The branch, v4-16-stable has been updated
via 3a2c1b12f84 VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc5 release.
via c3ee2db15a8 WHATSNEW: Add release notes for Samba 4.16.0rc5.
via 4b6a6af868c s4:kdc: redirect pre-authentication failures to an RWDC
via b8e20583b05 s4:kdc: let pac functions in wdc-samba4.c take
astgs_request_t
via 302f9acb4a0 third_party/heimdal: import
lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
via 9df5283f3d9 s3:utils: assign ids to struct to list shares correctly
via 364b16068b1 s3:tests: Add a test to check the output of smbstatus.
via de8fc990b21 s3: smbd: Fix our leases code to return the correct
error in the non-dynamic share case.
via 7995e03b39e s4: torture: Add new SMB2 lease test
test_lease_duplicate_open().
via 423bbea002e s4: torture: Add new SMB2 lease test
test_lease_duplicate_create().
via 5caac70d8d4 s3:trusts_utils: use a password length of 120 for
machine accounts
via a31721982fe upgradehelpers.py: add a comment to
update_krbtgt_account_password()
via 8c9bb2cafd6 provision: add a comment that the value of krbtgtpass
is ignored in the backend
via 66d8622b646 upgradehelpers.py: let
update_machine_account_password() use 120 character passwords
via 4872e1af2c1 provision: use 120 characters for the dns account
password
via e13a72df5f2 samba-tool/join_member: let py_net_join_member() choose
the password
via ac61afa5022 s3:py_net: allow machinepass=None to
py_net_join_member()
via c240b977dbe s4/auth/simple_bind: correctly report TLS state
via 5dee3a6834c pytest:auth_log: expect TLS connections when using ldaps
via 5b6ca18e020 s4:kdc: hdb_samba4_audit() is only called once per
request
via 794c717ba75 s4-kdc: Adapt to move from HDB auditing to KDC auditing
constants
via 71912b630e9 s4:kdc: Adapt to removal of publicly accessible request
structure members
via 12a61bb7416 s4:kdc: Adapt to hdb_entry_ex removal
via f90e729e01e s4:kdc: Increment plugin minor version
via 8ae5ce46e57 third_party/heimdal_build: Don't generate .x source
files
via 5493c1a5df6 s4:kdc: Explicitly set plugin minor version
via 0918e692fac third_party/heimdal_build: Add SFU source file
via b6e2028f277 s4:kdc: Adapt to removal of auth audit event types
via 9e763005266 s4:kdc: Rename windc to kdc plugin
via b88d8924980 s4:kdc: Add referral policy callback
via cef9e6f8514 s4:kdc: Add 'not authorised' auth events
via 115d8e493fe s4:kdc: Adapt to removal of auth event details
via 9627ee616b5 s4:kdc: Refactor HDB API
via 26880578a5f third_party/heimdal_build: Add source files to build
via e26fbf420e4 third_party/heimdal: import
lorikeet-heimdal-202203010107 (commit 0e7a12404c388e831fe6933fcc3c86e7eb334825)
via c9a77ff43e0 third_party/heimdal_build: Define fallthrough macro for
switch statements
via 947ad1581a6 third_party/heimdal_build: Determine whether time_t is
signed
via 97011aa3ce1 s4:kdc: Don't pass empty PAC buffers to
krb5_pac_add_buffer()
via 77ed10e2ff8 third_party/heimdal_build: Add KDC_LIB macro definitions
via 635c8b730f7 auth: Cope with NULL upn_name in PAC
via b668c076722 s4:sam: Don't use talloc_steal for msg attributes in
authsam_make_user_info_dc()
via 9fd10105530 smbd: Fix a use-after-free
via 91c7a2cb662 VERSION: Bump version up to Samba 4.16.0rc5...
