[SCM] Samba Shared Repository - branch v4-2-stable updated

Karolin Seeger kseeger at samba.org
Tue Jul 14 10:48:37 UTC 2015


The branch, v4-2-stable has been updated
       via  baf4349 VERSION: Disable git snapshots for the 4.2.3 release.
       via  d770ed8 WHATSNEW: Add release notes for Samba 4.2.3.
       via  74ae99f ncacn_http: fix GNUism
       via  4c8b66e s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
       via  0691890 vfs_fruit: check offset and length for AFP_AfpInfo read requests
       via  a70531c winbindd: disconnect child process if request is cancelled at main process
       via  1f51989 s4:selftest: also run rpc.winreg with kerberos and all possible auth options
       via  05a0995 s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
       via  30b9074 s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
       via  ae37b34 s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
       via  eac0b78 s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
       via  a0fbd5e s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
       via  1dae656 s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
       via  f9fce60 s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
       via  97bedee s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
       via  db644ad s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
       via  452a2f8 s3:rpc_server: remove pad handling from api_pipe_alter_context()
       via  8249470 s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
       via  dba57bd s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
       via  50d7029 librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
       via  3467356 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
       via  f6e6167 auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
       via  685876a auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
       via  c53828d s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
       via  2429bd6 s3:smb2_setinfo: fix memory leak in the defer_rename case
       via  27aa4d4 winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
       via  8782e06 kerberos auth info3 should contain resource group ids available from pac_logon
       via  fcc7112 docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
       via  645ec21 pidl: Make the compilation of PIDL producing the same results if the content hasn't change
       via  cbd98bf s3: smbd: Codenomicon crash in do_smb_load_module().
       via  251544b selftest: Change chgdcpass environment to use winbindd
       via  4bacf0d winbindd: Sync secrets.ldb into secrets.tdb on startup
       via  fc6074c winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC
       via  7896b84 selftest: Run winbind tests in chgdcpass environment
       via  4099e13 s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
       via  b02152f docs-xml: Update sharesec manpage to reflect current output
       via  94c5af4 selftest: Add test for sharesec command
       via  8fafa9d sharesec: Use non-numerical output for sharesec
       via  3e219f4 ctdb-ib: make sure the tevent_fd is removed before the fd is closed
       via  a66870b libcli/smb: make sure we remove the writev_send() request when a request is destroyed
       via  b909752 libcli/smb: add smb1 requests to the pending array before writev_send()
       via  1fdf3b3 libcli/smb: make sure the writev_send of smbXcli_conn_samba_suicide() is removed before closing the socket
       via  2eeecae libcli/smb: remove unused split of read_fd and write_fd
       via  92c456d libcli/smb: close the socket fd at the end of smbXcli_conn_disconnect()
       via  1b55fab libcli/smb: use tevent_req_received(req) in read_smb_recv()
       via  e34065b lib/async_req: remove the tevent_fd as early as possible via a wait_for_read_cleanup() hook
       via  4d10c2b lib/async_req: remove the tevent_fd as early as possible via a read_packet_cleanup() hook
       via  41b593a lib/async_req: use tevent_req_nomem/tevent_req_post in read_packet_send()
       via  cc01ff4 lib/async_req: s/result/req/ in read_packet_send()
       via  4b39759 lib/async_req: remove the tevent_fd as early as possible via a writev_cleanup() hook
       via  d7d9f4e lib/async_req: simplify async_connect_* using a _cleanup() hook
