[SCM] Samba Shared Repository - branch v4-0-stable updated
Karolin Seeger
kseeger at samba.org
Tue May 21 00:55:46 MDT 2013
The branch, v4-0-stable has been updated
via 4800b9f VERSION: Disable git snapshots for the 4.0.6 release.
via 4b2c301 doc-xml/smbdotconf: fix server [min|max] protocol documentation (bug 9883)
via 3c33b54 docs: smb.conf: fix max read/write/trans default values (bug #9871)
via 84e860a WHATSNEW: Add release notes for Samba 4.0.6.
via 282ad05 Makefile: Fix bug 9868 -- Don't know how to make LIBNDR_PREG_OBJ.
via cd9be74 Tests processing an oplock break within a compound SMB2 request.
via 457af02 Remove the compound_related_in_progress state from the smb2 global state.
via 5ab0457 The core of the fix to allow opens to go async inside a compound request.
via 805b029 Move a variable into the area of code where it's used.
via 0fea4e3 Ensure we don't try and cancel anything that is in a compound-related request.
via 0770400 Only do the 1 second delay for sharing violations for SMB1, not SMB2.
via 23a75ad winbind: Fix bug 9854 -- NULL pointer dereference
via ed22de6 check_parent_exists() can change errno. Ensure we preserve it across calls.
via a752308 Fix bug #9822 - Samba crashing during Win8 sync.
via e83dc71 Remove dependency on detection of HAVE_DIRFD for use of fdopendir().
via 93d866e Remove the "Ugly hack" that was the second use of dirfd().
via 44d4728 In the struct smb_Dir destructor, use the fsp back pointer to release resources.
via ecdcb62 Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR.
via 2a09b5d winbind4: Fix bug 9832 -- talloc use after free
via 973bbc4 auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5
via ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
via ad6f289 bug 9830: fix panic in nt_printer_publish_ads
via 6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
via 7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a blocking socket.
via 05e8a78 Ensure the RECVFILE path in vfs_write_data() operates on a blocking socket.
via 160a9f3 Ensure drain_socket() operates on a blocking socket.
via 1758eaa Add the internals of is_smb2_recvfile_write.
via cd0da23 The guts of the receivefile code changes.
via 0d190cf Add stub static function that will turn on/off receivefile code path.
via 5bd69d5 Add extra fields into struct smbd_smb2_request_read_state to support receivefile.
via 97fc9b9 Add macro SMBD_SMB2_SHORT_RECEIVEFILE_WRITE_LEN.
via 1828c74 Add utility function get_min_receive_file_size().
via 6083839 Allow smbd_smb2_request_error_ex() to cope with unread bytes on error.
via 8854426 Add function smbd_smb2_unread_bytes().
via 67839e1 If we already have an smb1req attached to the struct smbd_smb2_request, don't recreate it.
via 07ab7e6 Ensure we don't do an SMB2 aio write if RECVFILE is active.
via d94190f smbd: Fix signing when the async echo handler kicks in
via 9fe3d7d build: Replace #!/usr/bin/env python with passed in PYTHON=
via 03ef312 build: Remove extra space in shebang
via 3f8ea16 docs: Fix bug 9809 -- missing entry in specfile
via 07d6347 Fix bug in old create temp SMB request. Only use VFS functions.
via 389face Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon
via 376c36b wafsamba: display the default value in help for SAMBA3_ADD_OPTION
via 35000ea s3:wscript: change --with-dmapi to default=auto to match the autoconf build
via 9bfcb9f Ensure we test the dirsort module in make test.
via 2870ba2 Remove unneeded initializations (we already talloc_zero).
via a677246 Remove the use of dirfd inside the vfs_dirsort.c.
via b8712d0 Convert mtime from a time_t to a struct timespec.
via f8da00d Check SMB_VFS_NEXT_OPENDIR return in dirsort_opendir().
via 38858df Clean error paths in opendir and fd_opendir by only setting handle data on success.
via c0b62e9 Protect open_and_sort_dir() from the directory changing size.
via bb3a65a Use an index i rather than re-using a state variable.
via c483976 Protect against early error in SMB_VFS_NEXT_READDIR.
via d95f2b0 Change source3/modules/vfs_dirsort.c from MALLOC -> TALLOC.
via 284f579 s3:smbd: do not access data behind req->buf+req->buflen in srvstr_pull_req_talloc()
via c22b34a s3:smbd: convert srvstr_pull_req_talloc() into a function
via 8394dd2 s3:smbd: do not access data behind req->buf+req->buflen in srvstr_get_path_req_wcard()
via 86dbc31 BUG 9766: Cache name_to_sid/sid_to_name correctly.