from 3b4041236d1 VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 33 +-
auth/auth_sam_reply.c | 12 +-
buildtools/wafsamba/samba_autoconf.py | 17 +
python/samba/netcmd/domain.py | 2 -
python/samba/provision/__init__.py | 5 +-
python/samba/tests/auth_log.py | 8 +-
python/samba/upgradehelpers.py | 11 +-
selftest/knownfail | 1 -
source3/libsmb/trusts_util.c | 14 +-
source3/script/tests/test_smbstatus.sh | 98 ++
source3/smbd/filename.c | 7 +
source3/smbd/open.c | 38 +-
source3/utils/conn_tdb.c | 2 +
source3/utils/py_net.c | 2 +-
source4/auth/ntlm/auth_simple.c | 4 +-
source4/auth/sam.c | 19 +-
source4/dsdb/tests/python/rodc_rwdc.py | 3 +-
source4/kdc/hdb-samba4.c | 258 ++--
source4/kdc/kdc-glue.c | 4 +-
source4/kdc/kdc-glue.h | 4 +-
source4/kdc/kdc-heimdal.c | 22 +-
source4/kdc/pac-glue.c | 5 +-
source4/kdc/sdb_to_hdb.c | 26 +-
source4/kdc/wdc-samba4.c | 104 +-
source4/kdc/wscript_build | 2 +-
source4/torture/smb2/lease.c | 124 ++
third_party/heimdal/.github/workflows/build.yml | 67 -
third_party/heimdal/.gitignore | 236 +++-
third_party/heimdal/Makefile.am | 1 -
third_party/heimdal/README.md | 9 +-
third_party/heimdal/admin/change.c | 1 -
third_party/heimdal/appl/afsutil/afslog.c | 2 +-
third_party/heimdal/appl/gssmask/gssmask.c | 2 +
third_party/heimdal/appl/kf/kf.c | 4 +-
third_party/heimdal/appl/otp/otp.c | 12 +-
third_party/heimdal/appl/test/gssapi_server.c | 23 +-
third_party/heimdal/appl/test/uu_server.c | 7 +
third_party/heimdal/appveyor.yml | 72 +-
third_party/heimdal/cf/Makefile.am.common | 19 +-
third_party/heimdal/cf/ax_check_sign.m4 | 54 +
third_party/heimdal/cf/check-compile-flag.m4 | 53 +
third_party/heimdal/cf/db.m4 | 6 +-
third_party/heimdal/cf/krb-prog-yacc.m4 | 12 +-
third_party/heimdal/cf/roken-frag.m4 | 6 -
third_party/heimdal/configure.ac | 38 +-
third_party/heimdal/import-lorikeet.sh | 22 +-
third_party/heimdal/include/Makefile.am | 33 +-
third_party/heimdal/include/bits.c | 51 +-
third_party/heimdal/include/config.h.w32 | 37 +-
third_party/heimdal/kadmin/add-random-users.c | 2 +-
third_party/heimdal/kadmin/add_enctype.c | 4 +-
third_party/heimdal/kadmin/ank.c | 40 +-
third_party/heimdal/kadmin/cpw.c | 16 +-
third_party/heimdal/kadmin/del.c | 12 +-
third_party/heimdal/kadmin/ext.c | 2 +-
third_party/heimdal/kadmin/get.c | 2 +
third_party/heimdal/kadmin/init.c | 202 ++-
third_party/heimdal/kadmin/kadm_conn.c | 9 +-
third_party/heimdal/kadmin/kadmin.1 | 33 +-
third_party/heimdal/kadmin/kadmind.c | 2 +
third_party/heimdal/kadmin/load.c | 54 +-
third_party/heimdal/kadmin/mod.c | 15 +-
third_party/heimdal/kadmin/rpc.c | 4 +-
third_party/heimdal/kadmin/server.c | 315 ++---
third_party/heimdal/kadmin/stash.c | 5 +-
third_party/heimdal/kcm/cache.c | 10 +-
third_party/heimdal/kcm/client.c | 37 +
third_party/heimdal/kcm/glue.c | 2 +-
third_party/heimdal/kcm/protocol.c | 24 +-
third_party/heimdal/kdc/Makefile.am | 14 +-
third_party/heimdal/kdc/NTMakefile | 18 +-
.../heimdal/kdc/altsecid_gss_preauth_authorizer.c | 85 +-
third_party/heimdal/kdc/bx509d.c | 170 ++-
third_party/heimdal/kdc/ca.c | 4 +-
third_party/heimdal/kdc/cjwt_token_validator.c | 9 +-
third_party/heimdal/kdc/config.c | 2 +-
third_party/heimdal/kdc/connect.c | 19 +-
third_party/heimdal/kdc/csr_authorizer.c | 2 +-
third_party/heimdal/kdc/default_config.c | 5 +-
third_party/heimdal/kdc/digest-service.c | 9 +-
third_party/heimdal/kdc/digest.c | 46 +-
third_party/heimdal/kdc/fast.c | 55 +-
third_party/heimdal/kdc/gss_preauth.c | 78 +-
.../heimdal/kdc/gss_preauth_authorizer_plugin.h | 6 +-
