[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger kseeger at samba.org
Thu Nov 29 02:44:03 MST 2012


The branch, v4-0-test has been updated
       via  0fa3d75 WHATSNEW: Update changes since RC5.
       via  db6a76a BUG 9436: Fix leaking sockets of SMB connections to a DC.
       via  b0595ad Fix MD5 detection in the autoconf build
       via  1036f3d Fix Bug 9422 - large read requests cause server to issue malformed reply
       via  08db481 docs: Rename man ntlm_auth.
      from  9872a73 docs: Add some binaries to the "SEE ALSO" section

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit 0fa3d75268b402d05bc23f950888f529e84ea5f4
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Nov 29 09:05:42 2012 +0100

    WHATSNEW: Update changes since RC5.
    
    Karolin
    
    Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-0-test): Thu Nov 29 10:43:41 CET 2012 on sn-devel-104

commit db6a76ab241893a08ed06930a68c122bac2defc1
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 28 12:53:39 2012 +0100

    BUG 9436: Fix leaking sockets of SMB connections to a DC.
    
    As this is a burst of 3 unbound sockets with each try to reach a DC
    we're running out of file descriptors pretty fast. So winbind is then
    mostly spinning in an accept loop failing with EMFILE.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>

commit b0595adc6618c26621c379abdab8247a3327d941
Author: Matthieu Patou <mat at matws.net>
Date:   Wed Nov 21 12:07:42 2012 -0800

    Fix MD5 detection in the autoconf build
    
    This is a front port of patches made in 3.6.x branch for bugs:
    * 9037
    * 9086
    * 9094
    * 9418
    
    It checks if there is a library for md5 related functions (libmd or
    libmd5) and if so it checks for the presence of md5.h headers it also
    respect the need for osX build to not use samba's md5 implementation as
    it's already present in the system libs.
    
    Signed-off-by: Matthieu Patou <mat at matws.net>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Fri Nov 23 10:05:34 CET 2012 on sn-devel-104
    (cherry picked from commit 8f4b871e9776245f599a302f569594aaba9d25c9)

commit 1036f3d93311f7521ba2ef56a83d74a0b7ac2e36
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Nov 27 14:58:09 2012 -0800

    Fix Bug 9422 - large read requests cause server to issue malformed reply
    
    Reviewed by: Jeremy Allison <jra at samba.org>

commit 08db4810ca1000248ff54595b851bb8cbfafc2d0
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Nov 28 12:46:31 2012 +0100

    docs: Rename man ntlm_auth.
    
    Rename man ntlm_auth to ntlm_auth4.
    
    Karolin
    
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Wed Nov 28 20:41:48 CET 2012 on sn-devel-104
    (cherry picked from commit 941bb9bb6dfd1c2dfd01696b2169e0782158ad6d)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                                       |    9 +++
 libcli/smb/smb_seal.c                              |    2 +-
 source3/configure.in                               |   41 +++++++++--
 source3/smbd/process.c                             |    2 +-
 source3/winbindd/winbindd_cm.c                     |    4 +
 .../man/{ntlm_auth.1.xml => ntlm_auth4.1.xml}      |   74 ++++++++++----------
 source4/utils/wscript_build                        |    2 +-
 7 files changed, 87 insertions(+), 47 deletions(-)
 rename source4/utils/man/{ntlm_auth.1.xml => ntlm_auth4.1.xml} (80%)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index eb22e7e..5313ffe 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -196,6 +196,10 @@ o   Amitay Isaacs <amitay at gmail.com>
     * BUG 9354: Fix format string vulnerability in an error message.
 
 
+o   Volker Lendecke <vl at samba.org>
+    * BUG 9422: Large read requests cause server to issue malformed reply.
+
+
 o   Stefan Metzmacher <metze at samba.org>
     * BUG 9373: samba-tool: Report a CommandError if loading of the config file
       fails.
@@ -204,6 +208,10 @@ o   Stefan Metzmacher <metze at samba.org>
     * BUG 9402: lib/addns: Fix working with a bind9 server.
 