       via  ad8c901 lib/async_req: s/result/req/ in async_connect_send()
       via  65dc14c lib/async_req: remove unused sendto_{send,recv} and recvfrom_{send,recv}
       via  a9e2d2a s3:libsmb: convert nb_trans_send/recv internals to tdgram
       via  109e579 s3:libsmb: convert nb_packet_reader to tstream_* functions
       via  af62a4a s3:libsmb: convert nb_packet_client to tstream_* functions
       via  7d01a20 s3:libsmb: let nb_packet_server_destructor() explicitly destroy the tevent_fd
       via  5f6eed5 s3:libsmb: remove pending requests as early as possible via a smbsock_any_connect_cleanup() hook
       via  511674a s3:libsmb: remove subreqs as early as possible via a smbsock_connect_cleanup() hook
       via  e791b77 s3:libsmb: remove the cli_session_request as early as possible via a nb_connect_cleanup() hook
       via  c4c55a1 s3:lib/addrchange: make use of tdgram_* in addrchange_*()
       via  2bda2dd s3:lib/addrchange: look at the correct nl_pid in addrchange_done()
       via  8693ae9 s3:lib/background: make sure we destroy a pending read_packet_send() before closing the pipe fd
       via  2409e6d s3:wscript: move lib/util_tsock.c from 'TLDAP' to 'samba3util'
       via  d576029 s4:libcli/raw: make sure smbcli_transport_connect_send/recv correctly cleanup on error
       via  69a6b05 lib/tsocket: add tdgram_inet_udp_broadcast_socket()
       via  f9f27a9 lib/tsocket: add tdgram_bsd_existing_socket() helper function
       via  cc18cd2 lib: Add tevent_req_simple_recv_unix
       via  251141b Group creation: Add msSFU30Name only when --nis-domain was given
       via  aa658dc s3:param/loadparm fix testparm --show-all-parameters
       via  cb3eb21 tdb: version 1.3.6
       via  5f96713 lib/replace: remove unused HAVE_DECL_PTHREAD_{MUTEXATTR_SETROBUST,MUTEX_CONSISTENT}_NP checks
       via  862f50f lib/replace: fix PTHREAD_MUTEX_ROBUST fallback to PTHREAD_MUTEX_ROBUST_NP on solaris 11
       via  4bb5bea wafsamba: let CHECK_DECLS() find enum values
       via  669ed89 s3:wscript: remove signal related configure checks
       via  46fec0b lib/util: remove signal related configure checks
       via  8480d36 lib/replace: add signal related configure checks
       via  ec6b122 tdb: version 1.3.5
       via  35181ac tdb: introduce tdb_chainlock_read_nonblock(), a nonblock variant of tdb_chainlock_read()
       via  9ec7d7e Add set date to tdb manpages.
       via  346ef80 tdb: Do not build test binaries if it's not a standalone build
       via  7f07079 tdb: Fix CID 1034842 Resource leak
       via  49fb6e7 tdb: Fix CID 1034841 Resource leak
       via  a7cfaa8 smbd/trans2: add a useful diagnostic for files with bad encoding
       via  1ac2ee0 lib/util/charset: fix conversion failure logging
       via  3d1df8d vfs_fruit: add option veto_appledouble
       via  3209575 ctdb-locking: move all auto_mark logic into process_callbacks()
       via  0a6b40b ctdb-locking: make process_callbacks() more robust
       via  9579ef9 ctdb-locking: Add a comment to explain auto_mark usage
       via  faf635a ctdb-locking: Avoid resetting talloc destructor
       via  5e91991 ctdb-locking: Avoid memory leak in the failure case
       via  4216f06 ctdb-locking: Set destructor when lock_context is created
       via  f52066b ctdb-locking: Set the lock_ctx->request to NULL when request is freed
       via  4e65889 ctdb-locking: Avoid memory corruption in ctdb_lock_context_destructor
       via  a1d7c1b tevent: version 0.9.25
       via  2a6c505 pytevent: add a TeventTimer_Object_ref helper structure to make the code clearer
       via  bccf0d6 pytevent: remove const warnings using discard_const_p()
       via  cdcf907 pytevent: remove dead code TEVENT_DEPRECATED is never defined
       via  c11701f tevent.h: propose tstream_ versions of read_packet_send/recv and writev_send/recv
       via  722bd35 tevent/testsuite: make sure we cleanup tevent_fd structures in the correct order
       via  742bfc5 pytevent: Port to Python 3
       via  7ee5cb7 pytalloc: Improve timer wrapper, and test it
       via  a8bf805 pytevent: Define missing TeventFd_Type object
       via  622581d pytevent: Better error and reference handling
       via  e7ad0a7 tevent: fix access after free in tevent_common_check_signal()
       via  9a65763 tevent: add a note to tevent_add_fd()
