[SCM] Samba Shared Repository - branch v4-2-stable updated
Karolin Seeger
kseeger at samba.org
Fri Jan 16 01:28:01 MST 2015
The branch, v4-2-stable has been updated
via c88a4f4 VERSION: Disable git snapshots for the 4.2.0rc4 release.
via 8fdb354 WHATSNEW: Add release notes for Samba 4.2.0rc4.
via 2a699e4 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
via df1f7ce CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c
via 0b97e8b CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
via 239c0f2 CVE-2014-8143:auth: Force talloc type of session_info pointer to match
via 923827c vfs_fruit: mmap under FreeBSD needs PROT_READ
via e3d7893 vfs_fruit: fix base_fsp name conversion
via eaeeb51 s3-libads: Fix a possible segfault in kerberos_fetch_pac().
via ec80439 lib/util: Avoid collision which alread defined consumer DEBUG macro.
via a756e65 spoolss: clear PrinterInfo on GetPrinter error
via 4e3e5e7 spoolss: clear info on GetPrinterDriverDirectory error
via d2d2f8a spoolss: clear info on GetPrintProcessorDirectory error
via e9e576a spoolss: clear FormInfo on GetForm error
via 9762d72 spoolss: clear DriverInfo on GetPrinterDriver2 error
via 2141975 spoolss: clear JobInfo on GetJob error
via f0040c6 [PATCH] vfs: Add glusterfs manpage.
via 92b34c5 net: Fix sam addgroupmem
via 561eb6c s3:passdb: fix logic in pdb_set_pw_history()
via bdc182f s3-util: Fix authentication with long hostnames.
via d196b54 winbind: Retry after SESSION_EXPIRED error in ping-dc
via ec07387 winbind: Retry LogonControl RPC in ping-dc after session expiration
via 4701d74 tdb_wrap: Make mutexes easier to use
via c6dc67a nss_wrapper: check for nss.h
via 2201a3c ctdb-daemon: Use correct tdb flags when enabling robust mutex support
via 2887007 tdb: version 1.3.4
via 4a52345 tdb/toos: allow transactions with TDB_MUTEX_LOCKING
via 9ec5518 tdb/test: add tdb1-run-mutex-transaction1 test
via 953d373 tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING
via 93b73bf VERSION: Bump version up to 4.2.0rc4 and...
from f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 48 ++++-
ctdb/client/ctdb_client.c | 30 +++-
ctdb/server/ctdb_lock.c | 30 +++-
ctdb/server/ctdb_lock_helper.c | 28 +--
ctdb/server/ctdb_ltdb_server.c | 4 +-
docs-xml/manpages/vfs_glusterfs.8.xml | 151 ++++++++++++++++
docs-xml/wscript_build | 1 +
lib/nss_wrapper/wscript | 4 +-
lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.4.sigs} | 0
lib/tdb/common/transaction.c | 2 +-
lib/tdb/test/run-mutex-transaction1.c | 236 +++++++++++++++++++++++++
lib/tdb/tools/tdbtorture.c | 1 -
lib/tdb/wscript | 3 +-
lib/tdb_wrap/tdb_wrap.c | 7 +
lib/util/debug.h | 6 +-
lib/util/fault.h | 5 +
librpc/idl/security.idl | 13 +-
source3/lib/util.c | 4 +-
source3/libads/authdata.c | 26 +--
source3/modules/vfs_fruit.c | 4 +-
source3/passdb/pdb_get_set.c | 15 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 78 +++++---
source3/utils/net_sam.c | 8 +-
source3/winbindd/winbindd_dual_srv.c | 18 ++
source4/auth/session.c | 5 +
source4/dsdb/common/util.c | 4 +-
source4/dsdb/pydsdb.c | 1 +
source4/dsdb/samdb/ldb_modules/samldb.c | 190 +++++++++++++++++++-
source4/dsdb/samdb/samdb.h | 6 +
source4/rpc_server/lsa/dcesrv_lsa.c | 15 +-
source4/setup/schema_samba4.ldif | 1 +
32 files changed, 856 insertions(+), 90 deletions(-)
create mode 100644 docs-xml/manpages/vfs_glusterfs.8.xml
copy lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.4.sigs} (100%)
create mode 100644 lib/tdb/test/run-mutex-transaction1.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 507ad30..7d26f52 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4e394ad..dc47556 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the third release candidate of Samba 4.2. This is *not*
+This is the fourth release candidate of Samba 4.2. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -338,6 +338,52 @@ smb.conf changes
winbind expand groups Changed default 0
+CHANGES SINCE 4.2.0rc3
+======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
+ rights before we allow changes to userAccountControl.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10240: vfs: Add glusterfs manpage.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 10984: Fix spoolss IDL response marshalling when returning error
+ without clearing info.
