The branch, v4-13-test has been updated
via a0c9e2e4907 s3:libads: Also add a realm entry for the domain name
via 41f9aef217f s3:libads: Only add RC4 if weak crypto is allowed
via 3e145fef4f9 s3:libads: Remove DES legacy types for Kerberos
via 88a31703a2d lib/replace: move lib/replace/closefrom.c from
ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
via 191c2cd7b93 vfs_ring: Adapt to 4.13 VFS
via b29103ef46a Add vfs_ring.
from 99d555f772a VERSION: Bump version up to 4.13.0rc5...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit a0c9e2e49079f093baa26621a593d45d10ba69ed
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 3 13:49:33 2020 +0200
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator@DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Isaac Boukris <ibouk...@samba.org>
(cherry picked from commit 6444a743525532c70634e2dd4cacadce54ba2eab)
Autobuild-User(v4-13-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-13-test): Thu Sep 10 09:42:31 UTC 2020 on sn-devel-184
commit 41f9aef217fd67c2809b4a660a2bf8d479e55371
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 3 11:45:33 2020 +0200
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Isaac Boukris <ibouk...@samba.org>
(cherry picked from commit a5303967287cef0c3d0b653e2aca73d25d438cf7)
commit 3e145fef4f9a139e7517d101cfba011862ef2f4a
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 3 11:11:14 2020 +0200
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Isaac Boukris <ibouk...@samba.org>
(cherry picked from commit 9cf1aecd73e011ad03ddb072760454379b3f0a32)
commit 88a31703a2d28d5f61e334153ef10920fac63e96
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Sep 8 10:13:20 2020 +0000
lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to
REPLACE_HOSTCC_SOURCE
This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit
f31333d40e6fa38daa32a3ebb32d5a317c06fc62.
This fixes a build problem if libbsd-dev is not installed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Björn Jacke <bja...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184
(cherry picked from commit 0022cd94587b805a525b0b9ef71ff0f15780424a)
commit 191c2cd7b93524fc1ee119c0f995171fb38dc210
Author: Volker Lendecke <v...@samba.org>
Date: Mon Aug 10 12:12:30 2020 +0200
vfs_ring: Adapt to 4.13 VFS
commit b29103ef46a9f80a0184d4d999f22512b7fdcd89
Author: Jean-Marc Saffroy <j...@scality.com>
Date: Wed Sep 11 12:44:59 2019 +0200
Add vfs_ring.
-----------------------------------------------------------------------
Summary of changes:
lib/replace/wscript | 3 +
source3/libads/kerberos.c | 11 +++-
source3/modules/vfs_ring.c | 115 ++++++++++++++++++++++++++++++++++++
source3/modules/wscript_build | 8 +++
source3/wscript | 1 +
source4/heimdal_build/wscript_build | 7 +--
6 files changed, 136 insertions(+), 9 deletions(-)
create mode 100644 source3/modules/vfs_ring.c
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 55c8903f1c8..64f305d6df0 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -876,6 +876,9 @@ def build(bld):
if bld.CONFIG_SET('HAVE_LIBRT'): extra_libs += ' rt'
if bld.CONFIG_SET('REPLACE_REQUIRES_LIBSOCKET_LIBNSL'): extra_libs += '
socket nsl'
+ if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
+ REPLACE_HOSTCC_SOURCE += ' closefrom.c'
+
bld.SAMBA_SUBSYSTEM('LIBREPLACE_HOSTCC',
REPLACE_HOSTCC_SOURCE,
use_hostcc=True,
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 5959da919b0..03c7f35a44d 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -592,9 +592,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
#endif
}
- if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
- lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
- legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5";
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+ (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+ legacy_enctypes = "RC4-HMAC";
}
enctypes =
@@ -725,11 +726,15 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
"\tdns_lookup_kdc = true\n\n"
"[realms]\n\t%s = {\n"
"%s\t}\n"
+ "\t%s = {\n"
+ "%s\t}\n"
"%s\n",
realm_upper,
enctypes,
realm_upper,
kdc_ip_string,
+ domain,
+ kdc_ip_string,
include_system_krb5);
if (!file_contents) {
diff --git a/source3/modules/vfs_ring.c b/source3/modules/vfs_ring.c
new file mode 100644
index 00000000000..eedcb25c3d8
--- /dev/null
+++ b/source3/modules/vfs_ring.c
@@ -0,0 +1,115 @@
+/*
+ * VFS module implementing get_real_filename for Scality SOFS
+ *
+ * Copyright (C) 2016, Jean-Marc Saffroy <j...@scality.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "smbd/smbd.h"
+
+#define DBG 10
+
+#define GRFN_PREFIX "scal.grfn."
