[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Thu Jun 20 07:30:05 MDT 2013 

The branch, master has been updated
       via  88c72fc s4-winbind: Add special case for BUILTIN domain
       via  d4091c5 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin"
      from  fc13489 build: Build with system md5.h on OpenIndiana

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 88c72fceb1c86752c52651bdea5b116806dd92c5
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Jun 15 23:01:44 2013 +1000

    s4-winbind: Add special case for BUILTIN domain
    
    This should mean that lookups for the BUILTIN domain cause less trouble
    then they have in the past, because they will no longer go via the
    trusted domain handler.
    
    Andrew Bartlett
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104

commit d4091c5809f174b68714fa50fa501c99617c016e
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 10 13:33:40 2013 -0700

    Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin"
    
    Only install the stdin handler if it's a pipe or fifo.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/nmbd/nmbd.c              |   14 +++++++++++++-
 source3/smbd/server.c            |   14 +++++++++++++-
 source3/winbindd/winbindd.c      |   15 ++++++++++++++-
 source4/smbd/server.c            |   17 ++++++++++++++---
 source4/winbind/wb_dom_info.c    |    5 +++--
 source4/winbind/wb_init_domain.c |   38 ++++++++++++++++++++------------------
 source4/winbind/wb_sid2domain.c  |   14 ++++++++++++++
 7 files changed, 91 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 12afb00..42e2b2f 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -130,8 +130,20 @@ static bool nmbd_setup_stdin_handler(struct messaging_context *msg, bool foregro
 		/* if we are running in the foreground then look for
 		   EOF on stdin, and exit if it happens. This allows
 		   us to die if the parent process dies
+		   Only do this on a pipe or socket, no other device.
 		*/
-		tevent_add_fd(nmbd_event_context(), nmbd_event_context(), 0, TEVENT_FD_READ, nmbd_stdin_handler, msg);
+		struct stat st;
+		if (fstat(0, &st) != 0) {
+			return false;
+		}
+		if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+			tevent_add_fd(nmbd_event_context(),
+				nmbd_event_context(),
+				0,
+				TEVENT_FD_READ,
+				nmbd_stdin_handler,
+				msg);
+		}
 	}
 
 	return true;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index f07bd28..d3cd33e 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1558,8 +1558,20 @@ extern void build_options(bool screen);
 		/* if we are running in the foreground then look for
 		   EOF on stdin, and exit if it happens. This allows
 		   us to die if the parent process dies
+		   Only do this on a pipe or socket, no other device.
 		*/
-		tevent_add_fd(ev_ctx, parent, 0, TEVENT_FD_READ, smbd_stdin_handler, NULL);
+		struct stat st;
+		if (fstat(0, &st) != 0) {
+			return false;
+		}
+		if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+			tevent_add_fd(ev_ctx,
+					parent,
+					0,
+					TEVENT_FD_READ,
+					smbd_stdin_handler,
+					NULL);
+		}
 	}
 
 	smbd_parent_loop(ev_ctx, parent);
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 7a0700d..141ca5c 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -308,6 +308,8 @@ bool winbindd_setup_stdin_handler(bool parent, bool foreground)
 	bool *is_parent;
 
 	if (foreground) {
+		struct stat st;
+
 		is_parent = talloc(winbind_event_context(), bool);
 		if (!is_parent) {
 			return false;
@@ -318,8 +320,19 @@ bool winbindd_setup_stdin_handler(bool parent, bool foreground)
 		/* if we are running in the foreground then look for
 		   EOF on stdin, and exit if it happens. This allows
 		   us to die if the parent process dies
+		   Only do this on a pipe or socket, no other device.
 		*/
-		tevent_add_fd(winbind_event_context(), is_parent, 0, TEVENT_FD_READ, winbindd_stdin_handler, is_parent);
+		if (fstat(0, &st) != 0) {
+			return false;
+		}
+		if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+			tevent_add_fd(winbind_event_context(),
+					is_parent,
+					0,
+					TEVENT_FD_READ,
+					winbindd_stdin_handler,
+					is_parent);
+		}
 	}
 