third_party/heimdal/kdc/headers.h | 3 +-
third_party/heimdal/kdc/hprop.8 | 1 -
third_party/heimdal/kdc/hprop.c | 23 +-
third_party/heimdal/kdc/hprop.h | 18 +-
third_party/heimdal/kdc/hpropd.8 | 3 -
third_party/heimdal/kdc/hpropd.c | 11 +-
third_party/heimdal/kdc/httpkadmind.c | 73 +-
third_party/heimdal/kdc/ipc_csr_authorizer.c | 20 +-
third_party/heimdal/kdc/kdc-accessors.h | 369 ++++++
.../gssapi/mech/mech_locl.h => kdc/kdc-audit.h} | 71 +-
third_party/heimdal/kdc/kdc-plugin.c | 654 ++++++++++
third_party/heimdal/kdc/kdc-plugin.h | 134 ++
third_party/heimdal/kdc/kdc-replay.c | 2 +
third_party/heimdal/kdc/kdc.h | 168 +--
third_party/heimdal/kdc/kdc_locl.h | 114 +-
third_party/heimdal/kdc/kerberos5.c | 704 +++++------
third_party/heimdal/kdc/krb5tgs.c | 965 +++++----------
third_party/heimdal/kdc/kstash.c | 2 +
third_party/heimdal/kdc/kx509.c | 130 +-
third_party/heimdal/kdc/libkdc-exports.def | 86 +-
third_party/heimdal/kdc/log.c | 10 +-
third_party/heimdal/kdc/misc.c | 103 +-
third_party/heimdal/kdc/mit_dump.c | 6 +-
third_party/heimdal/kdc/mssfu.c | 567 +++++++++
.../heimdal/kdc/negotiate_token_validator.c | 2 -
third_party/heimdal/kdc/pkinit.c | 30 +-
third_party/heimdal/kdc/process.c | 204 +++-
third_party/heimdal/kdc/rx.h | 79 --
third_party/heimdal/kdc/set_dbinfo.c | 2 +-
third_party/heimdal/kdc/simple_csr_authorizer.c | 24 +-
third_party/heimdal/kdc/string2key.c | 6 +-
third_party/heimdal/kdc/test_kdc_ca.c | 5 +-
third_party/heimdal/kdc/token_validator.c | 2 +-
third_party/heimdal/kdc/version-script.map | 81 +-
third_party/heimdal/kdc/windc.c | 252 ----
third_party/heimdal/kdc/windc_plugin.h | 92 --
third_party/heimdal/kpasswd/kpasswdd.c | 2 +
third_party/heimdal/kuser/generate-requests.c | 2 +-
third_party/heimdal/kuser/kgetcred.c | 3 +
third_party/heimdal/kuser/kimpersonate.c | 27 +-
third_party/heimdal/kuser/kinit.c | 34 +-
third_party/heimdal/kuser/klist.c | 15 +-
third_party/heimdal/kuser/kswitch.c | 5 +-
third_party/heimdal/kuser/kuser_locl.h | 4 +
third_party/heimdal/lib/asn1/MANUAL.md | 1287 ++++++++++++++++++++
third_party/heimdal/lib/asn1/Makefile.am | 361 +++---
third_party/heimdal/lib/asn1/NTMakefile | 281 +++--
third_party/heimdal/lib/asn1/README.md | 326 +++--
third_party/heimdal/lib/asn1/asn1-template.h | 75 +-
third_party/heimdal/lib/asn1/asn1_compile.1 | 263 +++-
third_party/heimdal/lib/asn1/asn1_print.c | 32 +-
third_party/heimdal/lib/asn1/asn1parse.y | 141 ++-
third_party/heimdal/lib/asn1/check-common.h | 3 +-
third_party/heimdal/lib/asn1/check-der.c | 2 +
third_party/heimdal/lib/asn1/check-gen.c | 144 ++-
third_party/heimdal/lib/asn1/check-gen.h | 9 +
third_party/heimdal/lib/asn1/check-template.c | 13 +
third_party/heimdal/lib/asn1/der_copy.c | 103 +-
third_party/heimdal/lib/asn1/der_get.c | 92 +-
third_party/heimdal/lib/asn1/der_put.c | 68 +-
third_party/heimdal/lib/asn1/extra.c | 8 +-
third_party/heimdal/lib/asn1/gen.c | 186 ++-
third_party/heimdal/lib/asn1/gen_copy.c | 47 +-
third_party/heimdal/lib/asn1/gen_decode.c | 6 +-
third_party/heimdal/lib/asn1/gen_encode.c | 29 +-
third_party/heimdal/lib/asn1/gen_free.c | 55 +-
third_party/heimdal/lib/asn1/gen_glue.c | 11 +-
third_party/heimdal/lib/asn1/gen_locl.h | 17 +-
third_party/heimdal/lib/asn1/gen_template.c | 172 ++-
third_party/heimdal/lib/asn1/krb5.asn1 | 100 +-
third_party/heimdal/lib/asn1/krb5.opt | 2 +
third_party/heimdal/lib/asn1/libasn1-exports.def | 31 +
third_party/heimdal/lib/asn1/main.c | 240 +++-
third_party/heimdal/lib/asn1/oid_resolution.c | 75 +-
third_party/heimdal/lib/asn1/symbol.h | 5 +-