+
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 11000: ctdb-daemon: Use correct tdb flags when enabling robust mutex
+ support.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 11032: tdb_wrap: Make mutexes easier to use.
+ * BUG 11039: vfs_fruit: Fix base_fsp name conversion.
+ * BUG 11040: vfs_fruit: mmap under FreeBSD needs PROT_READ.
+ * BUG 11051: net: Fix sam addgroupmem.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 10940: s3:passdb: fix logic in pdb_set_pw_history().
+ * BUG 11004: tdb: version 1.3.4.
+
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 11034: winbind: Retry after SESSION_EXPIRED error in ping-dc.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 11008: s3-util: Fix authentication with long hostnames.
+ * BUG 11026: nss_wrapper: check for nss.h.
+ * BUG 11033: lib/util: Avoid collision which alread defined consumer DEBUG
+ macro.
+ * BUG 11037: s3-libads: Fix a possible segfault in kerberos_fetch_pac().
+
+
CHANGES SINCE 4.2.0rc2
======================
diff --git a/ctdb/client/ctdb_client.c b/ctdb/client/ctdb_client.c
index 07b17d0..da18826 100644
--- a/ctdb/client/ctdb_client.c
+++ b/ctdb/client/ctdb_client.c
@@ -1928,7 +1928,7 @@ int ctdb_ctrl_createdb(struct ctdb_context *ctdb, struct timeval timeout, uint32
#ifdef TDB_MUTEX_LOCKING
if (!persistent && ctdb->tunable.mutex_enabled == 1) {
- tdb_flags |= TDB_MUTEX_LOCKING;
+ tdb_flags |= (TDB_MUTEX_LOCKING | TDB_CLEAR_IF_FIRST);
}
#endif
@@ -2055,6 +2055,9 @@ struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb,
TDB_DATA data;
int ret;
int32_t res;
+#ifdef TDB_MUTEX_LOCKING
+ uint32_t mutex_enabled = 0;
+#endif
ctdb_db = ctdb_db_handle(ctdb, name);
if (ctdb_db) {
@@ -2080,8 +2083,18 @@ struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb,
}
#ifdef TDB_MUTEX_LOCKING
- if (!persistent && ctdb->tunable.mutex_enabled == 1) {
- tdb_flags |= TDB_MUTEX_LOCKING;
+ if (!persistent) {
+ ret = ctdb_ctrl_get_tunable(ctdb, timeval_current_ofs(3,0),
+ CTDB_CURRENT_NODE,
+ "TDBMutexEnabled",
+ &mutex_enabled);
+ if (ret != 0) {
+ DEBUG(DEBUG_WARNING, ("Assuming no mutex support.\n"));
+ }
+
+ if (mutex_enabled == 1) {
+ tdb_flags |= (TDB_MUTEX_LOCKING | TDB_CLEAR_IF_FIRST);
+ }
}
#endif
@@ -2105,7 +2118,16 @@ struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb,
return NULL;
}
- tdb_flags = persistent?TDB_DEFAULT:TDB_NOSYNC;
+ if (persistent) {
+ tdb_flags = TDB_DEFAULT;
+ } else {
+ tdb_flags = TDB_NOSYNC;
+#ifdef TDB_MUTEX_LOCKING
+ if (mutex_enabled) {
+ tdb_flags |= (TDB_MUTEX_LOCKING | TDB_CLEAR_IF_FIRST);
+ }
+#endif
+ }
if (ctdb->valgrinding) {
tdb_flags |= TDB_NOMMAP;
}
diff --git a/ctdb/server/ctdb_lock.c b/ctdb/server/ctdb_lock.c
index 22a88b3..7959d40 100644
--- a/ctdb/server/ctdb_lock.c
+++ b/ctdb/server/ctdb_lock.c
@@ -544,11 +544,23 @@ static int db_count_handler(struct ctdb_db_context *ctdb_db, uint32_t priority,
{
int *count = (int *)private_data;
- (*count)++;
+ (*count) += 2;
