[SCM] Samba Shared Repository - branch v4-2-stable updated
Karolin Seeger
kseeger at samba.org
Tue Jul 14 10:48:37 UTC 2015
The branch, v4-2-stable has been updated
via baf4349 VERSION: Disable git snapshots for the 4.2.3 release.
via d770ed8 WHATSNEW: Add release notes for Samba 4.2.3.
via 74ae99f ncacn_http: fix GNUism
via 4c8b66e s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
via 0691890 vfs_fruit: check offset and length for AFP_AfpInfo read requests
via a70531c winbindd: disconnect child process if request is cancelled at main process
via 1f51989 s4:selftest: also run rpc.winreg with kerberos and all possible auth options
via 05a0995 s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
via 30b9074 s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
via ae37b34 s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
via eac0b78 s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
via a0fbd5e s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
via 1dae656 s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
via f9fce60 s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
via 97bedee s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
via db644ad s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
via 452a2f8 s3:rpc_server: remove pad handling from api_pipe_alter_context()
via 8249470 s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
via dba57bd s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
via 50d7029 librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
via 3467356 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
via f6e6167 auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
via 685876a auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
via c53828d s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
via 2429bd6 s3:smb2_setinfo: fix memory leak in the defer_rename case
via 27aa4d4 winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
via 8782e06 kerberos auth info3 should contain resource group ids available from pac_logon
via fcc7112 docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
via 645ec21 pidl: Make the compilation of PIDL producing the same results if the content hasn't change
via cbd98bf s3: smbd: Codenomicon crash in do_smb_load_module().
via 251544b selftest: Change chgdcpass environment to use winbindd
via 4bacf0d winbindd: Sync secrets.ldb into secrets.tdb on startup
via fc6074c winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC
via 7896b84 selftest: Run winbind tests in chgdcpass environment
via 4099e13 s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
via b02152f docs-xml: Update sharesec manpage to reflect current output
via 94c5af4 selftest: Add test for sharesec command
via 8fafa9d sharesec: Use non-numerical output for sharesec
via 3e219f4 ctdb-ib: make sure the tevent_fd is removed before the fd is closed
via a66870b libcli/smb: make sure we remove the writev_send() request when a request is destroyed
via b909752 libcli/smb: add smb1 requests to the pending array before writev_send()
via 1fdf3b3 libcli/smb: make sure the writev_send of smbXcli_conn_samba_suicide() is removed before closing the socket
via 2eeecae libcli/smb: remove unused split of read_fd and write_fd
via 92c456d libcli/smb: close the socket fd at the end of smbXcli_conn_disconnect()
via 1b55fab libcli/smb: use tevent_req_received(req) in read_smb_recv()
via e34065b lib/async_req: remove the tevent_fd as early as possible via a wait_for_read_cleanup() hook
via 4d10c2b lib/async_req: remove the tevent_fd as early as possible via a read_packet_cleanup() hook
via 41b593a lib/async_req: use tevent_req_nomem/tevent_req_post in read_packet_send()
via cc01ff4 lib/async_req: s/result/req/ in read_packet_send()
via 4b39759 lib/async_req: remove the tevent_fd as early as possible via a writev_cleanup() hook
via d7d9f4e lib/async_req: simplify async_connect_* using a _cleanup() hook
via ad8c901 lib/async_req: s/result/req/ in async_connect_send()
via 65dc14c lib/async_req: remove unused sendto_{send,recv} and recvfrom_{send,recv}