       via  282802f lib: tevent: Fix compile error in Solaris ports backend.
       via  92f7b8e tevent: Fix CID 1035381 Unchecked return value
       via  c786ea6 smbd: Fix a use-after-free
       via  3f61d55 s3: libsmbclient: Re-resolving targetcli on every read/write/lseek/ftruncate/close is both incorrect and slow.
       via  97d9d0b s3-unix_msg: remove socket file after closing socket fd
       via  09e0734 tstream: Make socketpair nonblocking
       via  3f01e75 nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
       via  7a36a93 idmap_rfc2307: Fix wbinfo --gid-to-sid query
       via  ceb7c09 s4.2/fsmo.py: fixed fsmo transfer exception
       via  4233065 s4:lib/tls: fix build with gnutls 3.4
       via  8293292 s3: IPv6 enabled DNS connections for ADS client
       via  1adcb0e Add IPv6 support for determining FQDN during ADS join.
       via  aedee67 Add IPv6 support to ADS client side LDAP connects. Corrected format for IPv6 LDAP URI. Signed-off-by: David Holder <david.holder at erion.co.uk>
       via  ffc7481 s4:torture:smb2:compound: compound read and padding
       via  cf32189 s3:smb2: add padding to last command in compound requests
       via  83cc6d0 s3: lib: util: Ensure we read a hex number as %x, not %u.
       via  9a86ca9 s3-rpc_server: fix rpc_create_tcpip_sockets() processing of interfaces.
       via  5398e93 VERSION: Bump version up to 4.2.3...
      from  f312bf9 VERSION: Disable git snapshot for the 4.2.2 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       | 160 ++++++++-
 auth/gensec/gensec.c                               |  14 +
 auth/gensec/gensec_start.c                         |   6 +
 buildtools/wafsamba/samba_autoconf.py              |  13 +-
 ctdb/ib/ibwrapper.c                                |  21 +-
 ctdb/server/ctdb_lock.c                            |  49 +--
 docs-xml/manpages/sharesec.1.xml                   |  16 +-
 docs-xml/manpages/vfs_fruit.8.xml                  |  17 +
 docs-xml/smbdotconf/security/smbencrypt.xml        | 232 +++++++++++--
 lib/addns/dns.h                                    |   2 +-
 lib/addns/dnssock.c                                | 127 ++++---
 lib/async_req/async_sock.c                         | 369 +++++++--------------
 lib/async_req/async_sock.h                         |  12 -
 lib/replace/system/threads.h                       |   9 +-
 lib/replace/wscript                                |  15 +-
 lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.5.sigs}     |   1 +
 lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.6.sigs}     |   1 +
 lib/tdb/common/lock.c                              |   7 +
 lib/tdb/include/tdb.h                              |   1 +
 lib/tdb/man/tdbbackup.8.xml                        |   1 +
 lib/tdb/man/tdbdump.8.xml                          |   1 +
 lib/tdb/man/tdbrestore.8.xml                       |   1 +
 lib/tdb/man/tdbtool.8.xml                          |   1 +
 lib/tdb/test/run-incompatible.c                    |   8 +-
 lib/tdb/test/run-open-during-transaction.c         |   1 +
 lib/tdb/wscript                                    |  25 +-
 .../ABI/{tevent-0.9.21.sigs => tevent-0.9.25.sigs} |   0
 lib/tevent/bindings.py                             |  52 ++-
 lib/tevent/pytevent.c                              | 341 +++++++++++++------
 lib/tevent/testsuite.c                             |   8 +-
 lib/tevent/tevent.h                                |   9 +-
 lib/tevent/tevent_port.c                           |   3 +-
 lib/tevent/tevent_signal.c                         |   2 +-
 lib/tevent/wscript                                 |   2 +-
 lib/tsocket/tsocket.h                              |  71 ++++
 lib/tsocket/tsocket_bsd.c                          |  54 +++
 lib/util/charset/convert_string.c                  |   4 +-
 lib/util/modules.c                                 |   5 +
 lib/util/tevent_unix.c                             |  13 +
 lib/util/tevent_unix.h                             |   1 +
 lib/util/wscript_configure                         |   2 -
 libcli/named_pipe_auth/npa_tstream.c               |  25 +-
 libcli/smb/read_smb.c                              |   2 +
 libcli/smb/smbXcli_base.c                          | 124 ++++---
 librpc/idl/dcerpc.idl                              |   1 +
 librpc/rpc/rpc_common.h                            |   5 +