via 09758ce BUG 9139: Fix the username map optimization.
via 4bebda4 [PATCH] getpass: Don't fail if stdin is not a tty
via 077865d BUG 9699: Fix adding case sensitive spn.
via 686104b vfs_fake_perms: Fix bug 9775, segfault for "artificial" conn_structs
via 67214f6 vfs_fake_perms: Slightly streamline code
via 3089e8c vfs_fake_perms: Slightly streamline code
via 25e7ea2 s3:modules: fix the build of vfs_notify_fam (bug #9545)
via 5d5f301 VERSION: Bump version number up to 4.0.6
from ed09ee7 VERSION: Disable git snapshots for the 4.0.5 release.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 106 +++++++++-
auth/ntlmssp/ntlmssp_server.c | 2 +-
buildtools/wafsamba/samba3.py | 11 +-
buildtools/wafsamba/samba_python.py | 10 +
buildtools/wafsamba/wafsamba.py | 15 ++-
docs-xml/smbdotconf/protocol/servermaxprotocol.xml | 10 -
docs-xml/smbdotconf/protocol/serverminprotocol.xml | 2 +-
docs-xml/smbdotconf/protocol/smb2maxread.xml | 7 +-
docs-xml/smbdotconf/protocol/smb2maxtrans.xml | 7 +-
docs-xml/smbdotconf/protocol/smb2maxwrite.xml | 7 +-
lib/replace/getpass.c | 7 +-
nsswitch/wbinfo.c | 7 +-
packaging/RHEL/samba.spec.tmpl | 1 +
selftest/knownfail | 1 +
selftest/target/Samba3.pm | 1 +
source3/Makefile.in | 2 +-
source3/auth/auth_winbind.c | 10 +-
source3/auth/user_util.c | 12 +-
source3/include/srvstr.h | 9 -
source3/lib/recvfile.c | 17 ++-
source3/lib/system.c | 4 +-
source3/libads/ldap.c | 14 +-
source3/librpc/rpc/dcerpc_helpers.c | 4 +
source3/modules/vfs_dirsort.c | 140 +++++++-----
source3/modules/vfs_fake_perms.c | 66 ++++--
source3/modules/wscript_build | 4 +
source3/printing/nt_printing_ads.c | 10 +-
source3/smbd/aio.c | 5 +
source3/smbd/dir.c | 46 ++--
source3/smbd/filename.c | 9 +-
source3/smbd/globals.h | 4 +-
source3/smbd/open.c | 3 +-
source3/smbd/process.c | 2 +-
source3/smbd/proto.h | 2 +
source3/smbd/reply.c | 147 ++++++++-----
source3/smbd/smb2_glue.c | 22 ++-
source3/smbd/smb2_server.c | 245 +++++++++++++++-----
source3/smbd/vfs.c | 26 ++-
source3/winbindd/winbindd_cache.c | 21 ++
source3/wscript | 34 +++-
source4/torture/smb2/compound.c | 163 +++++++++++++
source4/winbind/wb_server.c | 2 +-
wscript | 7 +-
44 files changed, 933 insertions(+), 293 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 2217866..3ed42f6 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2f8d863..c8f08da 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,105 @@
=============================
+ Release Notes for Samba 4.0.6
+ May 21, 2013
+ =============================
+
+
+This is is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.6 include:
+
+o Fix crash during Win8 sync (bug #9822).
+o Fix segfault when loging in with wrong password from w2k8r2 (bug #9834).
+
+
+Changes since 4.0.5:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 9412: SMB2 server doesn't support recvfile.
+ * BUG 9722: Properly handle oplock breaks in compound requests.
+ * BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead
+ of talloc and doesn't cope with directories being modified whilst reading.
+ * BUG 9811: Old DOS SMB CTEMP request uses a non-VFS function to access the
+ filesystem.
+ * BUG 9822: Fix crash during Win8 sync.
+
+
+o Anand Avati <avati at redhat.com>
+ * BUG 9833: Function called in unix_convert() path can overwrite errno.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9785: Use specified python for runtime installation of Samba.
+ * BUG 9834: Fix segfault when loging in with wrong password from w2k8r2.
+
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 9767: Fix 'net ads join' when called via stdin.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
+ * BUG 9830: Fix panic in nt_printer_publish_ads.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 9775: Fix segfault for "artificial" conn_structs in vfs_fake_perms.