via a9e2d2a s3:libsmb: convert nb_trans_send/recv internals to tdgram
via 109e579 s3:libsmb: convert nb_packet_reader to tstream_* functions
via af62a4a s3:libsmb: convert nb_packet_client to tstream_* functions
via 7d01a20 s3:libsmb: let nb_packet_server_destructor() explicitly destroy the tevent_fd
via 5f6eed5 s3:libsmb: remove pending requests as early as possible via a smbsock_any_connect_cleanup() hook
via 511674a s3:libsmb: remove subreqs as early as possible via a smbsock_connect_cleanup() hook
via e791b77 s3:libsmb: remove the cli_session_request as early as possible via a nb_connect_cleanup() hook
via c4c55a1 s3:lib/addrchange: make use of tdgram_* in addrchange_*()
via 2bda2dd s3:lib/addrchange: look at the correct nl_pid in addrchange_done()
via 8693ae9 s3:lib/background: make sure we destroy a pending read_packet_send() before closing the pipe fd
via 2409e6d s3:wscript: move lib/util_tsock.c from 'TLDAP' to 'samba3util'
via d576029 s4:libcli/raw: make sure smbcli_transport_connect_send/recv correctly cleanup on error
via 69a6b05 lib/tsocket: add tdgram_inet_udp_broadcast_socket()
via f9f27a9 lib/tsocket: add tdgram_bsd_existing_socket() helper function
via cc18cd2 lib: Add tevent_req_simple_recv_unix
via 251141b Group creation: Add msSFU30Name only when --nis-domain was given
via aa658dc s3:param/loadparm fix testparm --show-all-parameters
via cb3eb21 tdb: version 1.3.6
via 5f96713 lib/replace: remove unused HAVE_DECL_PTHREAD_{MUTEXATTR_SETROBUST,MUTEX_CONSISTENT}_NP checks
via 862f50f lib/replace: fix PTHREAD_MUTEX_ROBUST fallback to PTHREAD_MUTEX_ROBUST_NP on solaris 11
via 4bb5bea wafsamba: let CHECK_DECLS() find enum values
via 669ed89 s3:wscript: remove signal related configure checks
via 46fec0b lib/util: remove signal related configure checks
via 8480d36 lib/replace: add signal related configure checks
via ec6b122 tdb: version 1.3.5
via 35181ac tdb: introduce tdb_chainlock_read_nonblock(), a nonblock variant of tdb_chainlock_read()
via 9ec7d7e Add set date to tdb manpages.
via 346ef80 tdb: Do not build test binaries if it's not a standalone build
via 7f07079 tdb: Fix CID 1034842 Resource leak
via 49fb6e7 tdb: Fix CID 1034841 Resource leak
via a7cfaa8 smbd/trans2: add a useful diagnostic for files with bad encoding
via 1ac2ee0 lib/util/charset: fix conversion failure logging
via 3d1df8d vfs_fruit: add option veto_appledouble
via 3209575 ctdb-locking: move all auto_mark logic into process_callbacks()
via 0a6b40b ctdb-locking: make process_callbacks() more robust
via 9579ef9 ctdb-locking: Add a comment to explain auto_mark usage
via faf635a ctdb-locking: Avoid resetting talloc destructor
via 5e91991 ctdb-locking: Avoid memory leak in the failure case
via 4216f06 ctdb-locking: Set destructor when lock_context is created
via f52066b ctdb-locking: Set the lock_ctx->request to NULL when request is freed
via 4e65889 ctdb-locking: Avoid memory corruption in ctdb_lock_context_destructor
via a1d7c1b tevent: version 0.9.25
via 2a6c505 pytevent: add a TeventTimer_Object_ref helper structure to make the code clearer
via bccf0d6 pytevent: remove const warnings using discard_const_p()
via cdcf907 pytevent: remove dead code TEVENT_DEPRECATED is never defined
via c11701f tevent.h: propose tstream_ versions of read_packet_send/recv and writev_send/recv
via 722bd35 tevent/testsuite: make sure we cleanup tevent_fd structures in the correct order
via 742bfc5 pytevent: Port to Python 3
via 7ee5cb7 pytalloc: Improve timer wrapper, and test it
via a8bf805 pytevent: Define missing TeventFd_Type object
via 622581d pytevent: Better error and reference handling
via e7ad0a7 tevent: fix access after free in tevent_common_check_signal()
via 9a65763 tevent: add a note to tevent_add_fd()
via 282802f lib: tevent: Fix compile error in Solaris ports backend.
via 92f7b8e tevent: Fix CID 1035381 Unchecked return value
via c786ea6 smbd: Fix a use-after-free
via 3f61d55 s3: libsmbclient: Re-resolving targetcli on every read/write/lseek/ftruncate/close is both incorrect and slow.
