting_acl)
+ bool is_default_acl,
+ const struct share_params *params,
+ const bool is_directory,
+ const DOM_SID *pfile_owner_sid,
+ const DOM_SID *pfile_grp_sid,
+ const SMB_STRUCT_STAT *pst,
+ bool setting_acl)
{
canon_ace *pace;
bool got_user = False;
@@ -1358,8 +1359,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
got_user = True;
} else if (pace->type == SMB_ACL_GROUP_OBJ) {
@@ -1368,8 +1370,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
got_grp = True;
} else if (pace->type == SMB_ACL_OTHER) {
@@ -1378,10 +1381,21 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
got_other = True;
pace_other = pace;
+
+ } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+ /*
+ * Ensure create mask/force create mode is respected on set.
+ */
+
+ if (setting_acl && !is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
}
}
@@ -1425,7 +1439,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->perms = pace_other->perms;
}
- apply_default_perms(params, is_directory, pace, S_IRUSR);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
}
@@ -1451,7 +1467,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->perms = pace_other->perms;
else
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IRGRP);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
}
@@ -1473,7 +1491,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->attr = ALLOW_ACE;
if (setting_acl) {
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IROTH);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
} else
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -2318,7 +2338,7 @@ static bool unpack_canon_ace(files_struct *fsp,
print_canon_ace_list( "file ace - before valid", file_ace);
- if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params,
+ if (!ensure_canon_entry_valid(&file_ace, false, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2327,7 +2347,7 @@ static bool unpack_canon_ace(files_struct *fsp,
print_canon_ace_list( "dir ace - before valid", dir_ace);
- if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params,
+ if (dir_ace && !ensure_canon_entry_valid(&dir_ace, true, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2416,6 +2436,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
canon_ace *ace = NULL;
canon_ace *next_ace = NULL;
int entry_id = SMB_ACL_FIRST_ENTRY;
+ bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
SMB_ACL_ENTRY_T entry;
size_t ace_count;
@@ -2503,7 +2524,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
ace->trustee = sid;
ace->unix_ug = unix_ug;
ace->owner_type = owner_type;
- ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
+ ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
DLIST_ADD(l_head, ace);
}
@@ -2512,7 +2533,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
* This next call will ensure we have at least a user/group/world set.
*/
- if (!ensure_canon_entry_valid(&l_head, conn->params,
+ if (!ensure_canon_entry_valid(&l_head, is_default_acl, conn->params,
S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
psbuf, False))
goto fail;
@@ -2522,7 +2543,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
* acl_mask. Ensure all DENY Entries are at the start of the list.
*/
- DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
+ DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ? "Default" : "Access"));
for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
next_ace = ace->next;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 63a9869..f34d9f6 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -560,6 +560,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
int num_interfaces = iface_count();
int i;
char *ports;
+ char *tok;
+ const char *ptr;
unsigned dns_port = 0;
#ifdef HAVE_ATEXIT
@@ -581,6 +583,16 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
ports = talloc_strdup(talloc_tos(), smb_ports);
}
+ for (ptr = ports;
+ next_token_talloc(talloc_tos(),&ptr, &tok, " \t,");) {
+ unsigned port = atoi(tok);
+
+ if (port == 0 || port > 0xffff) {
+ exit_server_cleanly("Invalid port in the config or on "
+ "the commandline specified!");
+ }
+ }
+
if (lp_interfaces() && lp_bind_interfaces_only()) {
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
@@ -592,8 +604,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
for(i = 0; i < num_interfaces; i++) {
const struct sockaddr_storage *ifss =
iface_n_sockaddr_storage(i);
- char *tok;
- const char *ptr;
if (ifss == NULL) {
DEBUG(0,("open_sockets_smbd: "
@@ -605,9 +615,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
for (ptr=ports;
next_token_talloc(talloc_tos(),&ptr, &tok, " \t,");) {
unsigned port = atoi(tok);
- if (port == 0 || port > 0xffff) {
- continue;
- }
/* Keep the first port for mDNS service
* registration.
@@ -625,8 +632,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
/* Just bind to 0.0.0.0 - accept connections
--
Samba Shared Repository
More information about the samba-cvs
mailing list