+ * BUG 9809: Package new dbwrap_tool man page.
+ * BUG 9824: SMB signing and the async echo responder don't work together.
+ * BUG 9832: talloc use after free in winbind4.
+ * BUG 9854: Fix NULL pointer dereference in Winbind.
+ * BUG 9868: Fix making LIBNDR_PREG_OBJ.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9545: Fix the build of vfs_notify_fam.
+ * BUG 9803: Change '--with-dmapi' to 'default=auto' to match the autoconf
+ build.
+ * BUG 9804: wafsamba: Display the default value in help for
+ SAMBA3_ADD_OPTION.
+ * BUG 9382: Add support for PFC_FLAG_OBJECT_UUID when parsing packets.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9139: Fix the username map optimization.
+ * BUG 9699: Fix adding case sensitive spn.
+ * BUG 9766: Cache name_to_sid/sid_to_name correctly.
+ * BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
+
+
+o Richard Sharpe <realrichardsharpe at gmail.com>
+ * BUG 9722: Properly handle oplock breaks in compound requests.
+
+
+o Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
+ * BUG 9782: Fix panic when running 'smbtorture smb.base'.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.0.5
April 9, 2013
=============================
@@ -185,8 +286,9 @@ database (https://bugzilla.samba.org/).
== The Samba Team
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.0.4
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index d9bea1c..442bd5d 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -449,11 +449,11 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
&gensec_ntlmssp->server_returned_info,
user_session_key, lm_session_key);
}
- talloc_free(user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(5, (__location__ ": Checking NTLMSSP password for %s\\%s failed: %s\n", user_info->client.domain_name, user_info->client.account_name, nt_errstr(nt_status)));
}
+ TALLOC_FREE(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
diff --git a/buildtools/wafsamba/samba3.py b/buildtools/wafsamba/samba3.py
index 476d8fc..fd063ad 100644
--- a/buildtools/wafsamba/samba3.py
+++ b/buildtools/wafsamba/samba3.py
@@ -8,8 +8,17 @@ from samba_autoconf import library_flags
def SAMBA3_ADD_OPTION(opt, option, help=(), dest=None, default=True,
with_name="with", without_name="without"):
+ if default is None:
+ default_str="auto"
+ elif default == True:
+ default_str="yes"
+ elif default == False:
+ default_str="no"
+ else:
+ default_str=str(default)
+
if help == ():
- help = ("Build with %s support" % option)
+ help = ("Build with %s support (default=%s)" % (option, default_str))
if dest is None:
dest = "with_%s" % option.replace('-', '_')
diff --git a/buildtools/wafsamba/samba_python.py b/buildtools/wafsamba/samba_python.py
index b2172f7..847b431 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -5,6 +5,16 @@ from samba_utils import *
from samba_autoconf import *
from Configure import conf
+
+ at conf
+def SAMBA_CHECK_PYTHON(conf, mandatory=True):
+ # enable tool to build python extensions
+ conf.find_program('python', var='PYTHON', mandatory=mandatory)
+ conf.check_tool('python')
+ path_python = conf.find_program('python')
+ conf.env.PYTHON_SPECIFIED = (conf.env.PYTHON != path_python)
+ conf.check_python_version((2,4,2))
+
@conf
def SAMBA_CHECK_PYTHON_HEADERS(conf, mandatory=True):
if conf.env["python_headers_checked"] == []:
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index f7156ec..3559cc1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -696,14 +696,25 @@ def copy_and_fix_python_path(task):
replacement="""sys.path.insert(0, "%s")
sys.path.insert(1, "%s")""" % (task.env["PYTHONARCHDIR"], task.env["PYTHONDIR"])
+ shebang = None
+
+ if task.env["PYTHON"][0] == "/":
+ replacement_shebang = "#!%s" % task.env["PYTHON"]
+ else:
+ replacement_shebang = "#!/usr/bin/env %s" % task.env["PYTHON"]
+
installed_location=task.outputs[0].bldpath(task.env)
source_file = open(task.inputs[0].srcpath(task.env))
installed_file = open(installed_location, 'w')
+ lineno = 0
for line in source_file:
newline = line
- if pattern in line:
+ if lineno == 0 and task.env["PYTHON_SPECIFIED"] == True and line[:2] == "#!":
+ newline = replacement_shebang
+ elif pattern in line:
newline = line.replace(pattern, replacement)
installed_file.write(newline)
+ lineno = lineno + 1
installed_file.close()
os.chmod(installed_location, 0755)
return 0
@@ -727,6 +738,8 @@ def install_file(bld, destdir, file, chmod=MODE_644, flat=False,
target=inst_file)
bld.add_manual_dependency(bld.path.find_or_declare(inst_file), bld.env["PYTHONARCHDIR"])