via 97d9d0b s3-unix_msg: remove socket file after closing socket fd
via 09e0734 tstream: Make socketpair nonblocking
via 3f01e75 nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
via 7a36a93 idmap_rfc2307: Fix wbinfo --gid-to-sid query
via ceb7c09 s4.2/fsmo.py: fixed fsmo transfer exception
via 4233065 s4:lib/tls: fix build with gnutls 3.4
via 8293292 s3: IPv6 enabled DNS connections for ADS client
via 1adcb0e Add IPv6 support for determining FQDN during ADS join.
via aedee67 Add IPv6 support to ADS client side LDAP connects. Corrected format for IPv6 LDAP URI. Signed-off-by: David Holder <david.holder at erion.co.uk>
via ffc7481 s4:torture:smb2:compound: compound read and padding
via cf32189 s3:smb2: add padding to last command in compound requests
via 83cc6d0 s3: lib: util: Ensure we read a hex number as %x, not %u.
via 9a86ca9 s3-rpc_server: fix rpc_create_tcpip_sockets() processing of interfaces.
via 5398e93 VERSION: Bump version up to 4.2.3...
from f312bf9 VERSION: Disable git snapshot for the 4.2.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 160 ++++++++-
auth/gensec/gensec.c | 14 +
auth/gensec/gensec_start.c | 6 +
buildtools/wafsamba/samba_autoconf.py | 13 +-
ctdb/ib/ibwrapper.c | 21 +-
ctdb/server/ctdb_lock.c | 49 +--
docs-xml/manpages/sharesec.1.xml | 16 +-
docs-xml/manpages/vfs_fruit.8.xml | 17 +
docs-xml/smbdotconf/security/smbencrypt.xml | 232 +++++++++++--
lib/addns/dns.h | 2 +-
lib/addns/dnssock.c | 127 ++++---
lib/async_req/async_sock.c | 369 +++++++--------------
lib/async_req/async_sock.h | 12 -
lib/replace/system/threads.h | 9 +-
lib/replace/wscript | 15 +-
lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.5.sigs} | 1 +
lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.6.sigs} | 1 +
lib/tdb/common/lock.c | 7 +
lib/tdb/include/tdb.h | 1 +
lib/tdb/man/tdbbackup.8.xml | 1 +
lib/tdb/man/tdbdump.8.xml | 1 +
lib/tdb/man/tdbrestore.8.xml | 1 +
lib/tdb/man/tdbtool.8.xml | 1 +
lib/tdb/test/run-incompatible.c | 8 +-
lib/tdb/test/run-open-during-transaction.c | 1 +
lib/tdb/wscript | 25 +-
.../ABI/{tevent-0.9.21.sigs => tevent-0.9.25.sigs} | 0
lib/tevent/bindings.py | 52 ++-
lib/tevent/pytevent.c | 341 +++++++++++++------
lib/tevent/testsuite.c | 8 +-
lib/tevent/tevent.h | 9 +-
lib/tevent/tevent_port.c | 3 +-
lib/tevent/tevent_signal.c | 2 +-
lib/tevent/wscript | 2 +-
lib/tsocket/tsocket.h | 71 ++++
lib/tsocket/tsocket_bsd.c | 54 +++
lib/util/charset/convert_string.c | 4 +-
lib/util/modules.c | 5 +
lib/util/tevent_unix.c | 13 +
lib/util/tevent_unix.h | 1 +
lib/util/wscript_configure | 2 -
libcli/named_pipe_auth/npa_tstream.c | 25 +-
libcli/smb/read_smb.c | 2 +
libcli/smb/smbXcli_base.c | 124 ++++---
librpc/idl/dcerpc.idl | 1 +
librpc/rpc/rpc_common.h | 5 +
nsswitch/tests/test_idmap_rfc2307.sh | 72 +++-
pidl/lib/Parse/Pidl/Dump.pm | 4 +-
pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/Header.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/Python.pm | 48 ++-
pidl/lib/Parse/Pidl/Util.pm | 1 +
pidl/lib/Parse/Pidl/Wireshark/NDR.pm | 6 +-
python/samba/netcmd/fsmo.py | 1 -
python/samba/samdb.py | 3 +-
selftest/knownfail | 2 +
selftest/target/Samba4.pm | 7 +-
source3/auth/auth_domain.c | 7 +-
source3/include/libsmb_internal.h | 5 +
source3/lib/addrchange.c | 91 +++--
source3/lib/background.c | 8 +
source3/lib/unix_msg/unix_msg.c | 2 +-
source3/lib/util.c | 54 +--
source3/lib/util_sd.c | 2 +-
source3/libads/ldap.c | 8 +-
source3/librpc/rpc/dcerpc.h | 2 +-
