[SCM] Samba Shared Repository - branch master updated

Mon May 4 13:02:06 MDT 2015

The branch, master has been updated
       via  38beef2 libads: Fix deadlock when re-joining a domain and updating keytab
       via  df91bc5 libads: Fix free of uninitialized pointer
       via  9343386 s3: Fix pam_authenticate() when lp_null_passwords() is true
       via  c3c820a s3: nmbd: Don't set work_changed = True inside update_server_ttl().
       via  db6572e s3: nmbd: Ensure we only set work_changed = true if we modify the record.
      from  20a7945 Revert "ctdb-recoverd: Abort when daemon can take recovery lock during recovery"

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 38beef2ff63664d7d5805f1032bb9f69d0b965d7
Author: Uri Simchoni <urisimchoni at gmail.com>
Date:   Sat May 2 13:44:53 2015 +0300

    libads: Fix deadlock when re-joining a domain and updating keytab
    
    When updating the system keytab as a result of joining a domain,
    if the keytb had prior entries, ads_keytab_create_default tries to
    update those entries. However, it starts updating before freeing the
    cursor which was used for finding those entries, and hence causes
    an an attempt to write-lock the keytab while a read-lock exists.
    
    To reproduce configure smb.conf for ads domain member and run this twice:
    net ads join -U <credentials> '--option=kerberos method=secrets and keytab'
    
    Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon May  4 21:01:41 CEST 2015 on sn-devel-104

commit df91bc5159b24f6f10fd9742b49192921d51f821
Author: Uri Simchoni <urisimchoni at gmail.com>
Date:   Sat May 2 13:44:52 2015 +0300

    libads: Fix free of uninitialized pointer
    
    In ads_keytab_creat_default(), if the keytab to be created cannot
    be opened, the bail-out code calls smb_krb5_kt_free_entry() on
    an uninitialized entry.
    
    To reproduce:
    1. Join a domain
    2. KRB5_KTNAME=FILE:/non-existant-path/krb5.keytab net ads keytab create -P
    
    Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 9343386b91c3de6b5f238169d34390afc1ee069f
Author: Maks Naumov <maksqwe1 at ukr.net>
Date:   Sun May 3 13:34:49 2015 +0300

    s3: Fix pam_authenticate() when lp_null_passwords() is true
    
    (PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK)
    is always 0 when lp_null_passwords() == true.
    
    Signed-off-by: Maks Naumov <maksqwe1 at ukr.net>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit c3c820a661c092de31d56c16c8cd1ec57999d2f7
Author: Jeremy Allison <jra at samba.org>
Date:   Fri May 1 09:56:59 2015 -0700

    s3: nmbd: Don't set work_changed = True inside update_server_ttl().
    
    This is taken care of inside expire_servers() when it calls
    remove_server_from_workgroup().
    
    Ensure the only functions in nmbd_serverlistdb.c that
    set subnet->work_changed are:
    
    remove_all_servers()
    add_server_to_workgroup()
    remove_server_from_workgroup()
    
    Fix inspired by a change from Volker.
    
    https://bugzilla.samba.org/show_bug.cgi?id=11254
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit db6572ef80e20b0e577b9e9fb5d233f8bdd20713
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Apr 30 12:05:17 2015 -0700

    s3: nmbd: Ensure we only set work_changed = true if we modify the record.
    
    https://bugzilla.samba.org/show_bug.cgi?id=11254
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/pampass.c             |  2 +-
 source3/libads/kerberos_keytab.c   | 10 ++++++----
 source3/nmbd/nmbd_incomingdgrams.c | 22 +++++++++++++++++-----
 source3/nmbd/nmbd_serverlistdb.c   |  5 -----
 4 files changed, 24 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index bde7c22..2a3195c 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -524,7 +524,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
 	 */
 
