[SCM] Samba Shared Repository - branch v4-1-stable updated
Karolin Seeger
kseeger at samba.org
Mon Oct 20 01:29:40 MDT 2014
The branch, v4-1-stable has been updated
via 3211982 VERSION: Disable git snapshots for the 4.1.13 release.
via b780193 WHATSNEW: Add release notes for Samba 4.1.13.
via e0f4517 s3: nmbd: Ensure the main nmbd process doesn't create zombies.
via 26a7036 pthreadpool: Slightly serialize jobs
via fda66b9 s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
via 78deb22 lib: util: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler.
via 429ddb1 s3: smb2cli: query info return length check was reversed.
via 0e17b3f s3-libads: Add all machine account principals to the keytab.
via 6602ad3 registry: Don't leave dangling transactions
via f2f050c s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call
via a0eb3dd s3: Move init_lsa_ref_domain_list to lib
via 2cd2490 idmap_rfc2307: Fix a crash after connection problem to DC
via 043415e s3-libnet: Make sure we do not overwrite precreated SPNs.
via 306e7e3 s3-libnet: Add libnet_join_get_machine_spns().
via f42d65e s3-libads: Add function to search for an element in an array.
via 5923c9a s3-libads: Add a function to retrieve the SPNs of a computer account.
via bff195a s3-libads: Improve service principle guessing.
via f93df45 smbd: We now survive smb2.oplock.stream1
via 05417be s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0).
via 7bbf54d nsswitch: Skip groups we were not able to map.
via bcc8912 s3: smbd - open logic fix.
via ad70de6 s3:smbd:open_file: use a more natural check.
via 4b3c8ad s3:smbd: fix a race in open code
via 6b1091dc s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
via 632e0bc s3-winbindd: Use correct realm for trusted domains in idmap child
via 5cf0aa0 libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
via 52b876a media_harmony: Fix a crash bug
via 62513b7 docs: mention incompatibility between kernel oplocks and streams_xattr
via a93d931 nmbd: Send waiting status to systemd.
via beffc40 lib: Add daemon_status() to util library.
via 538f62e selftest: Fix selftest where pid is used uninitialized.
via 6ccee19 Merge tag 'samba-4.1.12' into v4-1-test
via a75c1bc VERSION: Bump version up to 4.1.13...
from 6cc1d30 Merge tag 'samba-4.1.11' into v4-1-test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 91 +++++++++++++++++-
docs-xml/manpages/vfs_streams_xattr.8.xml | 4 +
lib/util/become_daemon.c | 11 ++
lib/util/samba_util.h | 10 ++-
lib/util/signal.c | 8 +-
libcli/smb/smb1cli_echo.c | 1 -
libcli/smb/smb2cli_query_info.c | 2 +-
nsswitch/winbind_nss_linux.c | 5 +
selftest/knownfail | 1 -
selftest/target/Samba.pm | 7 +-
source3/{lib/version_test.c => include/lsa.h} | 17 ++--
source3/lib/lsa.c | 67 +++++++++++++
source3/lib/pthreadpool/pthreadpool.c | 6 +-
source3/lib/smbrun.c | 18 ++--
source3/libads/ads_proto.h | 8 ++
source3/libads/kerberos_keytab.c | 74 ++++++++++-----
source3/libads/ldap.c | 91 ++++++++++++++++++
source3/libads/sasl.c | 124 +++++++++++++------------
source3/libnet/libnet_join.c | 59 +++++++++++-
source3/modules/vfs_media_harmony.c | 4 +-
source3/nmbd/nmbd.c | 3 +
source3/nmbd/nmbd_subnetdb.c | 7 +-
source3/registry/reg_api.c | 2 +-
source3/rpc_server/lsa/srv_lsa_nt.c | 48 +---------
source3/rpc_server/samr/srv_samr_chgpasswd.c | 9 +-
source3/rpc_server/wscript_build | 2 +-
source3/smbd/open.c | 79 ++++++++++++----
source3/winbindd/idmap_rfc2307.c | 1 +
source3/winbindd/wb_sids2xids.c | 33 ++++++-
source3/winbindd/winbindd_ads.c | 14 ++-
source3/winbindd/winbindd_cm.c | 8 +-
source3/wscript_build | 4 +
33 files changed, 620 insertions(+), 200 deletions(-)
copy source3/{lib/version_test.c => include/lsa.h} (74%)
create mode 100644 source3/lib/lsa.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index cb14e70..f965464 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=12
+SAMBA_VERSION_RELEASE=13
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2505927..963b614 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,91 @@
==============================
+ Release Notes for Samba 4.1.13
+ October 20, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.12:
+---------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 10809: s3:smbd:open_file: Use a more natural check.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10717: s3: winbindd: Old NT Domain code sets struct
+ winbind_domain->alt_name to be NULL. Ensure this is safe with modern
+ AD-DCs.