source3/librpc/rpc/dcerpc_helpers.c | 26 +-
source3/libsmb/libsmb_file.c | 202 +----------
source3/libsmb/namequery.c | 102 ++++--
source3/libsmb/smbsock_connect.c | 101 +++++-
source3/libsmb/unexpected.c | 203 ++++++------
source3/modules/vfs_fruit.c | 64 ++--
source3/param/loadparm.c | 2 +-
source3/rpc_client/cli_pipe.c | 1 -
source3/rpc_server/rpc_sock_helper.c | 2 +-
source3/rpc_server/srv_pipe.c | 28 +-
source3/script/tests/test_sharesec.sh | 111 +++++++
source3/selftest/tests.py | 5 +-
source3/smbd/server_exit.c | 5 +-
source3/smbd/smb2_server.c | 16 +-
source3/smbd/smb2_setinfo.c | 9 +
source3/smbd/trans2.c | 12 +-
source3/utils/sharesec.c | 4 +-
source3/winbindd/idmap_rfc2307.c | 2 +-
source3/winbindd/winbindd_dual.c | 50 ++-
source3/winbindd/winbindd_pam.c | 14 +-
source3/winbindd/winbindd_util.c | 85 ++++-
source3/wscript | 4 +-
source3/wscript_build | 9 +-
source4/lib/http/http.c | 4 +-
source4/lib/tls/tls.c | 3 +-
source4/lib/tls/tls_tstream.c | 7 +-
source4/libcli/raw/clisocket.c | 59 +++-
source4/librpc/rpc/dcerpc.c | 16 +-
source4/rpc_server/common/reply.c | 9 +-
source4/rpc_server/dcesrv_auth.c | 8 +-
source4/selftest/tests.py | 11 +-
source4/torture/smb2/compound.c | 239 +++++++++++++
source4/torture/vfs/fruit.c | 92 +++++
101 files changed, 2540 insertions(+), 1130 deletions(-)
copy lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.5.sigs} (98%)
copy lib/tdb/ABI/{tdb-1.3.1.sigs => tdb-1.3.6.sigs} (98%)
copy lib/tevent/ABI/{tevent-0.9.21.sigs => tevent-0.9.25.sigs} (100%)
create mode 100755 source3/script/tests/test_sharesec.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c425ebc..5485ba5 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a626fd2..c56935c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,160 @@
=============================
+ Release Notes for Samba 4.2.3
+ July 14, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.2:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 11366: docs: Overhaul the description of "smb encrypt" to include SMB3
+ encryption.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11068: s3: lib: util: Ensure we read a hex number as %x, not %u.
+ * BUG 11295: Excessive cli_resolve_path() usage can slow down transmission.
+ * BUG 11328: winbindd: winbindd_raw_kerberos_login - ensure logon_info
+ exists in PAC.
+ * BUG 11339: s3: smbd: Use separate flag to track
+ become_root()/unbecome_root() state.
+ * BUG 11342: s3: smbd: Codenomicon crash in do_smb_load_module().
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 11170: s3:param/loadparm: Fix 'testparm --show-all-parameters'.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 10991: winbindd: Sync secrets.ldb into secrets.tdb on startup.
+
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 11277: s3:smb2: Add padding to last command in compound requests.
+ * BUG 11305: vfs_fruit: Add option "veto_appledouble".
+ * BUG 11323: smbd/trans2: Add a useful diagnostic for files with bad
+ encoding.
+ * BUG 11363: vfs_fruit: Check offset and length for AFP_AfpInfo read
+ requests.
+ * BUG 11371: ncacn_http: Fix GNUism.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 11245: s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of
+ interfaces.
+
+
+o Alexander Drozdov <al.drozdov at gmail.com>
+ * BUG 11331: tdb: version 1.3.5: ABI change: tdb_chainlock_read_nonblock()
+ has been added.
+
+
+o Evangelos Foutras <evangelos at foutrelis.com>
+ * BUG 8780: s4:lib/tls: Fix build with gnutls 3.4.
