The branch, master has been updated
via 20fda4f auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session
code.
via 8cd905d s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL
and a proper log level
via e1ede0b auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
from f93cc23 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 20fda4f600c46e73571709f718c78017b9b037a2
Author: Andrew Bartlett <[email protected]>
Date: Mon May 21 13:58:12 2018 +1200
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
commit 8cd905d5751457de35010285793a191d10ecdb04
Author: Andrew Bartlett <[email protected]>
Date: Mon May 21 13:53:01 2018 +1200
s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log
level
Selftest logs are full of calls to security_token_debug() with no context
and this is never a log level 0 event, so tidy it up.
The RODC would trigger this each time there is an attempted preload
of a user in the Denied RODC replication group.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit e1ede0b1ffd128707bb4b5ae271c82cb8e2de26c
Author: Andrew Bartlett <[email protected]>
Date: Mon May 21 13:51:16 2018 +1200
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source4/auth/ntlm/auth.c | 3 +++
source4/auth/ntlm/auth_anonymous.c | 3 +++
source4/auth/ntlm/auth_developer.c | 3 +++
source4/auth/ntlm/auth_sam.c | 3 +++
source4/auth/ntlm/auth_server_service.c | 3 +++
source4/auth/ntlm/auth_simple.c | 3 +++
source4/auth/ntlm/auth_unix.c | 3 +++
source4/auth/ntlm/auth_util.c | 3 +++
source4/auth/ntlm/auth_winbind.c | 3 +++
source4/auth/sam.c | 5 ++++-
source4/auth/session.c | 6 +++++-
source4/auth/system_session.c | 2 ++
source4/auth/unix_token.c | 9 ++++++---
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 ++-
source4/rpc_server/drsuapi/drsutil.c | 4 ++--
15 files changed, 48 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1293b28..e560116 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -34,6 +34,9 @@
#include "auth/kerberos/kerberos_util.h"
#include "libds/common/roles.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context
*auth_context,
TALLOC_CTX *mem_ctx,
void *server_returned_info,
diff --git a/source4/auth/ntlm/auth_anonymous.c
b/source4/auth/ntlm/auth_anonymous.c
index e8a9ed3..83aeb43 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -24,6 +24,9 @@
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
_PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *);
/**
diff --git a/source4/auth/ntlm/auth_developer.c
b/source4/auth/ntlm/auth_developer.c
index 8703577..b655283 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -24,6 +24,9 @@
#include "auth/ntlm/auth_proto.h"
#include "libcli/security/security.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
_PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *);
static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index d63a7d1..fb88cb8 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -37,6 +37,9 @@
#include "libcli/auth/libcli_auth.h"
#include "libds/common/roles.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
NTSTATUS auth_sam_init(void);
extern const char *user_attrs[];
diff --git a/source4/auth/ntlm/auth_server_service.c
b/source4/auth/ntlm/auth_server_service.c
index 9ac080a..7fbb1fe 100644
--- a/source4/auth/ntlm/auth_server_service.c
+++ b/source4/auth/ntlm/auth_server_service.c
@@ -20,6 +20,9 @@
#include "includes.h"
#include "auth/auth.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
NTSTATUS server_service_auth_init(TALLOC_CTX *ctx)
{
return auth4_init();
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index d7811b9..273e488 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -27,6 +27,9 @@
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
struct authenticate_ldap_simple_bind_state {
bool using_tls;
struct auth4_context *auth_context;
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index c01ec35..67cd5f3 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -28,6 +28,9 @@
#include "../libcli/auth/pam_errors.h"
#include "param/param.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
_PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *);
/* TODO: look at how to best fill in parms retrieveing a struct passwd info
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
index 5084cc4..af89130 100644
--- a/source4/auth/ntlm/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
@@ -29,6 +29,9 @@
#include "librpc/gen_ndr/drsuapi.h"
#include "dsdb/samdb/samdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
/* this default function can be used by mostly all backends
* which don't want to set a challenge
*/