third_party/heimdal/lib/asn1/template.c | 56 +-
third_party/heimdal/lib/asn1/test.asn1 | 12 +-
third_party/heimdal/lib/asn1/test.opt | 6 +
third_party/heimdal/lib/base/array.c | 4 +-
third_party/heimdal/lib/base/bsearch.c | 24 +-
third_party/heimdal/lib/base/data.c | 9 +-
third_party/heimdal/lib/base/db.c | 24 +-
third_party/heimdal/lib/base/dict.c | 8 +-
third_party/heimdal/lib/base/dll.c | 3 +-
third_party/heimdal/lib/base/error.c | 4 +-
third_party/heimdal/lib/base/error_string.c | 7 +-
third_party/heimdal/lib/base/expand_path.c | 58 +-
third_party/heimdal/lib/base/heimbase-svc.h | 8 +-
third_party/heimdal/lib/base/heimbase.c | 35 +-
third_party/heimdal/lib/base/heimbase.h | 9 +-
third_party/heimdal/lib/base/heimbasepriv.h | 3 +-
third_party/heimdal/lib/base/log.c | 363 ++++--
third_party/heimdal/lib/base/number.c | 22 +-
third_party/heimdal/lib/base/plugin.c | 16 +-
third_party/heimdal/lib/base/string.c | 6 +-
third_party/heimdal/lib/base/test_base.c | 6 +-
third_party/heimdal/lib/base/version-script.map | 7 +
third_party/heimdal/lib/com_err/Makefile.am | 2 +-
third_party/heimdal/lib/gss_preauth/pa_client.c | 3 +-
third_party/heimdal/lib/gss_preauth/pa_common.c | 5 -
third_party/heimdal/lib/gssapi/Makefile.am | 55 +-
third_party/heimdal/lib/gssapi/NTMakefile | 38 +-
third_party/heimdal/lib/gssapi/gss-token.c | 11 +-
third_party/heimdal/lib/gssapi/gssapi/gssapi.h | 16 +-
.../heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 2 +
.../heimdal/lib/gssapi/krb5/accept_sec_context.c | 140 +--
third_party/heimdal/lib/gssapi/krb5/acquire_cred.c | 52 +-
third_party/heimdal/lib/gssapi/krb5/arcfour.c | 13 +-
third_party/heimdal/lib/gssapi/krb5/copy_ccache.c | 5 +-
.../heimdal/lib/gssapi/krb5/export_sec_context.c | 2 +-
third_party/heimdal/lib/gssapi/krb5/external.c | 19 +-
third_party/heimdal/lib/gssapi/krb5/import_name.c | 35 +-
.../heimdal/lib/gssapi/krb5/init_sec_context.c | 41 +-
third_party/heimdal/lib/gssapi/krb5/name_attrs.c | 1171 ++++++++++++++++++
third_party/heimdal/lib/gssapi/krb5/store_cred.c | 5 +-
third_party/heimdal/lib/gssapi/krb5/test_kcred.c | 6 +-
.../heimdal/lib/gssapi/libgssapi-exports.def | 2 +-
.../heimdal/lib/gssapi/mech/gss_compare_name.c | 10 +-
third_party/heimdal/lib/gssapi/mech/gss_cred.c | 6 +-
.../lib/gssapi/mech/gss_export_sec_context.c | 4 +
.../heimdal/lib/gssapi/mech/gss_import_name.c | 82 +-
.../lib/gssapi/mech/gss_import_sec_context.c | 6 +-
third_party/heimdal/lib/gssapi/mech/gss_krb5.c | 7 +-
.../heimdal/lib/gssapi/mech/gss_mech_switch.c | 47 +-
.../heimdal/lib/gssapi/mech/gss_pname_to_uid.c | 4 +
third_party/heimdal/lib/gssapi/mech/mech_locl.h | 11 +-
.../heimdal/lib/gssapi/ntlm/accept_sec_context.c | 2 +
third_party/heimdal/lib/gssapi/ntlm/creds.c | 4 -
third_party/heimdal/lib/gssapi/ntlm/crypto.c | 5 +-
.../heimdal/lib/gssapi/ntlm/delete_sec_context.c | 6 +
.../heimdal/lib/gssapi/ntlm/init_sec_context.c | 22 +-
third_party/heimdal/lib/gssapi/ntlm/kdc.c | 1 +
third_party/heimdal/lib/gssapi/sanon/import_name.c | 25 +-
.../heimdal/lib/gssapi/spnego/accept_sec_context.c | 1 +
third_party/heimdal/lib/gssapi/spnego/negoex_ctx.c | 28 +-
third_party/heimdal/lib/gssapi/test_context.c | 168 ++-
third_party/heimdal/lib/gssapi/test_kcred.c | 18 +-
third_party/heimdal/lib/gssapi/test_names.c | 464 ++++++-
third_party/heimdal/lib/gssapi/version-script.map | 2 +-
third_party/heimdal/lib/hcrypto/Makefile.am | 27 +-
third_party/heimdal/lib/hcrypto/bn.c | 8 +-
third_party/heimdal/lib/hcrypto/des.c | 1 +
third_party/heimdal/lib/hcrypto/dh-ltm.c | 57 +-