+
+
+o David Holder <david.holder at erion.co.uk>
+ * BUG 11281: Add IPv6 support to ADS client side LDAP connects.
+ * BUG 11282: Add IPv6 support for determining FQDN during ADS join.
+ * BUG 11283: s3: IPv6 enabled DNS connections for ADS client.
+
+
+o Steve Howells <steve.howells at moscowfirst.com>
+ * BUG 10924: s4.2/fsmo.py: Fixed fsmo transfer exception.
+
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 11218: smbd: Fix a use-after-free.
+ * BUG 11312: tstream: Make socketpair nonblocking.
+ * BUG 11330: tevent: Fix CID 1035381 Unchecked return value.
+ * BUG 11331: tdb: Fix CID 1034842 and 1034841 Resource leaks.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11061: Logon via MS Remote Desktop hangs.
+ * BUG 11141: tevent: Add a note to tevent_add_fd().
+ * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+ * BUG 11316: tevent_fd needs to be destroyed before closing the fd.
+ * BUG 11319: Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’
+ undeclared".
+ * BUG 11326: Robust mutex support broken in 1.3.5.
+ * BUG 11329: s3:smb2_setinfo: Fix memory leak in the defer_rename case.
+ * BUG 11330: Backport tevent-0.9.25.
+ * BUG 11331: Backport tdb-1.3.6.
+ * BUG 11367: s3:auth_domain: Fix talloc problem in
+ connect_to_domain_password_server().
+
+
+o Marc Muehlfeld <mmuehlfeld at samba.org>
+ * BUG 11315: Group creation: Add msSFU30Name only when --nis-domain was
+ given.
+
+o Matthieu Patou <mat at matws.net>
+ * BUG 11356: pidl: Make the compilation of PIDL producing the same results
+ if the content hasn't change.
+
+
+o Noel Power <noel.power at suse.com>
+ * BUG 11328: Kerberos auth info3 should contain resource group ids available
+ from pac_logon.
+
+
+o Gordon Ross <gordon.w.ross at gmail.com>
+ * BUG 11330: lib: tevent: Fix compile error in Solaris ports backend.
+
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 11313: idmap_rfc2307: Fix wbinfo '--gid-to-sid' query.
+ * BUG 11324: Change sharesec output back to previous format.
+
+
+o Uri Simchoni <urisimchoni at gmail.com>
+ * BUG 11358: winbindd: Disconnect child process if request is cancelled at
+ main process.
+
+
+o Petr Viktorin <pviktori at redhat.com>
+ * BUG 11330: Backport tevent-0.9.25.
+
+
+o Youzhong Yang <yyang at mathworks.com>
+ * BUG 11217: s3-unix_msg: Remove socket file after closing socket fd.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+ =============================
Release Notes for Samba 4.2.2
May 27, 2015
=============================
@@ -130,10 +286,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
=============================
Release Notes for Samba 4.2.1
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 8b5c02d..01cceaf 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -41,9 +41,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
if (!gensec_security->ops->unseal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
return NT_STATUS_INVALID_PARAMETER;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
return gensec_security->ops->unseal_packet(gensec_security,
data, length,
@@ -81,6 +87,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
@@ -109,6 +118,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return 0;
}
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+ return 0;
+ }
+ }
return gensec_security->ops->sig_size(gensec_security, data_size);
}
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 9910f1a..b1bc1b9 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -716,6 +716,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
return NT_STATUS_INVALID_PARAMETER;
}
gensec_security->dcerpc_auth_level = auth_level;
+ /*
+ * We need to reset sign/seal in order to reset it.
