[SCM] Samba Shared Repository - branch v4-2-test updated
Karolin Seeger
kseeger at samba.org
Mon Oct 13 15:46:03 MDT 2014
The branch, v4-2-test has been updated
via 2cd5450 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
via 066fb45 [PATCH] WHATSNEW: Added information about the VFS WORM module that is
via 4cc2dda WHATSNEW: Fix typo.
via 721033d WHATSNEW: Fix typos.
via 63017ac [PATCH] WHATSNEW: Add more features for Samba 4.2
via 25d26f4 WHATSNEW: Add samba-regedit.
via 3430afa idmap_rfc2307: Fix a crash after connection problem to DC
from 02e1c6b SO_PROTOCOL is platform-dependent
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 2cd5450a4ee8b46cac18db17a0ac53d8178d0d34
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 6 14:19:39 2014 +0200
libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10866
(cherry picked from commit 3eef853f741d9349e45a1a87e453c52bf56c4774)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-2-test): Mon Oct 13 23:45:08 CEST 2014 on sn-devel-104
commit 066fb45c848b2fd3c37849740d25d671f0d9e9ac
Author: Marc Muehlfeld <mmuehlfeld at samba.org>
Date: Mon Oct 13 20:50:02 2014 +0200
[PATCH] WHATSNEW: Added information about the VFS WORM module that is
new in 4.2.
commit 4cc2ddac01c4dd023408145c5ee7b0377f9397ac
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Oct 13 20:48:00 2014 +0200
WHATSNEW: Fix typo.
Thanks to Rowland Penny <repenny241155 at gmail.com> for reporting.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 721033d3c63f3a495e667b6e336de27031b266c5
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Oct 13 20:44:33 2014 +0200
WHATSNEW: Fix typos.
Thanks to Michael Wood <esiotrot at gmail.com> for reporting.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 63017ac86332d5383a245c29be4f98d03fff469b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 13 20:36:21 2014 +0200
[PATCH] WHATSNEW: Add more features for Samba 4.2
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 25d26f433c5b67eb8e3b97f922170d7d33c5d888
Author: Andreas Schneider <asn at samba.org>
Date: Fri Oct 10 09:43:04 2014 +0200
WHATSNEW: Add samba-regedit.
Signed-off-by: Andreas Schneider <asn at samba.org>
commit 3430afabf1120a885a803859bb88245469478953
Author: Christof Schmitt <cs at samba.org>
Date: Wed Sep 17 13:23:11 2014 -0700
idmap_rfc2307: Fix a crash after connection problem to DC
When the connection to the DC has a problem, the code behind
ads_do_search_retry closes the current connection and opens a new one.
The new connection has a new struct LDAP to represent the connection. In
this case, the LDAP pointer in the idmap_rfc2307_context becomes
invalid.
Fix this problem by updating the local pointer after calling
ads_do_search_retry.
Signed-off-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10837
winbind crash in idmap_rfc2307 module
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 80 ++++++++++++++++++++++++++++++++++++++
libcli/smb/smbXcli_base.c | 6 ++-
source3/winbindd/idmap_rfc2307.c | 1 +
3 files changed, 86 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index aaf17d9..bd11ce7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -170,6 +170,14 @@ use the following steps:
$ make
# make install
+Samba Registry Editor
+=====================
+
+The utitlity to browse the samba registry has been overhauled by our Google
+Summer of Code student Chris Davis. Now samba-regedit has a
+Midnight-Commander-like theme and UI experience. You can browse keys and edit
+the diffent value types. For a data value type a hexeditor has been
+implemented.
######################################################################
Changes
@@ -194,6 +202,54 @@ smb.conf changes
KNOWN ISSUES
============
+Bad Password Lockout in the AD DC
+=================================
+
+Samba's AD DC now implements bad password lockout (on a per-DC basis).
+
+That is, incorrect password attempts are tracked, and accounts locked
+out if too many bad passwords are submitted. There is also a grace
+period of 60 minutes on the previous password when used for NTLM
+authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305).
+
+The relevant settings can be seen using 'samba-tool domain
+passwordsettings show' (the new settings being highlighted):
+
+Password informations for domain 'DC=samba,DC=example,DC=com'
+
+Password complexity: on
+Store plaintext passwords: off
+Password history length: 24
+Minimum password length: 7
+Minimum password age (days): 1
+Maximum password age (days): 42
+* Account lockout duration (mins): 30 *
+* Account lockout threshold (attempts): 0 *
+* Reset account lockout after (mins): 30 *
+
+These values can be set using 'samba-tool domain passwordsettings set'.
+
+Correct defaults in the smb.conf manpages
+=========================================
+
+The default values for smb.conf parameters are now correctly specified
+in the smb.conf manpage, even when they refer to build-time specified
+paths. Provided Samba is built on a system with the right tools
+(xsltproc in particular) required to generate our man pages, then
+these will be built with the exact same embedded paths as used by the
+configuration parser at runtime. Additionally, the default values
+read from the smb.conf manpage are checked by our test suite to match
+the values seen in testparm and used by the running binaries.
+
+Consistent behaviour between samba-tool testparm and testparm
+=============================================================
+
+With the exception of the registry backend, which remains only
+available in the file server, the behaviour of the smb.conf parser and
+the tools 'samba-tool testparm' and 'testparm' is now consistent,
+particularly with regard to default values. Except with regard to
+registry shares, it is no longer needed to use one tool on the AD
+DC, and another on the file server.
#######################################
Reporting bugs & Development Discussion
@@ -208,6 +264,30 @@ the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
+VFS WORM module
+===============
+
+A VFS module for basic WORM (Write once read many) support has been
+added. It allows an additional layer on top of a Samba share, that provides
+a basic set of WORM functionality on the client side, to control the
+writeability of files and folders.
+
+As the module is simply an additional layer, share access and permissions
+work like expected - only WORM functionality is added on top. Removing the
+module from the share configuration, removes this layer again. The
+filesystem ACLs are not affected in any way from the module and treated
+as usual.
+
+The module does not provide complete WORM functions, like some archiving
+products do! It is not audit-proof, because the WORM function is only
+available on the client side, when accessing a share through SMB! If
+the same folder is shared by other services like NFS, the access only
+depents on the underlaying filesystem ACLs. Equally if you access the
+content directly on the server.
+
+For additional information, see
+https://wiki.samba.org/index.php/VFS/vfs_worm
+
======================================================================
== Our Code, Our Bugs, Our Responsibility.
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index ac81f7a..8a8bbd0 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4649,7 +4649,11 @@ struct tevent_req *smb2cli_validate_negotiate_info_send(TALLOC_CTX *mem_ctx,
} else {
memset(buf+4, 0, 16); /* ClientGuid */
}
- SCVAL(buf, 20, conn->smb2.client.security_mode);
+ if (state->conn->min_protocol >= PROTOCOL_SMB2_02) {
+ SCVAL(buf, 20, conn->smb2.client.security_mode);
+ } else {
+ SCVAL(buf, 20, 0);
+ }
SCVAL(buf, 21, 0); /* reserved */
for (i=0; i < ARRAY_SIZE(smb2cli_prots); i++) {
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 2b7a593..db8bab6 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -103,6 +103,7 @@ static NTSTATUS idmap_rfc2307_ads_search(struct idmap_rfc2307_context *ctx,
status = ads_do_search_retry(ctx->ads, bind_path,
LDAP_SCOPE_SUBTREE, expr, attrs, result);
+ ctx->ldap = ctx->ads->ldap.ld;
return ads_ntstatus(status);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list