 nsswitch/tests/test_idmap_rfc2307.sh               |  72 +++-
 pidl/lib/Parse/Pidl/Dump.pm                        |   4 +-
 pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm            |   2 +-
 pidl/lib/Parse/Pidl/Samba4/Header.pm               |   2 +-
 pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm           |   2 +-
 pidl/lib/Parse/Pidl/Samba4/Python.pm               |  48 ++-
 pidl/lib/Parse/Pidl/Util.pm                        |   1 +
 pidl/lib/Parse/Pidl/Wireshark/NDR.pm               |   6 +-
 python/samba/netcmd/fsmo.py                        |   1 -
 python/samba/samdb.py                              |   3 +-
 selftest/knownfail                                 |   2 +
 selftest/target/Samba4.pm                          |   7 +-
 source3/auth/auth_domain.c                         |   7 +-
 source3/include/libsmb_internal.h                  |   5 +
 source3/lib/addrchange.c                           |  91 +++--
 source3/lib/background.c                           |   8 +
 source3/lib/unix_msg/unix_msg.c                    |   2 +-
 source3/lib/util.c                                 |  54 +--
 source3/lib/util_sd.c                              |   2 +-
 source3/libads/ldap.c                              |   8 +-
 source3/librpc/rpc/dcerpc.h                        |   2 +-
 source3/librpc/rpc/dcerpc_helpers.c                |  26 +-
 source3/libsmb/libsmb_file.c                       | 202 +----------
 source3/libsmb/namequery.c                         | 102 ++++--
 source3/libsmb/smbsock_connect.c                   | 101 +++++-
 source3/libsmb/unexpected.c                        | 203 ++++++------
 source3/modules/vfs_fruit.c                        |  64 ++--
 source3/param/loadparm.c                           |   2 +-
 source3/rpc_client/cli_pipe.c                      |   1 -
 source3/rpc_server/rpc_sock_helper.c               |   2 +-
 source3/rpc_server/srv_pipe.c                      |  28 +-
 source3/script/tests/test_sharesec.sh              | 111 +++++++
 source3/selftest/tests.py                          |   5 +-
 source3/smbd/server_exit.c                         |   5 +-
 source3/smbd/smb2_server.c                         |  16 +-
 source3/smbd/smb2_setinfo.c                        |   9 +
 source3/smbd/trans2.c                              |  12 +-
 source3/utils/sharesec.c                           |   4 +-
 source3/winbindd/idmap_rfc2307.c                   |   2 +-
 source3/winbindd/winbindd_dual.c                   |  50 ++-
 source3/winbindd/winbindd_pam.c                    |  14 +-
 source3/winbindd/winbindd_util.c                   |  85 ++++-
 source3/wscript                                    |   4 +-
 source3/wscript_build                              |   9 +-
 source4/lib/http/http.c                            |   4 +-
 source4/lib/tls/tls.c                              |   3 +-
 source4/lib/tls/tls_tstream.c                      |   7 +-
 source4/libcli/raw/clisocket.c                     |  59 +++-
 source4/librpc/rpc/dcerpc.c                        |  16 +-
 source4/rpc_server/common/reply.c                  |   9 +-
 source4/rpc_server/dcesrv_auth.c                   |   8 +-
 source4/selftest/tests.py                          |  11 +-
 source4/torture/smb2/compound.c                    | 239 +++++++++++++
 source4/torture/vfs/fruit.c                        |  92 +++++
 101 files changed, 2540 insertions(+), 1130 deletions(-)
 copy lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.5.sigs} (98%)
 copy lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.6.sigs} (98%)
 copy lib/tevent/ABI/{tevent-0.9.21.sigs => tevent-0.9.25.sigs} (100%)
 create mode 100755 source3/script/tests/test_sharesec.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index c425ebc..5485ba5 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a626fd2..c56935c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,160 @@
                    =============================
+                   Release Notes for Samba 4.2.3
+                           July 14, 2015
+                   =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.2:
+--------------------
+
+o   Michael Adam <obnox at samba.org>
+    * BUG 11366: docs: Overhaul the description of "smb encrypt" to include SMB3
+      encryption.