+ * BUG 10779: pthreadpool: Slightly serialize jobs.
+ * BUG 10809: s3: smbd: Open logic fix.
+ * BUG 10830: s3: nmbd: Ensure the main nmbd process doesn't create zombies.
+ * BUG 10831: s3: lib: Signal handling - ensure smbrun and change password
+ code save and restore existing SIGCHLD handlers.
+ * BUG 10848: s3: smb2cli: Query info return length check was reversed.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 9984: s3-libnet: Make sure we do not overwrite precreated SPNs.
+
+
+o Björn Jacke <bj at sernet.de
+ * BUG 10814: docs: Mention incompatibility between kernel oplocks and
+ streams_xattr.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10735: Fix unstrcpy.
+ * BUG 10797: s3: smbd: streams - Ensure share mode validation ignores
+ internal opens (op_mid == 0).
+ * BUG 10813: vfs_media_harmony: Fix a crash bug.
+ * BUG 10860: registry: Don't leave dangling transactions.
+
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 10826: s3-winbindd: Use correct realm for trusted domains in idmap
+ child.
+ * BUG 10837: idmap_rfc2307: Fix a crash after connection problem to DC.
+ * BUG 10838: s3-winbindd: Do not use domain SID from LookupSids for
+ Sids2UnixIDs call.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9984: s3-libnet: Add libnet_join_get_machine_spns().
+ * BUG 9985: s3-libads: Add all machine account principals to the keytab.
+ * BUG 10816: nmbd: Send waiting status to systemd.
+ * BUG 10817: libcli: Fix a segfault calling smbXcli_req_set_pending() on
+ NULL.
+ * BUG 10824: nsswitch: Skip groups we were not able to map.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+ ==============================
Release Notes for Samba 4.1.12
September 8, 2014
==============================
@@ -126,10 +213,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
==============================
Release Notes for Samba 4.1.11
diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml
index 215fead..c10ece8 100644
--- a/docs-xml/manpages/vfs_streams_xattr.8.xml
+++ b/docs-xml/manpages/vfs_streams_xattr.8.xml
@@ -43,6 +43,10 @@
the size of xattrs. So this module might work for applications like IE
that stores small zone information in streams but will fail for
applications that store serious amounts of data in ADSs.</para>
+
+ <para>CAUTION: Make sure to set "kernel oplocks = no" in smb.conf if
+ if you use this module because this combination is currently broken.
+ See Bug 7537 for details.</para>
</refsect1>
<refsect1>
diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c
index 35c8b32..688bedd 100644
--- a/lib/util/become_daemon.c
+++ b/lib/util/become_daemon.c
@@ -135,3 +135,14 @@ _PUBLIC_ void daemon_ready(const char *daemon)
#endif
DEBUG(0, ("STATUS=daemon '%s' finished starting up and ready to serve connections", daemon));
}
+
+_PUBLIC_ void daemon_status(const char *name, const char *msg)
+{
+ if (name == NULL) {
+ name = "Samba";
+ }
+#ifdef HAVE_SYSTEMD
+ sd_notifyf(0, "\nSTATUS=%s: %s", name, msg);
+#endif
+ DEBUG(0, ("STATUS=daemon '%s' : %s", name, msg));
+}
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index e3fe6a6..c6eb349 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -107,12 +107,12 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int);
/**
Ignore SIGCLD via whatever means is necessary for this OS.
**/
-void CatchChild(void);
+void (*CatchChild(void))(int);
/**
Catch SIGCLD but leave the child around so it's status can be reaped.
**/
-void CatchChildLeaveStatus(void);
+void (*CatchChildLeaveStatus(void))(int);
struct sockaddr;
@@ -853,6 +853,12 @@ _PUBLIC_ void exit_daemon(const char *msg, int error);
**/
_PUBLIC_ void daemon_ready(const char *daemon);
+/*
+ * Report the daemon status. For example if it is not ready to serve connections
+ * and is waiting for some event to happen.
+ */
+_PUBLIC_ void daemon_status(const char *name, const char *msg);
+
/**
* @brief Get a password from the console.
