[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon May 4 13:02:06 MDT 2015
The branch, master has been updated
via 38beef2 libads: Fix deadlock when re-joining a domain and updating keytab
via df91bc5 libads: Fix free of uninitialized pointer
via 9343386 s3: Fix pam_authenticate() when lp_null_passwords() is true
via c3c820a s3: nmbd: Don't set work_changed = True inside update_server_ttl().
via db6572e s3: nmbd: Ensure we only set work_changed = true if we modify the record.
from 20a7945 Revert "ctdb-recoverd: Abort when daemon can take recovery lock during recovery"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 38beef2ff63664d7d5805f1032bb9f69d0b965d7
Author: Uri Simchoni <urisimchoni at gmail.com>
Date: Sat May 2 13:44:53 2015 +0300
libads: Fix deadlock when re-joining a domain and updating keytab
When updating the system keytab as a result of joining a domain,
if the keytb had prior entries, ads_keytab_create_default tries to
update those entries. However, it starts updating before freeing the
cursor which was used for finding those entries, and hence causes
an an attempt to write-lock the keytab while a read-lock exists.
To reproduce configure smb.conf for ads domain member and run this twice:
net ads join -U <credentials> '--option=kerberos method=secrets and keytab'
Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 4 21:01:41 CEST 2015 on sn-devel-104
commit df91bc5159b24f6f10fd9742b49192921d51f821
Author: Uri Simchoni <urisimchoni at gmail.com>
Date: Sat May 2 13:44:52 2015 +0300
libads: Fix free of uninitialized pointer
In ads_keytab_creat_default(), if the keytab to be created cannot
be opened, the bail-out code calls smb_krb5_kt_free_entry() on
an uninitialized entry.
To reproduce:
1. Join a domain
2. KRB5_KTNAME=FILE:/non-existant-path/krb5.keytab net ads keytab create -P
Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9343386b91c3de6b5f238169d34390afc1ee069f
Author: Maks Naumov <maksqwe1 at ukr.net>
Date: Sun May 3 13:34:49 2015 +0300
s3: Fix pam_authenticate() when lp_null_passwords() is true
(PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK)
is always 0 when lp_null_passwords() == true.
Signed-off-by: Maks Naumov <maksqwe1 at ukr.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c3c820a661c092de31d56c16c8cd1ec57999d2f7
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 1 09:56:59 2015 -0700
s3: nmbd: Don't set work_changed = True inside update_server_ttl().
This is taken care of inside expire_servers() when it calls
remove_server_from_workgroup().
Ensure the only functions in nmbd_serverlistdb.c that
set subnet->work_changed are:
remove_all_servers()
add_server_to_workgroup()
remove_server_from_workgroup()
Fix inspired by a change from Volker.
https://bugzilla.samba.org/show_bug.cgi?id=11254
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit db6572ef80e20b0e577b9e9fb5d233f8bdd20713
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 30 12:05:17 2015 -0700
s3: nmbd: Ensure we only set work_changed = true if we modify the record.
https://bugzilla.samba.org/show_bug.cgi?id=11254
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/pampass.c | 2 +-
source3/libads/kerberos_keytab.c | 10 ++++++----
source3/nmbd/nmbd_incomingdgrams.c | 22 +++++++++++++++++-----
source3/nmbd/nmbd_serverlistdb.c | 5 -----
4 files changed, 24 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index bde7c22..2a3195c 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -524,7 +524,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
*/
DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
- pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+ pam_error = pam_authenticate(pamh, PAM_SILENT | (lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK));
switch( pam_error ){
case PAM_AUTH_ERR:
DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index bbd981c..309e614 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -520,6 +520,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
size_t i;
ADS_STATUS status;
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
frame = talloc_stackframe();
if (frame == NULL) {
ret = -1;
@@ -575,8 +578,6 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
#endif
memset(princ_s, '\0', sizeof(princ_s));
- ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(cursor);
initialize_krb5_error_table();
ret = krb5_init_context(&context);
@@ -730,13 +731,14 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
}
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+
ret = 0;
for (i = 0; oldEntries[i]; i++) {
ret |= ads_keytab_add_entry(ads, oldEntries[i]);
TALLOC_FREE(oldEntries[i]);
}
- krb5_kt_end_seq_get(context, keytab, &cursor);
- ZERO_STRUCT(cursor);
done:
TALLOC_FREE(oldEntries);
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
index b728c13..9a69252 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -327,12 +327,25 @@ a local master browser for workgroup %s and we think we are master. Forcing elec
ttl, comment);
} else {
/* Update the record. */
- servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
+ if (servrec->serv.type !=
+ (servertype|SV_TYPE_LOCAL_LIST_ONLY)) {
+ servrec->serv.type =
+ servertype|SV_TYPE_LOCAL_LIST_ONLY;
+ subrec->work_changed = true;
+ }
+ if (!strequal(servrec->serv.comment,comment)) {
+ strlcpy(servrec->serv.comment,
+ comment,
+ sizeof(servrec->serv.comment));
+ subrec->work_changed = true;
+ }
update_server_ttl(servrec, ttl);
- strlcpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment));
}
-
- set_workgroup_local_master_browser_name( work, server_name );
+
+ if (!strequal(work->local_master_browser_name, server_name)) {
+ set_workgroup_local_master_browser_name( work, server_name );
+ subrec->work_changed = true;
+ }
} else {
/*
* This server is announcing it is going down. Remove it from the
@@ -344,7 +357,6 @@ a local master browser for workgroup %s and we think we are master. Forcing elec
}
}
- subrec->work_changed = True;
done:
return;
}
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index b405719..cd84bdf 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -133,8 +133,6 @@ workgroup %s. This is a bug.\n", name, work->work_group));
DEBUG(3,("create_server_on_workgroup: Created server entry %s of type %x (%s) on \
workgroup %s.\n", name,servertype,comment, work->work_group));
- work->subnet->work_changed = True;
-
return(servrec);
}
@@ -151,8 +149,6 @@ void update_server_ttl(struct server_record *servrec, int ttl)
servrec->death_time = PERMANENT_TTL;
else
servrec->death_time = (ttl != PERMANENT_TTL) ? time(NULL)+(ttl*3) : PERMANENT_TTL;
-
- servrec->subnet->work_changed = True;
}
/*******************************************************************
@@ -172,7 +168,6 @@ void expire_servers(struct work_record *work, time_t t)
if ((servrec->death_time != PERMANENT_TTL) && ((t == -1) || (servrec->death_time < t))) {
DEBUG(3,("expire_old_servers: Removing timed out server %s\n",servrec->serv.name));
remove_server_from_workgroup(work, servrec);
- work->subnet->work_changed = True;
}
}
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list