 
+o   Matthieu Patou <mat at matws.net>
+    * BUG 9418: Fix MD5 detection in the autoconf build.
+
+
 o   Arvid Requate <requate at univention.de>
     * BUG 9376: Fix typo in got_duplicate_group check.
     * BUG 9392: Fix 'samba-tool fsmo --role=schema'.
@@ -211,6 +219,7 @@ o   Arvid Requate <requate at univention.de>
 
 o   Andreas Schneider <asn at samba.org>
     * BUG 9386: Failover if netlogon pipe is not available.
+    * BUG 9436: Fix leaking sockets of SMB connections to a DC.
 
 
 o   Karolin Seeger <kseeger at samba.org>
diff --git a/libcli/smb/smb_seal.c b/libcli/smb/smb_seal.c
index 78af733..f4f804c 100644
--- a/libcli/smb/smb_seal.c
+++ b/libcli/smb/smb_seal.c
@@ -56,7 +56,7 @@ NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16_t *p_enc_ctx_num)
 
 static void smb_set_enclen(char *buf,int len,uint16_t enc_ctx_num)
 {
-	_smb_setlen_nbt(buf,len);
+	_smb_setlen_tcp(buf,len);
 
 	SCVAL(buf,4,0xFF);
 	SCVAL(buf,5,'E');
diff --git a/source3/configure.in b/source3/configure.in
index b97dba8..93c3d1b 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -602,18 +602,45 @@ AC_CHECK_HEADERS(netgroup.h)
 AC_CHECK_HEADERS(linux/falloc.h)
 AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h)
 
+dnl check for OS implementation of md5 conformant to rfc1321
+samba_cv_md5lib=none
+
+AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=""])
+
+if test x"$samba_cv_md5lib" = x"none" ; then
+	AC_CHECK_LIB(md, MD5Update, [samba_cv_md5lib=md])
+fi
+
+if test x"$samba_cv_md5lib" = x"none" ; then
+	AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5])
+fi
+
+if test x"$samba_cv_md5lib" != x"none" ; then
+	AC_CHECK_HEADERS(md5.h)
+fi
+
+CRYPTO_MD5_OBJ="../lib/crypto/md5.o"
+if test x"$ac_cv_header_md5_h" = x"yes" -a \
+        x"$samba_cv_md5lib" != x"none" ; then
+	if test x"$samba_cv_md5lib" != x ; then
+		LIBS="${LIBS} -l${samba_cv_md5lib}"
+		AC_DEFINE(HAVE_LIBMD5, 1,
+				  [Whether libmd5 conformant to rfc1321 is available.])
+	fi
+	CRYPTO_MD5_OBJ=
+fi
+
+if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" == "xyes"; then
+	CRYPTO_MD5_OBJ=
+fi
+
+AC_SUBST(CRYPTO_MD5_OBJ)
+
 AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[
 #if HAVE_RPC_RPC_H
 #include <rpc/rpc.h>
 #endif
 ]])
-CRYPTO_MD5_OBJ=
-if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" != "xyes"
-then
-	CRYPTO_MD5_OBJ="../lib/crypto/md5.o"
-fi
-AC_SUBST(CRYPTO_MD5_OBJ)
-
 ## These fail to compile on IRIX so just check for their presence
 AC_CHECK_HEADERS(sys/mode.h,,,)
 
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index fd2c6a4..eeda6f9 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -170,7 +170,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
 		}
 	}
 
-	len = smb_len(buf_out) + 4;
+	len = smb_len_large(buf_out) + 4;
 
 	ret = write_data(sconn->sock, buf_out+nwritten, len - nwritten);
 	if (ret <= 0) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 79b5839..57027eb 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1598,6 +1598,10 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
 
 		result = cm_prepare_connection(domain, fd, domain->dcname,
 			&new_conn->cli, &retry);
+		if (!NT_STATUS_IS_OK(result)) {
+			/* Don't leak the smb connection socket */
+			close(fd);
+		}
 
 		if (!retry)
 			break;
diff --git a/source4/utils/man/ntlm_auth.1.xml b/source4/utils/man/ntlm_auth4.1.xml
similarity index 80%
rename from source4/utils/man/ntlm_auth.1.xml
rename to source4/utils/man/ntlm_auth4.1.xml
index 09a8961..da187d7 100644
--- a/source4/utils/man/ntlm_auth.1.xml
+++ b/source4/utils/man/ntlm_auth4.1.xml
@@ -3,19 +3,19 @@
 <refentry id="ntlm-auth.1">
 