*
diff --git a/lib/util/signal.c b/lib/util/signal.c
index ead947e..33a9900 100644
--- a/lib/util/signal.c
+++ b/lib/util/signal.c
@@ -129,16 +129,16 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int)
Ignore SIGCLD via whatever means is necessary for this OS.
**/
-void CatchChild(void)
+void (*CatchChild(void))(int)
{
- CatchSignal(SIGCLD, sig_cld);
+ return CatchSignal(SIGCLD, sig_cld);
}
/**
Catch SIGCLD but leave the child around so it's status can be reaped.
**/
-void CatchChildLeaveStatus(void)
+void (*CatchChildLeaveStatus(void))(int)
{
- CatchSignal(SIGCLD, sig_cld_leave_status);
+ return CatchSignal(SIGCLD, sig_cld_leave_status);
}
diff --git a/libcli/smb/smb1cli_echo.c b/libcli/smb/smb1cli_echo.c
index 4fb7c60..10dff2d 100644
--- a/libcli/smb/smb1cli_echo.c
+++ b/libcli/smb/smb1cli_echo.c
@@ -96,7 +96,6 @@ static void smb1cli_echo_done(struct tevent_req *subreq)
NULL, /* pbytes_offset */
NULL, /* pinbuf */
expected, ARRAY_SIZE(expected));
- TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return;
diff --git a/libcli/smb/smb2cli_query_info.c b/libcli/smb/smb2cli_query_info.c
index 454f25a..a24844b 100644
--- a/libcli/smb/smb2cli_query_info.c
+++ b/libcli/smb/smb2cli_query_info.c
@@ -154,7 +154,7 @@ static void smb2cli_query_info_done(struct tevent_req *subreq)
return;
}
- if (output_buffer_length < dyn_len) {
+ if (output_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c
index 8d66a74..70ede3e 100644
--- a/nsswitch/winbind_nss_linux.c
+++ b/nsswitch/winbind_nss_linux.c
@@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
continue;
}
+ /* Skip groups without a mapping */
+ if (gid_list[i] == (uid_t)-1) {
+ continue;
+ }
+
/* Filled buffer ? If so, resize. */
if (*start == *size) {
diff --git a/selftest/knownfail b/selftest/knownfail
index c493dba..8d11dfe 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -208,7 +208,6 @@
^samba3.smb2.oplock.exclusive5
^samba3.smb2.oplock.batch12
^samba3.smb2.oplock.batch20
-^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
^samba3.smb2.streams.attributes
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index ab3851f..b0817fd 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -188,7 +188,12 @@ sub get_interface($)
sub cleanup_child($$)
{
my ($pid, $name) = @_;
- my $childpid = waitpid($pid, WNOHANG);
+ my $childpid = -1;
+
+ if (defined($pid)) {
+ $childpid = waitpid($pid, WNOHANG);
+ }
+
if ($childpid == 0) {
} elsif ($childpid < 0) {
printf STDERR "%s child process %d isn't here any more\n",
diff --git a/source3/lib/version_test.c b/source3/include/lsa.h
similarity index 74%
copy from source3/lib/version_test.c
copy to source3/include/lsa.h
index 880cfeb..7681aed 100644
--- a/source3/lib/version_test.c
+++ b/source3/include/lsa.h
@@ -1,7 +1,5 @@
/*
- * Unix SMB/CIFS implementation.
- * version_test - test program for samba_version_strion()
- * Copyright (C) Michael Adam 2009
+ * Helper functions related to the LSA server
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,11 +14,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef LSA_H
+#define LSA_H
-#include "includes.h"
+int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList *ref,
+ const char *dom_name,
+ struct dom_sid *dom_sid);
-int main(void)
-{
- printf("%s\n", samba_version_string());
- return 0;
-}
+#endif
diff --git a/source3/lib/lsa.c b/source3/lib/lsa.c
new file mode 100644
index 0000000..0046fda
--- /dev/null
+++ b/source3/lib/lsa.c
@@ -0,0 +1,67 @@
+/*
+ * Helper functions related to the LSA server
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/***************************************************************************
+ init_lsa_ref_domain_list - adds a domain if it's not already in, returns index.