third_party/heimdal/lib/hcrypto/dh.c | 2 +-
third_party/heimdal/lib/hcrypto/engine.c | 35 +-
third_party/heimdal/lib/hcrypto/evp.c | 9 +-
third_party/heimdal/lib/hcrypto/hmac.c | 28 +-
third_party/heimdal/lib/hcrypto/hmac.h | 2 +-
.../lib/hcrypto/libtommath/bn_mp_set_double.c | 2 +-
.../lib/hcrypto/libtommath/bn_s_mp_rand_platform.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/demo/test.c | 2 +-
.../heimdal/lib/hcrypto/libtommath/etc/tune.c | 2 +-
third_party/heimdal/lib/hcrypto/rsa-ltm.c | 7 +-
third_party/heimdal/lib/hcrypto/rsa.c | 7 +-
third_party/heimdal/lib/hcrypto/test_hmac.c | 6 +-
third_party/heimdal/lib/hcrypto/validate.c | 3 +-
third_party/heimdal/lib/hdb/Makefile.am | 67 +-
third_party/heimdal/lib/hdb/NTMakefile | 12 +-
third_party/heimdal/lib/hdb/common.c | 375 ++++--
third_party/heimdal/lib/hdb/db.c | 22 +-
third_party/heimdal/lib/hdb/db3.c | 22 +-
third_party/heimdal/lib/hdb/ext.c | 4 +-
third_party/heimdal/lib/hdb/hdb-keytab.c | 22 +-
third_party/heimdal/lib/hdb/hdb-ldap.c | 363 +++---
third_party/heimdal/lib/hdb/hdb-mdb.c | 22 +-
third_party/heimdal/lib/hdb/hdb-mitdb.c | 89 +-
third_party/heimdal/lib/hdb/hdb-sqlite.c | 39 +-
third_party/heimdal/lib/hdb/hdb.asn1 | 2 +-
third_party/heimdal/lib/hdb/hdb.c | 98 +-
third_party/heimdal/lib/hdb/hdb.h | 175 +--
third_party/heimdal/lib/hdb/hdb.opt | 5 +
third_party/heimdal/lib/hdb/keys.c | 2 +-
third_party/heimdal/lib/hdb/keytab.c | 50 +-
third_party/heimdal/lib/hdb/libhdb-exports.def | 1 -
third_party/heimdal/lib/hdb/ndbm.c | 53 +-
third_party/heimdal/lib/hdb/print.c | 20 +-
third_party/heimdal/lib/hdb/test_concurrency.c | 58 +-
third_party/heimdal/lib/hdb/test_namespace.c | 162 ++-
third_party/heimdal/lib/hdb/version-script.map | 1 -
third_party/heimdal/lib/hx509/Makefile.am | 3 +-
third_party/heimdal/lib/hx509/ca.c | 21 +-
third_party/heimdal/lib/hx509/cert.c | 42 +-
third_party/heimdal/lib/hx509/cms.c | 6 +-
third_party/heimdal/lib/hx509/collector.c | 3 +-
third_party/heimdal/lib/hx509/crypto.c | 4 +
third_party/heimdal/lib/hx509/error.c | 66 +-
third_party/heimdal/lib/hx509/file.c | 12 +-
third_party/heimdal/lib/hx509/hxtool.c | 28 +-
third_party/heimdal/lib/hx509/keyset.c | 5 +-
third_party/heimdal/lib/hx509/ks_file.c | 29 +-
third_party/heimdal/lib/hx509/name.c | 71 +-
third_party/heimdal/lib/hx509/print.c | 5 +
third_party/heimdal/lib/hx509/req.c | 22 +-
third_party/heimdal/lib/hx509/revoke.c | 4 +
third_party/heimdal/lib/hx509/sel-gram.y | 4 +
third_party/heimdal/lib/hx509/softp11.c | 8 +-
third_party/heimdal/lib/ipc/Makefile.am | 4 +
third_party/heimdal/lib/ipc/server.c | 15 +-
third_party/heimdal/lib/kadm5/ad.c | 2 +
third_party/heimdal/lib/kadm5/chpass_s.c | 56 +-
third_party/heimdal/lib/kadm5/context_s.c | 16 +-
third_party/heimdal/lib/kadm5/create_s.c | 32 +-
third_party/heimdal/lib/kadm5/delete_s.c | 8 +-
third_party/heimdal/lib/kadm5/ent_setup.c | 78 +-
third_party/heimdal/lib/kadm5/get_princs_s.c | 8 +-
third_party/heimdal/lib/kadm5/get_s.c | 143 +--
third_party/heimdal/lib/kadm5/init_c.c | 12 +-
third_party/heimdal/lib/kadm5/init_s.c | 6 +-
third_party/heimdal/lib/kadm5/iprop-log.c | 67 +-
third_party/heimdal/lib/kadm5/ipropd_common.c | 1 +
third_party/heimdal/lib/kadm5/ipropd_master.c | 31 +-
third_party/heimdal/lib/kadm5/ipropd_slave.c | 8 +-
third_party/heimdal/lib/kadm5/log.c | 172 ++-
third_party/heimdal/lib/kadm5/marshall.c | 254 ++--
third_party/heimdal/lib/kadm5/modify_s.c | 12 +-
third_party/heimdal/lib/kadm5/prune_s.c | 10 +-
third_party/heimdal/lib/kadm5/randkey_c.c | 2 +-
