The branch, v4-12-test has been updated
via 02ee82f6e4d waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS
> 3.6.14
via 60ddb7b2007 s3:smbd: Fix %U substitutions if it contains a domain
name
via 20d3cf455c6 s3:tests: Add test for 'valid users = DOMAIN\%U'
from 2207bc89005 lib/replace: move lib/replace/closefrom.c from
ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -----------------------------------------------------------------
commit 02ee82f6e4da19c801b7b4691804249b62b92166
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 10 11:34:50 2020 +0200
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
(cherry picked from commit 94808cc50e4350a8c3bc250a886e8d4e7802dd12)
Autobuild-User(v4-12-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-12-test): Mon Sep 14 12:08:34 UTC 2020 on sn-devel-184
commit 60ddb7b20071b00f0cd7f1cb818022220eb0c279
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 17 14:12:48 2020 +0200
s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit 5de7c91e6d4e98f438157a7675c8582cabdd828d)
commit 20d3cf455c631c6cea6d471333779cc15d0e8d8a
Author: Andreas Schneider <[email protected]>
Date: Mon Aug 17 13:39:58 2020 +0200
s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit 53b6dd951249052772e1ffcf651b7efd0963b931)
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba3.pm | 4 ++++
source3/script/tests/test_substitutions.sh | 5 +++++
source3/smbd/share_access.c | 18 +++++++++++++++++-
wscript_configure_system_gnutls | 5 ++++-
4 files changed, 30 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d76bd4809e4..01d061f31bf 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -427,6 +427,10 @@ sub setup_ad_member
path = $share_dir/D_%D/u_%u/g_%g
writeable = yes
+[sub_valid_users]
+ path = $share_dir
+ valid users = ADDOMAIN/%U
+
";
my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
diff --git a/source3/script/tests/test_substitutions.sh
b/source3/script/tests/test_substitutions.sh
index 1a46f11c85d..c813a8f9def 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -34,4 +34,9 @@ SMB_UNC="//$SERVER/sub_dug2"
test_smbclient "Test login to share with substitution (Dug)" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+SMB_UNC="//$SERVER/sub_valid_users"
+
+test_smbclient "Test login to share with substitution for valid users" \
+ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+
exit $failed
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index 0b8f6e48e34..57754a0f766 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -79,7 +79,23 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx,
enum lsa_SidType type;
if (username != NULL) {
- name = talloc_sub_basic(mem_ctx, username, domain, name);
+ size_t domain_len = strlen(domain);
+
+ /* Check if username starts with domain name */
+ if (domain_len > 0) {
+ const char *sep = lp_winbind_separator();
+ int cmp = strncasecmp_m(username, domain, domain_len);
+ if (cmp == 0 && sep[0] == username[domain_len]) {
+ /* Move after the winbind separator */
+ domain_len += 1;
+ } else {
+ domain_len = 0;
+ }
+ }
+ name = talloc_sub_basic(mem_ctx,
+ username + domain_len,
+ domain,
+ name);
}
if (sharename != NULL) {
name = talloc_string_sub(mem_ctx, name, "%S", sharename);
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index b2b955f3c90..8ae1f04eaf7 100644
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -26,7 +26,10 @@ conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid',
'gnutls')
# in 3.6.11, see:
#
# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
-if (parse_version('3.6.10') != parse_version(gnutls_version)):
+#
+# 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM
+# https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
+if (parse_version(gnutls_version) > parse_version('3.6.14')):
conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
--
Samba Shared Repository