+ * We may got some default features inherited by the credentials
+ */
+ gensec_security->want_features &= ~GENSEC_FEATURE_SIGN;
+ gensec_security->want_features &= ~GENSEC_FEATURE_SEAL;
gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cb33630..0b74adc 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -229,7 +229,18 @@ def CHECK_DECLS(conf, vars, reverse=False, headers=None, always=False):
headers=headers,
msg='Checking for declaration of %s' % v,
always=always):
- ret = False
+ if not CHECK_CODE(conf,
+ '''
+ return (int)%s;
+ ''' % (v),
+ execute=False,
+ link=False,
+ msg='Checking for declaration of %s (as enum)' % v,
+ local_include=False,
+ headers=headers,
+ define=define,
+ always=always):
+ ret = False
return ret
diff --git a/ctdb/ib/ibwrapper.c b/ctdb/ib/ibwrapper.c
index 3daab3e..51d39da 100644
--- a/ctdb/ib/ibwrapper.c
+++ b/ctdb/ib/ibwrapper.c
@@ -134,16 +134,16 @@ static int ibw_ctx_priv_destruct(struct ibw_ctx_priv *pctx)
{
DEBUG(DEBUG_DEBUG, ("ibw_ctx_priv_destruct(%p)\n", pctx));
+ /*
+ * tevent_fd must be removed before the fd is closed
+ */
+ TALLOC_FREE(pctx->cm_channel_event);
+
/* destroy cm */
if (pctx->cm_channel) {
rdma_destroy_event_channel(pctx->cm_channel);
pctx->cm_channel = NULL;
}
- if (pctx->cm_channel_event) {
- /* TODO: do we have to do this here? */
- talloc_free(pctx->cm_channel_event);
- pctx->cm_channel_event = NULL;
- }
if (pctx->cm_id) {
rdma_destroy_id(pctx->cm_id);
pctx->cm_id = NULL;
@@ -166,6 +166,11 @@ static int ibw_conn_priv_destruct(struct ibw_conn_priv *pconn)
/* pconn->wr_index is freed by talloc */
/* pconn->wr_index[i] are freed by talloc */
+ /*
+ * tevent_fd must be removed before the fd is closed
+ */
+ TALLOC_FREE(pconn->verbs_channel_event);
+
/* destroy verbs */
if (pconn->cm_id!=NULL && pconn->cm_id->qp!=NULL) {
rdma_destroy_qp(pconn->cm_id);
@@ -182,12 +187,6 @@ static int ibw_conn_priv_destruct(struct ibw_conn_priv *pconn)
pconn->verbs_channel = NULL;
}
- /* must be freed here because its order is important */
- if (pconn->verbs_channel_event) {
- talloc_free(pconn->verbs_channel_event);
- pconn->verbs_channel_event = NULL;
- }
-
/* free memory regions */
ibw_free_mr(&pconn->buf_send, &pconn->mr_send);
ibw_free_mr(&pconn->buf_recv, &pconn->mr_recv);
diff --git a/ctdb/server/ctdb_lock.c b/ctdb/server/ctdb_lock.c
index 7959d40..5b63d1e 100644
--- a/ctdb/server/ctdb_lock.c
+++ b/ctdb/server/ctdb_lock.c
@@ -41,6 +41,10 @@
* ctdb_lock_alldb() - get a lock on all DBs
*
* auto_mark - whether to mark/unmark DBs in before/after callback
+ * = false is used for freezing databases for
+ * recovery since the recovery cannot start till
+ * databases are locked on all the nodes.
+ * = true is used for record locks.
*/
enum lock_type {
@@ -312,7 +316,13 @@ static int ctdb_lock_context_destructor(struct lock_context *lock_ctx)
*/
static int ctdb_lock_request_destructor(struct lock_request *lock_request)
{
+ if (lock_request->lctx == NULL) {
+ return 0;
+ }
+
+ lock_request->lctx->request = NULL;
TALLOC_FREE(lock_request->lctx);
+
return 0;
}
@@ -324,8 +334,9 @@ static int ctdb_lock_request_destructor(struct lock_request *lock_request)
static void process_callbacks(struct lock_context *lock_ctx, bool locked)
{
struct lock_request *request;
+ bool auto_mark = lock_ctx->auto_mark;
- if (lock_ctx->auto_mark && locked) {
+ if (auto_mark && locked) {
switch (lock_ctx->type) {
case LOCK_RECORD:
tdb_chainlock_mark(lock_ctx->ctdb_db->ltdb->tdb, lock_ctx->key);
@@ -346,13 +357,23 @@ static void process_callbacks(struct lock_context *lock_ctx, bool locked)
}
request = lock_ctx->request;
- if (lock_ctx->auto_mark) {
- /* Reset the destructor, so request is not removed from the list */
- talloc_set_destructor(request, NULL);
+ if (auto_mark) {
+ /* Since request may be freed in the callback, unset the lock
+ * context, so request destructor will not free lock context.