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 11068: s3: lib: util: Ensure we read a hex number as %x, not %u.
+    * BUG 11295: Excessive cli_resolve_path() usage can slow down transmission.
+    * BUG 11328: winbindd: winbindd_raw_kerberos_login - ensure logon_info
+      exists in PAC.
+    * BUG 11339: s3: smbd: Use separate flag to track
+      become_root()/unbecome_root() state.
+    * BUG 11342: s3: smbd: Codenomicon crash in do_smb_load_module().
+
+
+o   Christian Ambach <ambi at samba.org>
+    * BUG 11170: s3:param/loadparm: Fix 'testparm --show-all-parameters'.
+
+
+o   Andrew Bartlett <abartlet at samba.org>
+    * BUG 10991: winbindd: Sync secrets.ldb into secrets.tdb on startup.
+
+
+o   Ralph Boehme <slow at samba.org>
+    * BUG 11277: s3:smb2: Add padding to last command in compound requests.
+    * BUG 11305: vfs_fruit: Add option "veto_appledouble".
+    * BUG 11323: smbd/trans2: Add a useful diagnostic for files with bad
+      encoding.
+    * BUG 11363: vfs_fruit: Check offset and length for AFP_AfpInfo read
+      requests.
+    * BUG 11371: ncacn_http: Fix GNUism.
+
+
+o   Günther Deschner <gd at samba.org>
+    * BUG 11245: s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of
+      interfaces.
+
+
+o   Alexander Drozdov <al.drozdov at gmail.com>
+    * BUG 11331: tdb: version 1.3.5: ABI change: tdb_chainlock_read_nonblock()
+      has been added.
+
+
+o   Evangelos Foutras <evangelos at foutrelis.com>
+    * BUG 8780: s4:lib/tls: Fix build with gnutls 3.4.
+
+
+o   David Holder <david.holder at erion.co.uk>
+    * BUG 11281: Add IPv6 support to ADS client side LDAP connects.
+    * BUG 11282: Add IPv6 support for determining FQDN during ADS join.
+    * BUG 11283: s3: IPv6 enabled DNS connections for ADS client.
+
+
+o   Steve Howells <steve.howells at moscowfirst.com>
+    * BUG 10924: s4.2/fsmo.py: Fixed fsmo transfer exception.
+
+
+o   Amitay Isaacs <amitay at gmail.com>
+    * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 11218: smbd: Fix a use-after-free.
+    * BUG 11312: tstream: Make socketpair nonblocking.
+    * BUG 11330: tevent: Fix CID 1035381 Unchecked return value.
+    * BUG 11331: tdb: Fix CID 1034842 and 1034841 Resource leaks.
+
+
+o   Stefan Metzmacher <metze at samba.org>
+    * BUG 11061: Logon via MS Remote Desktop hangs.
+    * BUG 11141: tevent: Add a note to tevent_add_fd().
+    * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+    * BUG 11316: tevent_fd needs to be destroyed before closing the fd.
+    * BUG 11319: Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’
+      undeclared".
+    * BUG 11326: Robust mutex support broken in 1.3.5.
+    * BUG 11329: s3:smb2_setinfo: Fix memory leak in the defer_rename case.
+    * BUG 11330: Backport tevent-0.9.25.
+    * BUG 11331: Backport tdb-1.3.6.
+    * BUG 11367: s3:auth_domain: Fix talloc problem in
+      connect_to_domain_password_server().
+
+
+o   Marc Muehlfeld <mmuehlfeld at samba.org>
+    * BUG 11315: Group creation: Add msSFU30Name only when --nis-domain was
+      given.
+
+o   Matthieu Patou <mat at matws.net>
+    * BUG 11356: pidl: Make the compilation of PIDL producing the same results
+      if the content hasn't change.
+
+
+o   Noel Power <noel.power at suse.com>
+    * BUG 11328: Kerberos auth info3 should contain resource group ids available
+      from pac_logon.
+
+
+o   Gordon Ross <gordon.w.ross at gmail.com>
+    * BUG 11330: lib: tevent: Fix compile error in Solaris ports backend.
+
+
+o   Christof Schmitt <cs at samba.org>
+    * BUG 11313: idmap_rfc2307: Fix wbinfo '--gid-to-sid' query.
+    * BUG 11324: Change sharesec output back to previous format.
+
+
+o   Uri Simchoni <urisimchoni at gmail.com>
+    * BUG 11358: winbindd: Disconnect child process if request is cancelled at
+      main process.
+
+
+o   Petr Viktorin <pviktori at redhat.com>
+    * BUG 11330: Backport tevent-0.9.25.
+
+
+o   Youzhong Yang <yyang at mathworks.com>
+    * BUG 11217: s3-unix_msg: Remove socket file after closing socket fd.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+                   =============================
                    Release Notes for Samba 4.2.2
                            May 27, 2015
                    =============================
@@ -130,10 +286,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
 
