The branch, master has been updated via c2094e3 debug: Do not constantly rename logs when max log size = 0 via 61ab9a4 file_server: Use samba4 auth module for guest logins as well via 92fd0fd lib/param: simplfy lp_find_security() via 657af5a pyldb: Ensure that the ldb argument is really an ldb before we dereference via 6aee802 s3-smbd: Remove unused branches in negprot since security=share was removed via 29ff3ce s4-selftest: Test samba-tool drs replicate --local --full-sync from ba44bd3 libcli/nbt: remove unused system/network.h from libnbt.h
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit c2094e313118c29e1e7540ca8f06f9fe0bd30e16 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Jun 11 13:22:42 2012 +1000 debug: Do not constantly rename logs when max log size = 0 In Samba4, the max log size parameter is not yet connected, so maxlog is 0 This means that we would, on receipt of a -HUP, have all child processes attempt a rename. Now we have the -HUP mean we reopen the logs unconditionally, and then we see if the log is too large (samba3 mode) or simply proceed assuming that someone else has renamed the logs for us. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Jun 11 13:34:43 CEST 2012 on sn-devel-104 commit 61ab9a4806a4139e783fa0cf5481a7e7f9e46678 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Jun 11 10:48:32 2012 +1000 file_server: Use samba4 auth module for guest logins as well This is important for consistancy on NTLM logins, as the samba4 stack is used for all NTLMSSP logins anyway. Andrew Bartlett commit 92fd0fdd790d9a0fbb1e82e5dc7acbc1a193a7ca Author: Andrew Bartlett <abart...@samba.org> Date: Mon Jun 11 11:12:52 2012 +1000 lib/param: simplfy lp_find_security() All the roles other than ROLE_DOMAIN_MEMBER map to SEC_USER. Andrew Bartlett commit 657af5a27480ac7fbcaa4fa4b67bbf496da32a35 Author: Andrew Bartlett <abart...@samba.org> Date: Sun Jun 10 20:30:27 2012 +1000 pyldb: Ensure that the ldb argument is really an ldb before we dereference commit 6aee8021a14a2878f2bb7f393e2b93721925f92a Author: Andrew Bartlett <abart...@samba.org> Date: Sun Jun 10 16:08:12 2012 +1000 s3-smbd: Remove unused branches in negprot since security=share was removed commit 29ff3ce56894d5ef0254c85d6ae9e68733558901 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Jun 8 13:37:49 2012 +1000 s4-selftest: Test samba-tool drs replicate --local --full-sync ----------------------------------------------------------------------- Summary of changes: file_server/file_server.c | 2 +- lib/ldb/pyldb.c | 10 ++++++++ lib/param/loadparm_server_role.c | 5 ---- lib/util/debug.c | 34 ++++++++++++++------------- source3/smbd/negprot.c | 29 ++++++----------------- source4/selftest/tests.py | 2 +- source4/torture/drs/python/drs_base.py | 6 ++++- source4/torture/drs/python/replica_sync.py | 6 +++++ 8 files changed, 49 insertions(+), 45 deletions(-) Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index 0e9d321..9f43ebb 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -49,7 +49,7 @@ static const char *generate_smb_conf(struct task_server *task) } fdprintf(fd, "# auto-generated config for fileserver\n"); - fdprintf(fd, "auth methods = guest samba4\n"); + fdprintf(fd, "auth methods = samba4\n"); fdprintf(fd, "passdb backend = samba4\n"); fdprintf(fd, "rpc_server:default = external\n"); fdprintf(fd, "rpc_server:svcctl = embedded\n"); diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index ea7b695..4554886 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -653,6 +653,11 @@ static PyObject *py_ldb_dn_new(PyTypeObject *type, PyObject *args, PyObject *kwa &py_ldb, &str)) return NULL; + if (!PyLdb_Check(py_ldb)) { + PyErr_SetString(PyExc_TypeError, "Expected Ldb"); + return NULL; + } + ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb); mem_ctx = talloc_new(NULL); @@ -2482,6 +2487,11 @@ static PyObject *py_ldb_msg_from_dict(PyTypeObject *type, PyObject *args) return NULL; } + if (!PyLdb_Check(py_ldb)) { + PyErr_SetString(PyExc_TypeError, "Expected Ldb"); + return NULL; + } + /* mask only flags we are going to use */ mod_flags = LDB_FLAG_MOD_TYPE(mod_flags); if (!mod_flags) { diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 9ff64be..5a1f498 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -117,17 +117,12 @@ int lp_find_security(int server_role, int security) } switch (server_role) { - case ROLE_AUTO: - case ROLE_STANDALONE: - return SEC_USER; case ROLE_DOMAIN_MEMBER: #if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4) return SEC_ADS; #else return SEC_DOMAIN; #endif - case ROLE_DOMAIN_PDC: - case ROLE_DOMAIN_BDC: default: return SEC_USER; } diff --git a/lib/util/debug.c b/lib/util/debug.c index a990ad5..15a2452 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -688,25 +688,27 @@ void check_log_size( void ) maxlog = state.settings.max_log_size * 1024; - if (state.schedule_reopen_logs || - (fstat(state.fd, &st) == 0 + if (state.schedule_reopen_logs) { + (void)reopen_logs_internal(); + } + + if (maxlog && (fstat(state.fd, &st) == 