 <refmeta>
-	<refentrytitle>ntlm_auth</refentrytitle>
+	<refentrytitle>ntlm_auth4</refentrytitle>
 	<manvolnum>1</manvolnum>
 </refmeta>
 
 
 <refnamediv>
-	<refname>ntlm_auth</refname>
+	<refname>ntlm_auth4</refname>
 	<refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose>
 </refnamediv>
 
 <refsynopsisdiv>
 	<cmdsynopsis>
-		<command>ntlm_auth</command>
+		<command>ntlm_auth4</command>
 		<arg choice="opt">-d debuglevel</arg>
 		<arg choice="opt">-l logdir</arg>
 		<arg choice="opt">-s <smb config file></arg>
@@ -28,10 +28,10 @@
 	<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
 	<manvolnum>7</manvolnum></citerefentry> suite.</para>
 
-	<para><command>ntlm_auth</command> is a helper utility that authenticates 
+	<para><command>ntlm_auth4</command> is a helper utility that authenticates
 	users using NT/LM authentication. It returns 0 if the users is authenticated
-	successfully and 1 if access was denied. ntlm_auth uses winbind to access 
-	the user and authentication data for a domain.  This utility 
+	successfully and 1 if access was denied. ntlm_auth4 uses winbind to access
+	the user and authentication data for a domain.  This utility
 	is only indended to be used by other programs (currently squid).
 	</para>
 </refsect1>
@@ -44,7 +44,7 @@
     <manvolnum>8</manvolnum></citerefentry> daemon must be operational
     for many of these commands to function.</para>
 
-    <para>Some of these commands also require access to the directory 
+    <para>Some of these commands also require access to the directory
     <filename>winbindd_privileged</filename> in
     <filename>$LOCKDIR</filename>.  This should be done either by running
     this command as root or providing group access
@@ -62,7 +62,7 @@
 	<term>--helper-protocol=PROTO</term>
 	<listitem><para>
 	Operate as a stdio-based helper.  Valid helper protocols are:
-        </para> 
+        </para>
         <variablelist>
 	      <varlistentry>
 		<term>squid-2.4-basic</term>
@@ -81,9 +81,9 @@
 	      <varlistentry>
 		<term>squid-2.5-ntlmssp</term>
 		<listitem><para>
-                Server-side helper for use with Squid 2.5's NTLMSSP 
+                Server-side helper for use with Squid 2.5's NTLMSSP
 		authentication. </para>
-		  <para>Requires access to the directory 
+		  <para>Requires access to the directory
                 <filename>winbindd_privileged</filename> in
 		<filename>$LOCKDIR</filename>.  The protocol used is
 		described here: <ulink
@@ -95,7 +95,7 @@
 		<term>ntlmssp-client-1</term>
 		<listitem><para>
                 Cleint-side helper for use with arbitary external
-		programs that may wish to use Samba's NTLMSSP 
+		programs that may wish to use Samba's NTLMSSP
 		authentication knowlege. </para>
 		  <para>This helper is a client, and as such may be run by any
 		user.  The protocol used is
@@ -113,13 +113,13 @@
 		subtle differences that are undocumented outside the
 		source at this stage.
                 </para>
-		  <para>Requires access to the directory 
+		  <para>Requires access to the directory
                 <filename>winbindd_privileged</filename> in
-		<filename>$LOCKDIR</filename>.   
+		<filename>$LOCKDIR</filename>.
                </para>
                 </listitem>
 		</varlistentry>
-                 
+
 	        <varlistentry>
 				<term>gss-spnego-client</term>
 		<listitem><para>
@@ -132,15 +132,15 @@
 	</variablelist>
 	</listitem>
       </varlistentry>
-      
+
       <varlistentry>
 	<term>--username=USERNAME</term>
 	<listitem><para>
 	Specify username of user to authenticate
 	</para></listitem>
-	
+
       </varlistentry>
-      
+
       <varlistentry>
 	<term>--domain=DOMAIN</term>
 	<listitem><para>
@@ -173,7 +173,7 @@
 