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index a3efde8..318675f 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -35,6 +35,9 @@
#include "dsdb/samdb/samdb.h"
#include "auth/auth_sam.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
_PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *);
static NTSTATUS winbind_want_check(struct auth_method_context *ctx,
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index fb309f5..9d1fc65 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,7 +32,10 @@
#include "param/param.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
-#define KRBTGT_ATTRS \
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+#define KRBTGT_ATTRS \
/* required for the krb5 kdc */ \
"objectClass", \
"sAMAccountName", \
diff --git a/source4/auth/session.c b/source4/auth/session.c
index c27d273..e324ecf 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -34,6 +34,9 @@
#include <gssapi/gssapi.h>
#include "libcli/wbclient/wbclient.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx)
{
@@ -415,5 +418,6 @@ void auth_session_info_debug(int dbg_lev,
return;
}
- security_token_debug(0, dbg_lev, session_info->security_token);
+ security_token_debug(DBGC_AUTH, dbg_lev,
+ session_info->security_token);
}
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 4c5290d..1d238ee 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -29,6 +29,8 @@
#include "auth/session.h"
#include "auth/system_session_proto.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
/*
prevent the static system session being freed
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index e5eb0aa..492149b 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -25,6 +25,9 @@
#include "libcli/wbclient/wbclient.h"
#include "param/param.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
/*
form a security_unix_token from the current security_token
*/
@@ -76,7 +79,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
DEBUG(0, ("Unable to convert first SID (%s) in user token to a
UID. Conversion was returned as type %d, full token:\n",
sid_str, (int)ids[0].xid.type));
- security_token_debug(0, 0, token);
+ security_token_debug(DBGC_AUTH, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -90,7 +93,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
DEBUG(0, ("Unable to convert second SID (%s) in user token to a
GID. Conversion was returned as type %d, full token:\n",
sid_str, (int)ids[1].xid.type));
- security_token_debug(0, 0, token);
+ security_token_debug(DBGC_AUTH, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -104,7 +107,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
DEBUG(0, ("Unable to convert SID (%s) at index %u in
user token to a GID. Conversion was returned as type %d, full token:\n",
sid_str, (unsigned int)s,
(int)ids[s].xid.type));
- security_token_debug(0, 0, token);
+ security_token_debug(DBGC_AUTH, 0, token);
talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 250b4c7..eac96a3 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -1018,7 +1018,8 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct
dcesrv_call_state *dce_call
level =
security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
if (level < SECURITY_DOMAIN_CONTROLLER) {
DEBUG(1,(__location__ ": Administrator access required
for DsReplicaGetInfo\n"));
- security_token_debug(0, 2,
dce_call->conn->auth_state.session_info->security_token);
+ security_token_debug(DBGC_DRS_REPL, 2,
+
dce_call->conn->auth_state.session_info->security_token);
return WERR_DS_DRA_ACCESS_DENIED;
}
}
diff --git a/source4/rpc_server/drsuapi/drsutil.c
b/source4/rpc_server/drsuapi/drsutil.c
index 53bcb16..6fe254a 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -107,7 +107,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state
*dce_call,
if (call) {
DEBUG(0,("%s refused for security token (level=%u)\n",
call, (unsigned)level));
- security_token_debug(0, 2,
dce_call->conn->auth_state.session_info->security_token);
+ security_token_debug(DBGC_DRS_REPL, 2,
dce_call->conn->auth_state.session_info->security_token);
}
return WERR_DS_DRA_ACCESS_DENIED;
}
@@ -170,7 +170,7 @@ static WERROR drs_security_access_check_log(struct
ldb_context *sam_ctx,
if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
DEBUG(3,("%s refused for security token on %s\n",
ext_right, ldb_dn_get_linearized(dn)));
- security_token_debug(2, 0, token);
+ security_token_debug(DBGC_DRS_REPL, 3, token);
return WERR_DS_DRA_ACCESS_DENIED;
} else if (ret != LDB_SUCCESS) {
DEBUG(1,("Failed to perform access check on %s: %s\n",
ldb_dn_get_linearized(dn), ldb_strerror(ret)));
--
Samba Shared Repository