0 && st.st_size > maxlog )) { (void)reopen_logs_internal(); - if (state.fd > 0 && fstat(state.fd, &st) == 0) { - if (st.st_size > maxlog) { - char *name = NULL; - - if (asprintf(&name, "%s.old", state.debugf ) < 0) { - return; - } - (void)rename(state.debugf, name); - - if (!reopen_logs_internal()) { - /* We failed to reopen a log - continue using the old name. */ - (void)rename(name, state.debugf); - } - SAFE_FREE(name); + if (state.fd > 2 && (fstat(state.fd, &st) == 0 + && st.st_size > maxlog)) { + char *name = NULL; + + if (asprintf(&name, "%s.old", state.debugf ) < 0) { + return; + } + (void)rename(state.debugf, name); + + if (!reopen_logs_internal()) { + /* We failed to reopen a log - continue using the old name. */ + (void)rename(name, state.debugf); } + SAFE_FREE(name); } } diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 6d53333..93af42b 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -69,9 +69,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice) sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) { - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - } + secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } @@ -116,9 +114,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice) sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); - if (lp_security()>=SEC_USER) { - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - } + secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } @@ -299,9 +295,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) if (lp_host_msdfs()) capabilities |= CAP_DFS; - if (lp_security() >= SEC_USER) { - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - } + secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } @@ -310,18 +304,11 @@ static void reply_nt1(struct smb_request *req, uint16 choice) signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state); if (signing_enabled) { - if (lp_security() >= SEC_USER) { - secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; - /* No raw mode with smb signing. */ - capabilities &= ~CAP_RAW_MODE; - if (signing_required) { - secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; - } - } else { - DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n")); - if (signing_required) { - exit_server_cleanly("reply_nt1: smb signing required and share level security selected."); - } + secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; + /* No raw mode with smb signing. */ + capabilities &= ~CAP_RAW_MODE; + if (signing_required) { + secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; } } diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 9a6af52..8e868dc 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -485,7 +485,7 @@ plantestsuite("samba4.ldap.bind(dc)", "dc", [python, os.path.join(srcdir(), "aut planoldpythontestsuite("vampire_dc", "samba.tests.blackbox.samba_tool_drs", environ={'DC1': '$DC_SERVER', 'DC2': '$VAMPIRE_DC_SERVER'}, extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) -planoldpythontestsuite("vampire_dc", "replica_sync", +planoldpythontestsuite("vampire_dc:local", "replica_sync", extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], name="samba4.drs.replica_sync.python(vampire_dc)", environ={'DC1': '$DC_SERVER', 'DC2': '$VAMPIRE_DC_SERVER'}, diff --git a/source4/torture/drs/python/drs_base.py b/source4/torture/drs/python/drs_base.py index 8e48b92..abfdbf5 100644 --- a/source4/torture/drs/python/drs_base.py +++ b/source4/torture/drs/python/drs_base.py @@ -98,13 +98,17 @@ class DrsBaseTestCase(samba.tests.BlackboxTestCase): # bin/samba-tool drs <drs_command> <cmdline_auth> return "%s drs %s %s" % (samba_tool_cmd, drs_command, cmdline_auth) - def _net_drs_replicate(self, DC, fromDC, nc_dn=None, forced=True): + def _net_drs_replicate(self, DC, fromDC, nc_dn=None, forced=True, local=False, full_sync=False): if nc_dn is None: nc_dn = self.domain_dn # make base command line samba_tool_cmdline = self._samba_tool_cmdline("replicate") if forced: samba_tool_cmdline += " --sync-forced" + if local: + samba_tool_cmdline += " --local" + if full_sync: + samba_tool_cmdline += " --full-sync" # bin/samba-tool drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context> cmd_line = "%s %s %s %s" % (samba_tool_cmdline, DC, fromDC, nc_dn) return self.check_output(cmd_line) diff --git a/source4/torture/drs/python/replica_sync.py b/source4/torture/drs/python/replica_sync.py index ddeb582..af2da4f 100644 --- a/source4/torture/drs/python/replica_sync.py +++ b/source4/torture/drs/python/replica_sync.py @@ -63,3 +63,9 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): """Tests we cann't replicate when replication is disabled""" self._disable_inbound_repl(self.dnsname_dc1) out = self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True) + + def test_ReplLocal(self): + """Tests we can replicate direct to the local db""" + self._enable_inbound_repl(self.dnsname_dc1) + self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False, local=True, full_sync=True) + -- Samba Shared Repository