-======================================================================
 
                    =============================
                    Release Notes for Samba 4.2.1
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 8b5c02d..01cceaf 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -41,9 +41,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
 	if (!gensec_security->ops->unseal_packet) {
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	return gensec_security->ops->unseal_packet(gensec_security,
 						   data, length,
@@ -81,6 +87,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
 }
@@ -109,6 +118,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		return 0;
 	}
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+			return 0;
+		}
+	}
 
 	return gensec_security->ops->sig_size(gensec_security, data_size);
 }
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 9910f1a..b1bc1b9 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -716,6 +716,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	gensec_security->dcerpc_auth_level = auth_level;
+	/*
+	 * We need to reset sign/seal in order to reset it.
+	 * We may got some default features inherited by the credentials
+	 */
+	gensec_security->want_features &= ~GENSEC_FEATURE_SIGN;
+	gensec_security->want_features &= ~GENSEC_FEATURE_SEAL;
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
 	if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cb33630..0b74adc 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -229,7 +229,18 @@ def CHECK_DECLS(conf, vars, reverse=False, headers=None, always=False):
                               headers=headers,
                               msg='Checking for declaration of %s' % v,
                               always=always):
-            ret = False
+            if not CHECK_CODE(conf,
+                      '''
+                      return (int)%s;
+                      ''' % (v),
+                      execute=False,
+                      link=False,
+                      msg='Checking for declaration of %s (as enum)' % v,
+                      local_include=False,
+                      headers=headers,
+                      define=define,
+                      always=always):
+                ret = False
     return ret
 
 
diff --git a/ctdb/ib/ibwrapper.c b/ctdb/ib/ibwrapper.c
index 3daab3e..51d39da 100644
--- a/ctdb/ib/ibwrapper.c
+++ b/ctdb/ib/ibwrapper.c
@@ -134,16 +134,16 @@ static int ibw_ctx_priv_destruct(struct ibw_ctx_priv *pctx)
 {
 	DEBUG(DEBUG_DEBUG, ("ibw_ctx_priv_destruct(%p)\n", pctx));
 