+***************************************************************************/
+
+#include "includes.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "lsa.h"
+
+int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList *ref,
+ const char *dom_name,
+ struct dom_sid *dom_sid)
+{
+ int num = 0;
+
+ if (dom_name != NULL) {
+ for (num = 0; num < ref->count; num++) {
+ if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
+ return num;
+ }
+ }
+ } else {
+ num = ref->count;
+ }
+
+ if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
+ /* index not found, already at maximum domain limit */
+ return -1;
+ }
+
+ ref->count = num + 1;
+ ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
+
+ ref->domains = talloc_realloc(mem_ctx, ref->domains,
+ struct lsa_DomainInfo, ref->count);
+ if (!ref->domains) {
+ return -1;
+ }
+
+ ZERO_STRUCT(ref->domains[num]);
+
+ ref->domains[num].name.string = dom_name;
+ ref->domains[num].sid = dom_sid_dup(mem_ctx, dom_sid);
+ if (!ref->domains[num].sid) {
+ return -1;
+ }
+
+ return num;
+}
diff --git a/source3/lib/pthreadpool/pthreadpool.c b/source3/lib/pthreadpool/pthreadpool.c
index c5c9367..9c781cf 100644
--- a/source3/lib/pthreadpool/pthreadpool.c
+++ b/source3/lib/pthreadpool/pthreadpool.c
@@ -488,14 +488,14 @@ static void *pthreadpool_server(void *arg)
job->fn(job->private_data);
+ res = pthread_mutex_lock(&pool->mutex);
+ assert(res == 0);
+
written = write(pool->sig_pipe[1], &job->id,
sizeof(int));
free(job);
- res = pthread_mutex_lock(&pool->mutex);
- assert(res == 0);
-
if (written != sizeof(int)) {
pthreadpool_server_exit(pool);
pthread_mutex_unlock(&pool->mutex);
diff --git a/source3/lib/smbrun.c b/source3/lib/smbrun.c
index 15a0c88..55f7a87 100644
--- a/source3/lib/smbrun.c
+++ b/source3/lib/smbrun.c
@@ -73,6 +73,7 @@ static int smbrun_internal(const char *cmd, int *outfd, bool sanitize)
pid_t pid;
uid_t uid = current_user.ut.uid;
gid_t gid = current_user.ut.gid;
+ void (*saved_handler)(int);
/*
* Lose any elevated privileges.
@@ -94,11 +95,11 @@ static int smbrun_internal(const char *cmd, int *outfd, bool sanitize)
* SIGCLD signals as it also eats the exit status code. JRA.
*/
- CatchChildLeaveStatus();
+ saved_handler = CatchChildLeaveStatus();
if ((pid=fork()) < 0) {
DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
- CatchChild();
+ (void)CatchSignal(SIGCLD, saved_handler);
if (outfd) {
close(*outfd);
*outfd = -1;
@@ -123,7 +124,7 @@ static int smbrun_internal(const char *cmd, int *outfd, bool sanitize)
break;
}
- CatchChild();
+ (void)CatchSignal(SIGCLD, saved_handler);
if (wpid != pid) {
DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno)));
@@ -148,7 +149,7 @@ static int smbrun_internal(const char *cmd, int *outfd, bool sanitize)
return status;
}
- CatchChild();
+ (void)CatchChild();
/* we are in the child. we exec /bin/sh to do the work for us. we
don't directly exec the command we want because it may be a
@@ -237,6 +238,7 @@ int smbrunsecret(const char *cmd, const char *secret)
uid_t uid = current_user.ut.uid;
gid_t gid = current_user.ut.gid;
int ifd[2];
+ void (*saved_handler)(int);
/*
* Lose any elevated privileges.
@@ -257,11 +259,11 @@ int smbrunsecret(const char *cmd, const char *secret)
* SIGCLD signals as it also eats the exit status code. JRA.
*/
- CatchChildLeaveStatus();
+ saved_handler = CatchChildLeaveStatus();
if ((pid=fork()) < 0) {
DEBUG(0, ("smbrunsecret: fork failed with error %s\n", strerror(errno)));
- CatchChild();
+ (void)CatchSignal(SIGCLD, saved_handler);
return errno;
}
@@ -293,7 +295,7 @@ int smbrunsecret(const char *cmd, const char *secret)
break;
}
- CatchChild();
+ (void)CatchSignal(SIGCLD, saved_handler);
if (wpid != pid) {
DEBUG(2, ("waitpid(%d) : %s\n", (int)pid, strerror(errno)));
@@ -309,7 +311,7 @@ int smbrunsecret(const char *cmd, const char *secret)
return status;
}
- CatchChild();
+ (void)CatchChild();
/* we are in the child. we exec /bin/sh to do the work for us. we
don't directly exec the command we want because it may be a
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 17a84d1..1e34247 100644
--- a/source3/libads/ads_proto.h
--
Samba Shared Repository
More information about the samba-cvs
mailing list