+ */
+ request->lctx = NULL;
}
+
+ /* Since request may be freed in the callback, unset the request */
+ lock_ctx->request = NULL;
+
request->callback(request->private_data, locked);
- if (lock_ctx->auto_mark && locked) {
+ if (!auto_mark) {
+ return;
+ }
+
+ if (locked) {
switch (lock_ctx->type) {
case LOCK_RECORD:
tdb_chainlock_unmark(lock_ctx->ctdb_db->ltdb->tdb, lock_ctx->key);
@@ -371,6 +392,8 @@ static void process_callbacks(struct lock_context *lock_ctx, bool locked)
break;
}
}
+
+ talloc_free(lock_ctx);
}
@@ -416,7 +439,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
void *private_data)
{
struct lock_context *lock_ctx;
- TALLOC_CTX *tmp_ctx = NULL;
char c;
bool locked;
double t;
@@ -430,11 +452,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
t = timeval_elapsed(&lock_ctx->start_time);
id = lock_bucket_id(t);
- if (lock_ctx->auto_mark) {
- tmp_ctx = talloc_new(ev);
- talloc_steal(tmp_ctx, lock_ctx);
- }
-
/* Read the status from the child process */
if (sys_read(lock_ctx->fd[0], &c, 1) != 1) {
locked = false;
@@ -466,10 +483,6 @@ static void ctdb_lock_handler(struct tevent_context *ev,
}
process_callbacks(lock_ctx, locked);
-
- if (lock_ctx->auto_mark) {
- talloc_free(tmp_ctx);
- }
}
@@ -805,8 +818,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
/* Parent process */
close(lock_ctx->fd[1]);
- talloc_set_destructor(lock_ctx, ctdb_lock_context_destructor);
-
talloc_free(tmp_ctx);
/* Set up timeout handler */
@@ -818,7 +829,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
if (lock_ctx->ttimer == NULL) {
ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
lock_ctx->child = -1;
- talloc_set_destructor(lock_ctx, NULL);
close(lock_ctx->fd[0]);
return;
}
@@ -834,7 +844,6 @@ static void ctdb_lock_schedule(struct ctdb_context *ctdb)
TALLOC_FREE(lock_ctx->ttimer);
ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
lock_ctx->child = -1;
- talloc_set_destructor(lock_ctx, NULL);
close(lock_ctx->fd[0]);
return;
}
@@ -899,6 +908,7 @@ static struct lock_request *ctdb_lock_internal(TALLOC_CTX *mem_ctx,
if (lock_ctx->key.dptr == NULL) {
DEBUG(DEBUG_ERR, (__location__ "Memory allocation error\n"));
talloc_free(lock_ctx);
+ talloc_free(request);
return NULL;
}
lock_ctx->key_hash = ctdb_hash(&key);
@@ -932,6 +942,7 @@ static struct lock_request *ctdb_lock_internal(TALLOC_CTX *mem_ctx,
request->private_data = private_data;
talloc_set_destructor(request, ctdb_lock_request_destructor);
+ talloc_set_destructor(lock_ctx, ctdb_lock_context_destructor);
ctdb_lock_schedule(ctdb);
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
index 6a201cc..7e13d49 100644
--- a/docs-xml/manpages/sharesec.1.xml
+++ b/docs-xml/manpages/sharesec.1.xml
@@ -154,10 +154,9 @@
If not specified it defaults to 1. Using values other than 1 may
cause strange behaviour.</para>
- <para>The owner and group specify the owner and group SIDs for the
- object. If a SID in the format S-1-x-y-z is specified this is used,
- otherwise the name specified is resolved using the server on which
- the file or directory resides.</para>
+ <para>The owner and group specify the owner and group SIDs for
+ the object. Share ACLs do not specify an owner or a group, so
+ these fields are empty.</para>
<para>ACLs specify permissions granted to the SID. This SID
can be specified in S-1-x-y-z format or as a name in which case
@@ -227,10 +226,11 @@
<programlisting>
host:~ # sharesec share -v
REVISION:1
- OWNER:(NULL SID)
- GROUP:(NULL SID)
- ACL:S-1-1-0:ALLOWED/0/0x101f01ff
- ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ CONTROL:SR|DP
--
Samba Shared Repository
More information about the samba-cvs
mailing list