third_party/heimdal/lib/kadm5/randkey_s.c | 26 +-
third_party/heimdal/lib/kadm5/rename_s.c | 32 +-
third_party/heimdal/lib/kadm5/set_keys.c | 2 +
third_party/heimdal/lib/kadm5/setkey3_s.c | 28 +-
third_party/heimdal/lib/kafs/Makefile.am | 2 +
third_party/heimdal/lib/kafs/afskrb5.c | 2 -
third_party/heimdal/lib/kafs/afssys.c | 2 +
third_party/heimdal/lib/kafs/rxkad_kdf.c | 8 +-
third_party/heimdal/lib/krb5/Makefile.am | 4 +-
third_party/heimdal/lib/krb5/NTMakefile | 2 +
third_party/heimdal/lib/krb5/acache.c | 27 +-
third_party/heimdal/lib/krb5/acl.c | 2 +-
third_party/heimdal/lib/krb5/addr_families.c | 19 +-
third_party/heimdal/lib/krb5/aes-test.c | 22 +-
third_party/heimdal/lib/krb5/asn1_glue.c | 94 +-
third_party/heimdal/lib/krb5/auth_context.c | 5 +-
third_party/heimdal/lib/krb5/cache.c | 25 +-
third_party/heimdal/lib/krb5/context.c | 15 +-
third_party/heimdal/lib/krb5/crypto-evp.c | 7 +-
third_party/heimdal/lib/krb5/crypto.c | 7 +-
third_party/heimdal/lib/krb5/data.c | 7 +-
third_party/heimdal/lib/krb5/dcache.c | 14 +-
third_party/heimdal/lib/krb5/deprecated.c | 10 +-
third_party/heimdal/lib/krb5/enomem.c | 2 +-
third_party/heimdal/lib/krb5/error_string.c | 19 +-
third_party/heimdal/lib/krb5/expand_path.c | 4 +-
third_party/heimdal/lib/krb5/fast.c | 13 +-
third_party/heimdal/lib/krb5/fcache.c | 15 +-
third_party/heimdal/lib/krb5/generate_subkey.c | 2 +-
third_party/heimdal/lib/krb5/get_cred.c | 54 +-
third_party/heimdal/lib/krb5/get_in_tkt.c | 2 +-
third_party/heimdal/lib/krb5/init_creds_pw.c | 147 +--
third_party/heimdal/lib/krb5/kcm.c | 267 +++-
third_party/heimdal/lib/krb5/keytab.c | 68 +-
third_party/heimdal/lib/krb5/keytab_file.c | 3 +-
third_party/heimdal/lib/krb5/keytab_keyfile.c | 2 +-
third_party/heimdal/lib/krb5/krb5.conf.5 | 6 -
third_party/heimdal/lib/krb5/krb5.h | 120 +-
third_party/heimdal/lib/krb5/krb5_locl.h | 2 +
third_party/heimdal/lib/krb5/krbhst-test.c | 17 +-
third_party/heimdal/lib/krb5/krbhst.c | 24 +-
third_party/heimdal/lib/krb5/krcache.c | 31 +-
third_party/heimdal/lib/krb5/kx509.c | 62 +-
.../heimdal/lib/krb5/libkrb5-exports.def.in | 7 +
third_party/heimdal/lib/krb5/mcache.c | 4 +-
third_party/heimdal/lib/krb5/mk_cred.c | 15 +-
third_party/heimdal/lib/krb5/pac.c | 137 ++-
third_party/heimdal/lib/krb5/pkinit.c | 21 +-
third_party/heimdal/lib/krb5/principal.c | 42 +-
third_party/heimdal/lib/krb5/rd_cred.c | 2 +-
third_party/heimdal/lib/krb5/rd_req.c | 66 +-
third_party/heimdal/lib/krb5/replay.c | 4 +-
third_party/heimdal/lib/krb5/salt-arcfour.c | 6 +-
third_party/heimdal/lib/krb5/scache.c | 91 +-
third_party/heimdal/lib/krb5/send_to_kdc.c | 14 +-
third_party/heimdal/lib/krb5/sp800-108-kdf.c | 5 +-
third_party/heimdal/lib/krb5/store.c | 24 +-
third_party/heimdal/lib/krb5/store_emem.c | 25 +-
third_party/heimdal/lib/krb5/store_stdio.c | 2 +
third_party/heimdal/lib/krb5/test_alname.c | 2 +-
third_party/heimdal/lib/krb5/test_ap-req.c | 1 +
third_party/heimdal/lib/krb5/test_cc.c | 10 +-
third_party/heimdal/lib/krb5/test_hostname.c | 4 +-
third_party/heimdal/lib/krb5/test_rfc3961.c | 1 +
third_party/heimdal/lib/krb5/test_set_kvno0.c | 5 +-
third_party/heimdal/lib/krb5/ticket.c | 91 +-
third_party/heimdal/lib/krb5/transited.c | 19 +-
third_party/heimdal/lib/krb5/verify_user.c | 13 +-
third_party/heimdal/lib/krb5/version-script.map | 7 +
third_party/heimdal/lib/ntlm/digest.c | 2 +-
third_party/heimdal/lib/ntlm/ntlm.c | 75 +-
third_party/heimdal/lib/otp/otp_md.c | 4 +-
third_party/heimdal/lib/roken/Makefile.am | 6 +-
third_party/heimdal/lib/roken/base32-test.c | 3 +-