+#define GRFN_PREFIX_LEN (sizeof(GRFN_PREFIX)-1)
+
+static int vfs_ring_get_real_filename(struct vfs_handle_struct *handle,
+ const struct smb_filename *dirpath,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name)
+{
+ const char *path = dirpath->base_name;
+ bool mangled;
+ char attr_name [NAME_MAX+1];
+ char attr_value[NAME_MAX+1];
+ int rc;
+ const struct smb_filename *smb_fname = NULL;
+
+ if (!strcmp(path, ""))
+ path = ".";
+
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ path,
+ NULL,
+ NULL,
+ dirpath->twrp,
+ 0);
+ if (smb_fname == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" lookup \"%s\"\n",
+ path, name));
+
+ mangled = mangle_is_mangled(name, handle->conn->params);
+ if (mangled) {
+ return SMB_VFS_NEXT_GET_REAL_FILENAME(
+ handle, dirpath, name, mem_ctx, found_name);
+ }
+
+ if (strlen(name) > NAME_MAX - GRFN_PREFIX_LEN) {
+ errno = ENAMETOOLONG;
+ return -1;
+ }
+
+ strncpy(attr_name, GRFN_PREFIX, sizeof(attr_name));
+ strncpy(attr_name + GRFN_PREFIX_LEN, name,
+ sizeof(attr_name) - GRFN_PREFIX_LEN);
+
+ rc = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, attr_name,
+ attr_value, sizeof(attr_value));
+ if (rc < 0) {
+ DEBUG(DBG, ("vfs_ring_get_real_filename:
getxattr(\"%s\",\"%s\") -> %s\n",
+ path, name, strerror(errno)));
+ if (errno == EOPNOTSUPP)
+ return SMB_VFS_NEXT_GET_REAL_FILENAME(
+ handle, dirpath, name, mem_ctx, found_name);
+ if (errno == ENOATTR)
+ errno = ENOENT;
+ return -1;
+ }
+
+ attr_value[rc] = 0;
+ *found_name = talloc_strdup(mem_ctx, attr_value);
+ if (*found_name == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" found \"%s\" as
\"%s\"\n",
+ path, name, *found_name));
+
+ return 0;
+}
+
+static struct vfs_fn_pointers vfs_ring_fns = {
+ .get_real_filename_fn = vfs_ring_get_real_filename,
+};
+
+NTSTATUS vfs_ring_init(TALLOC_CTX *);
+NTSTATUS vfs_ring_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS ret;
+
+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "ring",
+ &vfs_ring_fns);
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
+
+ return ret;
+}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 09528f38070..9ae787aa6f4 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -598,6 +598,14 @@ bld.SAMBA3_MODULE('vfs_vxfs',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_vxfs'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_vxfs'))
+bld.SAMBA3_MODULE('vfs_ring',
+ subsystem='vfs',
+ source='vfs_ring.c',
+ deps='talloc',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_ring'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_ring'))
+
bld.SAMBA3_MODULE('vfs_offline',
subsystem='vfs',
source='vfs_offline.c',
diff --git a/source3/wscript b/source3/wscript
index 335cfd797f1..3f490bae336 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1941,6 +1941,7 @@ main() {
vfs_media_harmony vfs_unityed_media
vfs_fruit vfs_shell_snap
vfs_commit vfs_worm vfs_crossrename
vfs_linux_xfs_sgid
vfs_time_audit vfs_offline
vfs_virusfilter vfs_widelinks
+ vfs_ring
'''))
if host_os.rfind('linux') > -1:
default_shared_modules.extend(['vfs_snapper'])
diff --git a/source4/heimdal_build/wscript_build
b/source4/heimdal_build/wscript_build
index e031d9831ff..9904b245218 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -382,12 +382,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
../heimdal_build/replace.c
'''
- if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
- ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + '''
- ../../lib/replace/closefrom.c
- '''
- else:
- ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
+ ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
ROKEN_SOURCE = ROKEN_COMMON_SOURCE + '''
lib/roken/resolve.c
--
Samba Shared Repository