return 0;
}
+static int db_flags(struct ctdb_db_context *ctdb_db)
+{
+ int tdb_flags = TDB_DEFAULT;
+
+#ifdef TDB_MUTEX_LOCKING
+ if (!ctdb_db->persistent && ctdb_db->ctdb->tunable.mutex_enabled) {
+ tdb_flags = (TDB_MUTEX_LOCKING | TDB_CLEAR_IF_FIRST);
+ }
+#endif
+ return tdb_flags;
+}
+
struct db_namelist {
const char **names;
int n;
@@ -560,7 +572,9 @@ static int db_name_handler(struct ctdb_db_context *ctdb_db, uint32_t priority,
struct db_namelist *list = (struct db_namelist *)private_data;
list->names[list->n] = talloc_strdup(list->names, ctdb_db->db_path);
- list->n++;
+ list->names[list->n+1] = talloc_asprintf(list->names, "0x%x",
+ db_flags(ctdb_db));
+ list->n += 2;
return 0;
}
@@ -577,11 +591,11 @@ static bool lock_helper_args(TALLOC_CTX *mem_ctx,
switch (lock_ctx->type) {
case LOCK_RECORD:
- nargs = 5;
+ nargs = 6;
break;
case LOCK_DB:
- nargs = 4;
+ nargs = 5;
break;
case LOCK_ALLDB_PRIO:
@@ -612,16 +626,20 @@ static bool lock_helper_args(TALLOC_CTX *mem_ctx,
case LOCK_RECORD:
args[2] = talloc_strdup(args, "RECORD");
args[3] = talloc_strdup(args, lock_ctx->ctdb_db->db_path);
+ args[4] = talloc_asprintf(args, "0x%x",
+ db_flags(lock_ctx->ctdb_db));
if (lock_ctx->key.dsize == 0) {
- args[4] = talloc_strdup(args, "NULL");
+ args[5] = talloc_strdup(args, "NULL");
} else {
- args[4] = hex_encode_talloc(args, lock_ctx->key.dptr, lock_ctx->key.dsize);
+ args[5] = hex_encode_talloc(args, lock_ctx->key.dptr, lock_ctx->key.dsize);
}
break;
case LOCK_DB:
args[2] = talloc_strdup(args, "DB");
args[3] = talloc_strdup(args, lock_ctx->ctdb_db->db_path);
+ args[4] = talloc_asprintf(args, "0x%x",
+ db_flags(lock_ctx->ctdb_db));
break;
case LOCK_ALLDB_PRIO:
diff --git a/ctdb/server/ctdb_lock_helper.c b/ctdb/server/ctdb_lock_helper.c
index 2161a9a..7a09ecf 100644
--- a/ctdb/server/ctdb_lock_helper.c
+++ b/ctdb/server/ctdb_lock_helper.c
@@ -36,9 +36,9 @@ static void send_result(int fd, char result)
static void usage(void)
{
fprintf(stderr, "\n");
- fprintf(stderr, "Usage: %s <log-fd> <ctdbd-pid> <output-fd> RECORD <db-path> <db-key>\n",
+ fprintf(stderr, "Usage: %s <log-fd> <ctdbd-pid> <output-fd> RECORD <db-path> <db-flags> <db-key>\n",
progname);
- fprintf(stderr, " %s <log-fd> <ctdbd-pid> <output-fd> DB <db1-path> [<db2-path> ...]\n",
+ fprintf(stderr, " %s <log-fd> <ctdbd-pid> <output-fd> DB <db1-path> <db1-flags> [<db2-path> <db2-flags>...]\n",
progname);
}
@@ -59,10 +59,14 @@ static uint8_t *hex_decode_talloc(TALLOC_CTX *mem_ctx,
return buffer;
}
-static int lock_record(const char *dbpath, const char *dbkey)
+static int lock_record(const char *dbpath, const char *dbflags, const char *dbkey)
{
TDB_DATA key;
struct tdb_context *tdb;
+ int tdb_flags;
+
+ /* No error checking since CTDB always passes sane values */
+ tdb_flags = strtol(dbflags, NULL, 0);
/* Convert hex key to key */
if (strcmp(dbkey, "NULL") == 0) {
@@ -72,7 +76,7 @@ static int lock_record(const char *dbpath, const char *dbkey)