bld.add_manual_dependency(bld.path.find_or_declare(inst_file), bld.env["PYTHONDIR"])
+ bld.add_manual_dependency(bld.path.find_or_declare(inst_file), str(bld.env["PYTHON_SPECIFIED"]))
+ bld.add_manual_dependency(bld.path.find_or_declare(inst_file), bld.env["PYTHON"])
file = inst_file
if base_name:
file = os.path.join(base_name, file)
diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
index 94184c8..822e42b 100644
--- a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
@@ -10,16 +10,6 @@
<para>Possible values are :</para>
<itemizedlist>
<listitem>
- <para><constant>CORE</constant>: Earliest version. No
- concept of user names.</para>
- </listitem>
-
- <listitem>
- <para><constant>COREPLUS</constant>: Slight improvements on
- CORE for efficiency.</para>
- </listitem>
-
- <listitem>
<para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis>
version of the protocol. Long filename support.</para>
</listitem>
diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
index 4edecc4..c324fcb 100644
--- a/docs-xml/smbdotconf/protocol/serverminprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
@@ -15,6 +15,6 @@
<related>server max protocol</related>
-<value type="default">CORE</value>
+<value type="default">LANMAN1</value>
<value type="example">NT1</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml
index 2666821..045e7d9 100644
--- a/docs-xml/smbdotconf/protocol/smb2maxread.xml
+++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml
@@ -8,10 +8,13 @@
<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
size that may be returned by a single SMB2 read call.
</para>
-<para>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</para>
+<para>The maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2.</para>
+<para>Please note that the default is 1MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
</description>
<related>smb2 max write</related>
<related>smb2 max trans</related>
-<value type="default">65536</value>
+<value type="default">1048576</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
index 1c01ccc..d4d83b9 100644
--- a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
+++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml
@@ -8,10 +8,13 @@
<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.
</para>
-<para>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</para>
+<para>The maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2.</para>
+<para>Please note that the default is 1MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
</description>
<related>smb2 max read</related>
<related>smb2 max write</related>
-<value type="default">65536</value>
+<value type="default">1048576</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
index a302a94..1789bc6 100644
--- a/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
+++ b/docs-xml/smbdotconf/protocol/smb2maxwrite.xml
@@ -8,10 +8,13 @@
<manvolnum>8</manvolnum></citerefentry> will return to a client, informing the client of the largest
size that may be sent to the server by a single SMB2 write call.
</para>
-<para>The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server.</para>
+<para>The maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2.</para>
+<para>Please note that the default is 1MiB, but it's limit is based on the
+smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU).
+Large MTU is not supported over NBT (tcp port 139).</para>
</description>
<related>smb2 max read</related>
<related>smb2 max trans</related>
-<value type="default">65536</value>
+<value type="default">1048576</value>
</samba:parameter>
diff --git a/lib/replace/getpass.c b/lib/replace/getpass.c
index f95109f..3627222 100644
--- a/lib/replace/getpass.c
+++ b/lib/replace/getpass.c
@@ -138,7 +138,7 @@ static void gotintr_sig(int signum)
char *rep_getpass(const char *prompt)
{
FILE *in, *out;
- int echo_off;
+ int echo_off, is_a_tty;
static char buf[256];
static size_t bufsize = sizeof(buf);
size_t nread;
@@ -160,8 +160,9 @@ char *rep_getpass(const char *prompt)
setvbuf(in, NULL, _IONBF, 0);
/* Turn echoing off if it is on now. */
+ is_a_tty = isatty(fileno(in)) > 0;
- if (tcgetattr (fileno (in), &t) == 0) {
+ if (is_a_tty && (tcgetattr (fileno (in), &t) == 0)) {
if (ECHO_IS_ON(t)) {
TURN_ECHO_OFF(t);
echo_off = tcsetattr (fileno (in), TCSAFLUSH, &t) == 0;
@@ -196,7 +197,7 @@ char *rep_getpass(const char *prompt)
if (gotintr && in_fd == -1) {
in = fopen ("/dev/tty", "w+");
}