third_party/heimdal/lib/roken/base32.c | 12 +-
third_party/heimdal/lib/roken/base64-test.c | 3 +-
third_party/heimdal/lib/roken/base64.c | 4 +-
third_party/heimdal/lib/roken/copyhostent.c | 3 +-
third_party/heimdal/lib/roken/detach.c | 3 +-
third_party/heimdal/lib/roken/dirent-test.c | 6 +-
third_party/heimdal/lib/roken/environment.c | 15 +-
third_party/heimdal/lib/roken/fnmatch.c | 2 +-
third_party/heimdal/lib/roken/freeaddrinfo.c | 2 +-
third_party/heimdal/lib/roken/freehostent.c | 2 +-
third_party/heimdal/lib/roken/getaddrinfo.c | 10 +-
third_party/heimdal/lib/roken/getcap.c | 996 ---------------
third_party/heimdal/lib/roken/getipnodebyaddr.c | 2 +-
third_party/heimdal/lib/roken/getipnodebyname.c | 2 +-
third_party/heimdal/lib/roken/getnameinfo.c | 8 +-
third_party/heimdal/lib/roken/getuserinfo.c | 30 +-
third_party/heimdal/lib/roken/hex-test.c | 35 +-
third_party/heimdal/lib/roken/hex.c | 28 +-
third_party/heimdal/lib/roken/mergesort_r.c | 4 +-
third_party/heimdal/lib/roken/ndbm_wrap.c | 2 +
third_party/heimdal/lib/roken/net_write.c | 7 +-
third_party/heimdal/lib/roken/resolve-test.c | 2 +-
third_party/heimdal/lib/roken/roken-common.h | 6 +
third_party/heimdal/lib/roken/roken.h.in | 60 +-
third_party/heimdal/lib/roken/snprintf.c | 2 +-
third_party/heimdal/lib/roken/socket.c | 29 +-
third_party/heimdal/lib/roken/strftime.c | 7 +-
third_party/heimdal/lib/roken/strptime.c | 2 +-
third_party/heimdal/lib/roken/strtoll.c | 3 +
third_party/heimdal/lib/roken/strtoull.c | 3 +
third_party/heimdal/lib/roken/test-getuserinfo.c | 3 +-
third_party/heimdal/lib/roken/test-mini_inetd.c | 2 +-
third_party/heimdal/lib/roken/timeval.c | 215 +++-
third_party/heimdal/lib/roken/version-script.map | 5 +-
third_party/heimdal/lib/roken/vis.c | 17 +-
third_party/heimdal/lib/sl/Makefile.am | 2 +-
third_party/heimdal/lib/sl/sl.c | 2 +
third_party/heimdal/lib/sl/slc-gram.y | 1 +
third_party/heimdal/lib/wind/idn-lookup.c | 6 +-
third_party/heimdal/lib/wind/utf8.c | 18 +-
.../heimdal/packages/windows/installer/NTMakefile | 33 +-
.../windows/installer/heimdal-installer.wxs | 20 +-
third_party/heimdal/tests/bin/setup-env.in | 1 +
third_party/heimdal/tests/gss/Makefile.am | 2 +
third_party/heimdal/tests/gss/check-basic.in | 4 +-
third_party/heimdal/tests/gss/check-context.in | 12 +-
third_party/heimdal/tests/gss/check-gssmask.in | 4 +-
third_party/heimdal/tests/gss/check-ntlm.in | 4 +-
third_party/heimdal/tests/gss/check-spnego.in | 4 +-
third_party/heimdal/tests/gss/krb5.conf.in | 15 +
third_party/heimdal/tests/java/check-kinit.in | 2 +-
third_party/heimdal/tests/kdc/Makefile.am | 32 +-
third_party/heimdal/tests/kdc/check-bx509.in | 5 +-
third_party/heimdal/tests/kdc/check-canon.in | 2 +-
third_party/heimdal/tests/kdc/check-cc.in | 47 +-
third_party/heimdal/tests/kdc/check-delegation.in | 2 +-
third_party/heimdal/tests/kdc/check-des.in | 2 +-
third_party/heimdal/tests/kdc/check-digest.in | 2 +-
third_party/heimdal/tests/kdc/check-fast.in | 2 +-
third_party/heimdal/tests/kdc/check-hdb-mitdb.in | 2 +-
third_party/heimdal/tests/kdc/check-httpkadmind.in | 2 +-
third_party/heimdal/tests/kdc/check-iprop.in | 2 +-
third_party/heimdal/tests/kdc/check-kadmin.in | 2 +-
third_party/heimdal/tests/kdc/check-kdc.in | 9 +-
third_party/heimdal/tests/kdc/check-kinit.in | 2 +-
third_party/heimdal/tests/kdc/check-kpasswdd.in | 2 +-
third_party/heimdal/tests/kdc/check-pkinit.in | 4 +-
third_party/heimdal/tests/kdc/check-referral.in | 2 +-
third_party/heimdal/tests/kdc/check-tester.in | 3 +
third_party/heimdal/tests/kdc/check-uu.in | 2 +-