key.dptr = hex_decode_talloc(NULL, dbkey, &key.dsize);
}
- tdb = tdb_open(dbpath, 0, TDB_DEFAULT, O_RDWR, 0600);
+ tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
if (tdb == NULL) {
fprintf(stderr, "%s: Error opening database %s\n", progname, dbpath);
return 1;
@@ -89,11 +93,15 @@ static int lock_record(const char *dbpath, const char *dbkey)
}
-static int lock_db(const char *dbpath)
+static int lock_db(const char *dbpath, const char *dbflags)
{
struct tdb_context *tdb;
+ int tdb_flags;
+
+ /* No error checking since CTDB always passes sane values */
+ tdb_flags = strtol(dbflags, NULL, 0);
- tdb = tdb_open(dbpath, 0, TDB_DEFAULT, O_RDWR, 0600);
+ tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
if (tdb == NULL) {
fprintf(stderr, "%s: Error opening database %s\n", progname, dbpath);
return 1;
@@ -140,21 +148,21 @@ int main(int argc, char *argv[])
lock_type = argv[4];
if (strcmp(lock_type, "RECORD") == 0) {
- if (argc != 7) {
+ if (argc != 8) {
fprintf(stderr, "%s: Invalid number of arguments (%d)\n",
progname, argc);
usage();
exit(1);
}
- result = lock_record(argv[5], argv[6]);
+ result = lock_record(argv[5], argv[6], argv[7]);
} else if (strcmp(lock_type, "DB") == 0) {
int n;
/* If there are no databases specified, no need for lock */
if (argc > 5) {
- for (n=5; n<argc; n++) {
- result = lock_db(argv[n]);
+ for (n=5; n+1<argc; n+=2) {
+ result = lock_db(argv[n], argv[n+1]);
if (result != 0) {
break;
}
diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index 9ac2217..174a460 100644
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -844,7 +844,7 @@ static int ctdb_local_attach(struct ctdb_context *ctdb, const char *db_name,
#ifdef TDB_MUTEX_LOCKING
if (ctdb->tunable.mutex_enabled && mutexes &&
tdb_runtime_check_for_robust_mutexes()) {
- tdb_flags |= TDB_MUTEX_LOCKING;
+ tdb_flags |= (TDB_MUTEX_LOCKING | TDB_CLEAR_IF_FIRST);
}
#endif
@@ -1138,7 +1138,7 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata,
that tdb_flags is passed in via the (otherwise unused)
srvid to the attach control */
#ifdef TDB_MUTEX_LOCKING
- tdb_flags &= (TDB_NOSYNC|TDB_INCOMPATIBLE_HASH|TDB_MUTEX_LOCKING);
+ tdb_flags &= (TDB_NOSYNC|TDB_INCOMPATIBLE_HASH|TDB_MUTEX_LOCKING|TDB_CLEAR_IF_FIRST);
#else
tdb_flags &= (TDB_NOSYNC|TDB_INCOMPATIBLE_HASH);
#endif
diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml
new file mode 100644
index 0000000..83032cc
--- /dev/null
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_glusterfs.8">
+
+<refmeta>
+ <refentrytitle>vfs_glusterfs</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">4.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_glusterfs</refname>
+ <refpurpose>
+ Utilize features provided by GlusterFS
+ </refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = glusterfs</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> suite.</para>
+
+ <para>
+ The <command>vfs_glusterfs</command> VFS module exposes
+ GlusterFS specific features for use by Samba.