+	/*
+	 * tevent_fd must be removed before the fd is closed
+	 */
+	TALLOC_FREE(pctx->cm_channel_event);
+
 	/* destroy cm */
 	if (pctx->cm_channel) {
 		rdma_destroy_event_channel(pctx->cm_channel);
 		pctx->cm_channel = NULL;
 	}
-	if (pctx->cm_channel_event) {
-		/* TODO: do we have to do this here? */
-		talloc_free(pctx->cm_channel_event);
-		pctx->cm_channel_event = NULL;
-	}
 	if (pctx->cm_id) {
 		rdma_destroy_id(pctx->cm_id);
 		pctx->cm_id = NULL;
@@ -166,6 +166,11 @@ static int ibw_conn_priv_destruct(struct ibw_conn_priv *pconn)
 	/* pconn->wr_index is freed by talloc */
 	/* pconn->wr_index[i] are freed by talloc */
 
+	/*
+	 * tevent_fd must be removed before the fd is closed
+	 */
+	TALLOC_FREE(pconn->verbs_channel_event);
+
 	/* destroy verbs */
 	if (pconn->cm_id!=NULL && pconn->cm_id->qp!=NULL) {
 		rdma_destroy_qp(pconn->cm_id);
@@ -182,12 +187,6 @@ static int ibw_conn_priv_destruct(struct ibw_conn_priv *pconn)
 		pconn->verbs_channel = NULL;
 	}
 
-	/* must be freed here because its order is important */
-	if (pconn->verbs_channel_event) {
-		talloc_free(pconn->verbs_channel_event);
-		pconn->verbs_channel_event = NULL;
-	}
-
 	/* free memory regions */
 	ibw_free_mr(&pconn->buf_send, &pconn->mr_send);
 	ibw_free_mr(&pconn->buf_recv, &pconn->mr_recv);
diff --git a/ctdb/server/ctdb_lock.c b/ctdb/server/ctdb_lock.c
index 7959d40..5b63d1e 100644
--- a/ctdb/server/ctdb_lock.c
+++ b/ctdb/server/ctdb_lock.c
@@ -41,6 +41,10 @@
  * ctdb_lock_alldb()       - get a lock on all DBs
  *
  *  auto_mark              - whether to mark/unmark DBs in before/after callback
+ *                           = false is used for freezing databases for
+ *                           recovery since the recovery cannot start till
+ *                           databases are locked on all the nodes.
+ *                           = true is used for record locks.
  */
 
 enum lock_type {
@@ -312,7 +316,13 @@ static int ctdb_lock_context_destructor(struct lock_context *lock_ctx)
  */
 static int ctdb_lock_request_destructor(struct lock_request *lock_request)
 {
+	if (lock_request->lctx == NULL) {
+		return 0;
+	}
+
+	lock_request->lctx->request = NULL;
 	TALLOC_FREE(lock_request->lctx);
+
 	return 0;
 }
 
@@ -324,8 +334,9 @@ static int ctdb_lock_request_destructor(struct lock_request *lock_request)
 static void process_callbacks(struct lock_context *lock_ctx, bool locked)
 {
 	struct lock_request *request;
+	bool auto_mark = lock_ctx->auto_mark;
 
-	if (lock_ctx->auto_mark && locked) {
+	if (auto_mark && locked) {
 		switch (lock_ctx->type) {
 		case LOCK_RECORD:
 			tdb_chainlock_mark(lock_ctx->ctdb_db->ltdb->tdb, lock_ctx->key);
@@ -346,13 +357,23 @@ static void process_callbacks(struct lock_context *lock_ctx, bool locked)
 	}
 
 	request = lock_ctx->request;
-	if (lock_ctx->auto_mark) {
-		/* Reset the destructor, so request is not removed from the list */
-		talloc_set_destructor(request, NULL);
+	if (auto_mark) {
+		/* Since request may be freed in the callback, unset the lock
+		 * context, so request destructor will not free lock context.
+		 */
+		request->lctx = NULL;
 	}
+
+	/* Since request may be freed in the callback, unset the request */
+	lock_ctx->request = NULL;
+
 	request->callback(request->private_data, locked);
 
-	if (lock_ctx->auto_mark && locked) {
+	if (!auto_mark) {
+		return;
+	}
+
+	if (locked) {
 		switch (lock_ctx->type) {
 		case LOCK_RECORD:
 			tdb_chainlock_unmark(lock_ctx->ctdb_db->ltdb->tdb, lock_ctx->key);
@@ -371,6 +392,8 @@ static void process_callbacks(struct lock_context *lock_ctx, bool locked)
 			break;
 		}
 	}
+
+	talloc_free(lock_ctx);
 }
 