 	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
-	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+	pam_error = pam_authenticate(pamh, PAM_SILENT | (lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK));
 	switch( pam_error ){
 		case PAM_AUTH_ERR:
 			DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index bbd981c..309e614 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -520,6 +520,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	size_t i;
 	ADS_STATUS status;
 
+	ZERO_STRUCT(kt_entry);
+	ZERO_STRUCT(cursor);
+
 	frame = talloc_stackframe();
 	if (frame == NULL) {
 		ret = -1;
@@ -575,8 +578,6 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 #endif
 
 	memset(princ_s, '\0', sizeof(princ_s));
-	ZERO_STRUCT(kt_entry);
-	ZERO_STRUCT(cursor);
 
 	initialize_krb5_error_table();
 	ret = krb5_init_context(&context);
@@ -730,13 +731,14 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		smb_krb5_kt_free_entry(context, &kt_entry);
 		ZERO_STRUCT(kt_entry);
 	}
+	krb5_kt_end_seq_get(context, keytab, &cursor);
+	ZERO_STRUCT(cursor);
+
 	ret = 0;
 	for (i = 0; oldEntries[i]; i++) {
 		ret |= ads_keytab_add_entry(ads, oldEntries[i]);
 		TALLOC_FREE(oldEntries[i]);
 	}
-	krb5_kt_end_seq_get(context, keytab, &cursor);
-	ZERO_STRUCT(cursor);
 
 done:
 	TALLOC_FREE(oldEntries);
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
index b728c13..9a69252 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -327,12 +327,25 @@ a local master browser for workgroup %s and we think we are master. Forcing elec
 				ttl, comment);
 		} else {
 			/* Update the record. */
-			servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
+			if (servrec->serv.type !=
+					(servertype|SV_TYPE_LOCAL_LIST_ONLY)) {
+				servrec->serv.type =
+					servertype|SV_TYPE_LOCAL_LIST_ONLY;
+				subrec->work_changed = true;
+			}
+			if (!strequal(servrec->serv.comment,comment)) {
+				strlcpy(servrec->serv.comment,
+					comment,
+					sizeof(servrec->serv.comment));
+				subrec->work_changed = true;
+			}
 			update_server_ttl(servrec, ttl);
-			strlcpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment));
 		}
-	
-		set_workgroup_local_master_browser_name( work, server_name );
+
+		if (!strequal(work->local_master_browser_name, server_name)) {
+			set_workgroup_local_master_browser_name( work, server_name );
+			subrec->work_changed = true;
+		}
 	} else {
 		/*
 		 * This server is announcing it is going down. Remove it from the
@@ -344,7 +357,6 @@ a local master browser for workgroup %s and we think we are master. Forcing elec
 		}
 	}
 
-	subrec->work_changed = True;
 done:
 	return;
 }
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index b405719..cd84bdf 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -133,8 +133,6 @@ workgroup %s. This is a bug.\n", name, work->work_group));
 	DEBUG(3,("create_server_on_workgroup: Created server entry %s of type %x (%s) on \
 workgroup %s.\n", name,servertype,comment, work->work_group));
  
-	work->subnet->work_changed = True;
- 
 	return(servrec);
 }
 
@@ -151,8 +149,6 @@ void update_server_ttl(struct server_record *servrec, int ttl)
 		servrec->death_time = PERMANENT_TTL;
 	else
 		servrec->death_time = (ttl != PERMANENT_TTL) ? time(NULL)+(ttl*3) : PERMANENT_TTL;
-
-	servrec->subnet->work_changed = True;
 }
 
 /*******************************************************************
@@ -172,7 +168,6 @@ void expire_servers(struct work_record *work, time_t t)
 		if ((servrec->death_time != PERMANENT_TTL) && ((t == -1) || (servrec->death_time < t))) {
 			DEBUG(3,("expire_old_servers: Removing timed out server %s\n",servrec->serv.name));
 			remove_server_from_workgroup(work, servrec);
-			work->subnet->work_changed = True;
 		}
 	}
 }


-- 
Samba Shared Repository