+ </para>
+
+ <para>
+ GlusterFS is a clustered file system, capable of scaling
+ to several peta-bytes. It aggregates various storage bricks
+ over Infiniband RDMA or TCP/IP and interconnect into one large
+ parallel network file system. Storage bricks can be made of any
+ commodity hardware, such as x86-64 server with SATA-II RAID and
+ Infiniband HBA.
+
+ GlusterFS is fully POSIX compliant file system. It supports
+ standard clients running standard applications over any standard
+ IP network and also FUSE. It works seemlessly on
+ different operating systems, currently supported on GNU/Linux
+ and Solaris.
+ </para>
+
+ <para>
+ This module is stackable, provided glusterfs lies in the bottom
+ of the stack.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>CONFIGURATION</title>
+
+ <para>
+ <command>vfs_glusterfs</command> requires that the underlying share
+ path is a Gluster filesystem.
+ </para>
+
+ <programlisting>
+ <smbconfsection name="[share]"/>
+ <smbconfoption name="vfs objects">glusterfs</smbconfoption>
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>glusterfs:logfile = path</term>
+ <listitem>
+ <para>
+ Defines whether and where to store a vfs_glusterfs specific
+ logfile. Client variable substitution is supported (i.e.
+ %M, %m, %I), hence per client log file can be
+ %specified.
+ </para>
+ <para>
+ Example: glusterfs:logfile =
+ %/var/log/samba/glusterfs-vol2.%M.log
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>glusterfs:loglevel = 0-9</term>
+ <listitem>
+ <para>
+ Defines the level of logging, with higher numbers corresponding to more verbosity.
+ 0 - No logs; 9 - Trace log level; 7 being the info log level is preferred.
+ </para>
+ <para>
+ If this option is not defined with an explicit loglevel,
+ the glusterfs default is used (currently loglevel 7).
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>glusterfs:volfile_server = servername</term>
+ <listitem>
+ <para>
+ Defines which volfile server to use, defaults to
+ localhost.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>glusterfs:volume = volumename</term>
+ <listitem>
+ <para>
+ Defines the glusterfs volumename to use for this share.
+ </para>
+ </listitem>
+
+ </varlistentry>
+ </variablelist>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>
+ This man page is correct for version 4.2.0 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index f7d0db8..0bc3f54 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -62,6 +62,7 @@ manpages='''
manpages/vfs_fileid.8
manpages/vfs_fruit.8
manpages/vfs_full_audit.8
+ manpages/vfs_glusterfs.8
manpages/vfs_gpfs.8
manpages/vfs_linux_xfs_sgid.8
manpages/vfs_media_harmony.8
diff --git a/lib/nss_wrapper/wscript b/lib/nss_wrapper/wscript
index 34026c0..78fe4cd 100644
--- a/lib/nss_wrapper/wscript
+++ b/lib/nss_wrapper/wscript
@@ -9,6 +9,8 @@ def configure(conf):
conf.DEFINE('USING_SYSTEM_NSS_WRAPPER', 1)
--
Samba Shared Repository
More information about the samba-cvs
mailing list