 
@@ -416,7 +439,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
 			    void *private_data)
 {
 	struct lock_context *lock_ctx;
-	TALLOC_CTX *tmp_ctx = NULL;
 	char c;
 	bool locked;
 	double t;
@@ -430,11 +452,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
 	t = timeval_elapsed(&lock_ctx->start_time);
 	id = lock_bucket_id(t);
 
-	if (lock_ctx->auto_mark) {
-		tmp_ctx = talloc_new(ev);
-		talloc_steal(tmp_ctx, lock_ctx);
-	}
-
 	/* Read the status from the child process */
 	if (sys_read(lock_ctx->fd[0], &c, 1) != 1) {
 		locked = false;
@@ -466,10 +483,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
 	}
 
 	process_callbacks(lock_ctx, locked);
-
-	if (lock_ctx->auto_mark) {
-		talloc_free(tmp_ctx);
-	}
 }
 
 
@@ -805,8 +818,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
 	/* Parent process */
 	close(lock_ctx->fd[1]);
 
-	talloc_set_destructor(lock_ctx, ctdb_lock_context_destructor);
-
 	talloc_free(tmp_ctx);
 
 	/* Set up timeout handler */
@@ -818,7 +829,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
 	if (lock_ctx->ttimer == NULL) {
 		ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
 		lock_ctx->child = -1;
-		talloc_set_destructor(lock_ctx, NULL);
 		close(lock_ctx->fd[0]);
 		return;
 	}
@@ -834,7 +844,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
 		TALLOC_FREE(lock_ctx->ttimer);
 		ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
 		lock_ctx->child = -1;
-		talloc_set_destructor(lock_ctx, NULL);
 		close(lock_ctx->fd[0]);
 		return;
 	}
@@ -899,6 +908,7 @@ static struct lock_request *ctdb_lock_internal(TALLOC_CTX *mem_ctx,
 		if (lock_ctx->key.dptr == NULL) {
 			DEBUG(DEBUG_ERR, (__location__ "Memory allocation error\n"));
 			talloc_free(lock_ctx);
+			talloc_free(request);
 			return NULL;
 		}
 		lock_ctx->key_hash = ctdb_hash(&key);
@@ -932,6 +942,7 @@ static struct lock_request *ctdb_lock_internal(TALLOC_CTX *mem_ctx,
 	request->private_data = private_data;
 
 	talloc_set_destructor(request, ctdb_lock_request_destructor);
+	talloc_set_destructor(lock_ctx, ctdb_lock_context_destructor);
 
 	ctdb_lock_schedule(ctdb);
 
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
index 6a201cc..7e13d49 100644
--- a/docs-xml/manpages/sharesec.1.xml
+++ b/docs-xml/manpages/sharesec.1.xml
@@ -154,10 +154,9 @@
 	If not specified it defaults to 1. Using values other than 1 may
 	cause strange behaviour.</para>
 
-	<para>The owner and group specify the owner and group SIDs for the
-	object. If a SID in the format S-1-x-y-z is specified this is used,
-	otherwise the name specified is resolved using the server on which
-	the file or directory resides.</para>
+	<para>The owner and group specify the owner and group SIDs for
+	the object. Share ACLs do not specify an owner or a group, so
+	these fields are empty.</para>
 
 	<para>ACLs specify permissions granted to the SID. This SID
 	can be specified in S-1-x-y-z format or as a name in which case
@@ -227,10 +226,11 @@
 	<programlisting>
 	host:~ # sharesec share -v
 	REVISION:1
-	OWNER:(NULL SID)
-	GROUP:(NULL SID)
-	ACL:S-1-1-0:ALLOWED/0/0x101f01ff
-	ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+	CONTROL:SR|DP


-- 
Samba Shared Repository



More information about the samba-cvs mailing list