 	<varlistentry>
 	<term>--password=PASSWORD</term>
-	<listitem><para>User's plaintext password</para><para>If 
+	<listitem><para>User's plaintext password</para><para>If
 	not specified on the command line, this is prompted for when
 	required.  </para></listitem>
 	</varlistentry>
@@ -195,10 +195,10 @@
 	or prompts for one.</para>
         </listitem>
         </varlistentry>
-	
+
 	<varlistentry>
 	    <term>--require-membership-of={SID|Name}</term>
-	    <listitem><para>Require that a user be a member of specified 
+	    <listitem><para>Require that a user be a member of specified
 	    group (either name or SID) for authentication to succeed.</para>
 	    </listitem>
 	</varlistentry>
@@ -209,36 +209,36 @@
 <refsect1>
 	<title>EXAMPLE SETUP</title>
 
-        <para>To setup ntlm_auth for use by squid 2.5, with both basic and
+        <para>To setup ntlm_auth4 for use by squid 2.5, with both basic and
 	NTLMSSP authentication, the following
 	should be placed in the <filename>squid.conf</filename> file.
 <programlisting>
-auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp
-auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic
+auth_param ntlm program ntlm_auth4 --helper-protocol=squid-2.5-ntlmssp
+auth_param basic program ntlm_auth4 --helper-protocol=squid-2.5-basic
 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server
 auth_param basic credentialsttl 2 hours
 </programlisting></para>
 
-<note><para>This example assumes that ntlm_auth has been installed into your
+<note><para>This example assumes that ntlm_auth4 has been installed into your
       path, and that the group permissions on
       <filename>winbindd_privileged</filename> are as described above.</para></note>
 
-	<para>To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above
+	<para>To setup ntlm_auth4 for use by squid 2.5 with group limitation in addition to the above
 	example, the following should be added to the <filename>squid.conf</filename> file.
 <programlisting>
-auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
-auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
+auth_param ntlm program ntlm_auth4 --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
+auth_param basic program ntlm_auth4 --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
 </programlisting></para>
-	
+
 </refsect1>
 
 <refsect1>
 	<title>TROUBLESHOOTING</title>
-	
+
 	<para>If you're experiencing problems with authenticating Internet Explorer running
-	under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication
-	helper (--helper-protocol=squid-2.5-ntlmssp), then please read 
+	under MS Windows 9X or Millenium Edition against ntlm_auth4's NTLMSSP authentication
+	helper (--helper-protocol=squid-2.5-ntlmssp), then please read
 	<ulink url="http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP">
 	the Microsoft Knowledge Base article #239869 and follow instructions described there</ulink>.
 	</para>
@@ -247,19 +247,19 @@ auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-m
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 3.0 of the Samba 
+	<para>This man page is correct for version 3.0 of the Samba
 	suite.</para>
 </refsect1>
 
 <refsect1>
 	<title>AUTHOR</title>
-	
-	<para>The original Samba software and related utilities 
+
+	<para>The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
-	by the Samba Team as an Open Source project similar 
+	by the Samba Team as an Open Source project similar
 	to the way the Linux kernel is developed.</para>
-	
-	<para>The ntlm_auth manpage was written by Jelmer Vernooij and
+
+	<para>The ntlm_auth4 manpage was written by Jelmer Vernooij and
 	Andrew Bartlett.</para>
 </refsect1>
 
diff --git a/source4/utils/wscript_build b/source4/utils/wscript_build
index 3b21eda..a5217b3 100644
--- a/source4/utils/wscript_build
+++ b/source4/utils/wscript_build
@@ -2,7 +2,7 @@
 
 bld.SAMBA_BINARY('ntlm_auth4',
                  source='ntlm_auth.c',
-                 manpages='man/ntlm_auth.1',
+                 manpages='man/ntlm_auth4.1',
                  deps='''samba-hostconfig samba-util popt
                  POPT_SAMBA POPT_CREDENTIALS gensec LIBCLI_RESOLVE
                  auth4 NTLMSSP_COMMON MESSAGING events service''',


-- 
Samba Shared Repository


More information about the samba-cvs mailing list