- if (in != NULL)
+ if ((in != NULL) && is_a_tty)
tcsetattr (fileno (in), TCSANOW, &t);
}
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index aee4004..762382c 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1736,7 +1736,7 @@ static bool wbinfo_pam_logon(char *username)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcLogonUserParams params;
- struct wbcAuthErrorInfo *error;
+ struct wbcAuthErrorInfo *error = NULL;
char *s = NULL;
char *p = NULL;
TALLOC_CTX *frame = talloc_tos();
@@ -1787,16 +1787,15 @@ static bool wbinfo_pam_logon(char *username)
d_printf("plaintext password authentication %s\n",
WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
- if (!WBC_ERROR_IS_OK(wbc_status)) {
+ if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
d_fprintf(stderr,
"error code was %s (0x%x)\nerror message was: %s\n",
error->nt_string,
(int)error->nt_status,
error->display_string);
wbcFreeMemory(error);
- return false;
}
- return true;
+ return WBC_ERROR_IS_OK(wbc_status);
}
/* Save creds with winbind */
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 8439256..7df7cb5 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -370,6 +370,7 @@ fi
%{_mandir}/man8/winbindd.8*
%{_mandir}/man1/ntlm_auth.1*
%{_mandir}/man1/wbinfo.1*
+%{_mandir}/man1/dbwrap_*.1*
%{_mandir}/man8/vfs_*.8*
%{_mandir}/man8/idmap_*.8*
diff --git a/selftest/knownfail b/selftest/knownfail
index e3964d6..262b889 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -107,6 +107,7 @@
^samba4.smb2.rename.no_share_delete_no_delete_access\(.*\)$
^samba4.smb2.rename.msword
^samba4.smb2.compound.related3
+^samba4.smb2.compound.compound-break
^samba4.winbind.struct.*.show_sequence # Not yet working in winbind
^samba4.*base.delaywrite.*update of write time and SMBwrite truncate\(.*\)$
^samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand\(.*\)$
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 70304fe..2061d97 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -937,6 +937,7 @@ sub provision($$$$$$)
path = $shrdir
comment = encrypt smb username is [%U]
smb encrypt = required
+ vfs objects = $vfs_modulesdir_abs/dirsort.so
[tmpguest]
path = $shrdir
guest ok = yes
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f6305c6..55505df 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -333,7 +333,7 @@ LIBNDR_SPOOLSS_OBJ = autoconf/librpc/gen_ndr/ndr_spoolss.o \
../librpc/ndr/ndr_spoolss_buf.o
LIBNDR_NTPRINTING_OBJ = autoconf/librpc/gen_ndr/ndr_ntprinting.o \
- ../librpc/ndr/ndr_ntprinting.o \
+ ../librpc/ndr/ndr_ntprinting.o
LIBNDR_PREG_OBJ = autoconf/librpc/gen_ndr/ndr_preg.o \
../librpc/ndr/ndr_preg.o
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
}
/* Send off request */
-
params.account_name = user_info->client.account_name;
- params.domain_name = user_info->mapped.domain_name;
+ /*
+ * We need to send the domain name from the client to the DC. With
+ * NTLMv2 the domain name is part of the hashed second challenge,
+ * if we change the domain name, the DC will fail to verify the
+ * challenge cause we changed the domain name, this is like a
+ * man in the middle attack.
+ */
+ params.domain_name = user_info->client.domain_name;
params.workstation_name = user_info->workstation_name;
params.flags = 0;
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 4842192..082c885 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -427,12 +427,16 @@ bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out)
x_fclose(f);
/*
- * Setup the last_from and last_to as an optimization so
+ * If we didn't successfully map a user in the loop above,
+ * setup the last_from and last_to as an optimization so
* that we don't scan the file again for the same user.
*/
-
- set_last_from_to(user_in, user_in);
- store_map_in_gencache(ctx, user_in, user_in);
+ if (!mapped_user) {
+ DEBUG(8, ("The user '%s' has no mapping. "
+ "Skip it next time.\n", user_in));
+ set_last_from_to(user_in, user_in);
+ store_map_in_gencache(ctx, user_in, user_in);
+ }
return mapped_user;
}
diff --git a/source3/include/srvstr.h b/source3/include/srvstr.h
index 7e7d8a2..2c6e7ef 100644
--- a/source3/include/srvstr.h
+++ b/source3/include/srvstr.h
@@ -19,12 +19,3 @@
#define srvstr_pull_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags) \
pull_string_talloc(ctx, base_ptr, smb_flags2, dest, src, src_len, flags)
-
-/* pull a string from the smb_buf part of a packet. In this case the
--
Samba Shared Repository
More information about the samba-cvs
mailing list