 	return true;
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 5fb252e..0ad3e6b 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -301,6 +301,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
 	NTSTATUS status;
 	const char *model = "standard";
 	int max_runtime = 0;
+	struct stat st;
 	enum {
 		OPT_DAEMON = 1000,
 		OPT_INTERACTIVE,
@@ -439,9 +440,19 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
 #ifdef SIGTTIN
 	signal(SIGTTIN, SIG_IGN);
 #endif
-	tevent_add_fd(event_ctx, event_ctx, 0, stdin_event_flags,
-		      server_stdin_handler,
-		      discard_const(binary_name));
+
+	if (fstat(0, &st) != 0) {
+		exit(1);
+	}
+
+	if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+		tevent_add_fd(event_ctx,
+				event_ctx,
+				0,
+				stdin_event_flags,
+				server_stdin_handler,
+				discard_const(binary_name));
+	}
 
 	if (max_runtime) {
 		DEBUG(0,("Called with maxruntime %d - current ts %llu\n",
diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c
index e2b5def..8c08c73 100644
--- a/source4/winbind/wb_dom_info.c
+++ b/source4/winbind/wb_dom_info.c
@@ -67,9 +67,10 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx,
 	state->info->sid = dom_sid_dup(state->info, sid);
 	if (state->info->sid == NULL) goto failed;
 
-	if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
+	if (dom_sid_equal(sid, &global_sid_Builtin) || 
+	    ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
 	    dom_sid_equal(sid, service->primary_sid) &&
-	    service->sec_channel_type != SEC_CHAN_RODC) {
+	     service->sec_channel_type != SEC_CHAN_RODC)) {
 		struct interface *ifaces = NULL;
 
 		load_interface_list(state, service->task->lp_ctx, &ifaces);
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 70dbaa9..db5eb1d 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -369,24 +369,26 @@ static void init_domain_recv_queryinfo(struct tevent_req *subreq)
 	state->ctx->status = state->queryinfo.out.result;
 	if (!composite_is_ok(state->ctx)) return;
 
-	dominfo = &(*state->queryinfo.out.info)->account_domain;
-
-	if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
-		DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
-			  state->domain->info->name,
-			  dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
-			  dominfo->name.string));
-		composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
-		return;
-	}
-
-	if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
-		DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
-			  dom_sid_string(state, state->domain->info->sid),
-			  dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
-			  dom_sid_string(state, dominfo->sid)));
-		composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
-		return;
+	if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) {
+		dominfo = &(*state->queryinfo.out.info)->account_domain;
+		
+		if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
+			DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
+				  state->domain->info->name,
+				  dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+				  dominfo->name.string));
+			composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+			return;
+		}
+		
+		if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
+			DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
+				  dom_sid_string(state, state->domain->info->sid),
+				  dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+				  dom_sid_string(state, dominfo->sid)));
+			composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+			return;
+		}
 	}
 
 	state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr);
diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c
index 637fe1d..172a6d0 100644
--- a/source4/winbind/wb_sid2domain.c
+++ b/source4/winbind/wb_sid2domain.c
@@ -98,6 +98,20 @@ static struct tevent_req *_wb_sid2domain_send(TALLOC_CTX *mem_ctx,
 		return req;
 	}
 
+	if (dom_sid_equal(&global_sid_Builtin, sid) ||
+	    dom_sid_in_domain(&global_sid_Builtin, sid)) {
+		ctx = wb_get_dom_info_send(state, service,
+					   "BUILTIN", NULL,
+					   &global_sid_Builtin);
+		if (tevent_req_nomem(ctx, req)) {
+			return tevent_req_post(req, ev);
+		}
+		ctx->async.fn = wb_sid2domain_recv_dom_info;
+		ctx->async.private_data = req;
+
+		return req;
+	}
+
 	ctx = wb_cmd_lookupsid_send(state, service, &state->sid);
 	if (tevent_req_nomem(ctx, req)) {
 		return tevent_req_post(req, ev);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list