.../tests/kdc/{krb5.conf.in => krb5-kcm.conf.in} | 18 +-
third_party/heimdal/tests/kdc/krb5.conf.in | 3 +
third_party/heimdal/tests/ldap/check-ldap.in | 2 +-
third_party/heimdal/tests/plugin/Makefile.am | 6 +-
third_party/heimdal/tests/plugin/check-pac.in | 6 +-
third_party/heimdal/tests/plugin/kdc_test_plugin.c | 207 ++++
third_party/heimdal/tests/plugin/krb5.conf.in | 15 +
third_party/heimdal/tests/plugin/windc.c | 161 ---
third_party/heimdal/windows/NTMakefile.sdk | 130 ++
third_party/heimdal/windows/NTMakefile.w32 | 7 +-
third_party/heimdal_build/config.h | 2 +
third_party/heimdal_build/krb5/kdc-plugin.h | 1 +
third_party/heimdal_build/krb5/windc_plugin.h | 1 -
third_party/heimdal_build/wscript_build | 59 +-
third_party/heimdal_build/wscript_configure | 2 +
461 files changed, 15122 insertions(+), 7784 deletions(-)
delete mode 100644 third_party/heimdal/.github/workflows/build.yml
create mode 100644 third_party/heimdal/cf/ax_check_sign.m4
create mode 100644 third_party/heimdal/cf/check-compile-flag.m4
create mode 100644 third_party/heimdal/kdc/kdc-accessors.h
copy third_party/heimdal/{lib/gssapi/mech/mech_locl.h => kdc/kdc-audit.h} (51%)
create mode 100644 third_party/heimdal/kdc/kdc-plugin.c
create mode 100644 third_party/heimdal/kdc/kdc-plugin.h
create mode 100644 third_party/heimdal/kdc/mssfu.c
delete mode 100644 third_party/heimdal/kdc/rx.h
delete mode 100644 third_party/heimdal/kdc/windc.c
delete mode 100644 third_party/heimdal/kdc/windc_plugin.h
create mode 100644 third_party/heimdal/lib/asn1/MANUAL.md
create mode 100644 third_party/heimdal/lib/asn1/check-gen.h
create mode 100644 third_party/heimdal/lib/gssapi/krb5/name_attrs.c
create mode 100644 third_party/heimdal/lib/hdb/hdb.opt
delete mode 100644 third_party/heimdal/lib/roken/getcap.c
copy third_party/heimdal/tests/kdc/{krb5.conf.in => krb5-kcm.conf.in} (91%)
create mode 100644 third_party/heimdal/tests/plugin/kdc_test_plugin.c
delete mode 100644 third_party/heimdal/tests/plugin/windc.c
create mode 100644 third_party/heimdal/windows/NTMakefile.sdk
create mode 100644 third_party/heimdal_build/krb5/kdc-plugin.h
delete mode 100644 third_party/heimdal_build/krb5/windc_plugin.h
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index f667b0d2f2d..762aee3b49c 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=5
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e511e17c4c8..83d77b5c028 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the fourth release candidate of Samba 4.16. This is *not*
+This is the fifth release candidate of Samba 4.16. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -174,6 +174,37 @@ smb.conf changes
rpc start on demand helpers Added true
+CHANGES SINCE 4.16.0rc4
+=======================
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2
+ objects with same lease key.
+
+o Jule Anger <jan...@samba.org>
+ * BUG 14999: Listing shares with smbstatus no longer works.
+
+o Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+ * BUG 14996: Fix ldap simple bind with TLS auditing.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 14989: Fix a use-after-free in SMB1 server.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 14865: Uncached logon on RODC always fails once.
+ * BUG 14984: Changing the machine password against an RODC likely destroys
+ the domain join.
+ * BUG 14993: authsam_make_user_info_dc() steals memory from its struct
+ ldb_message *msg argument.
+ * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.
+
+o Joseph Sutton <josephsut...@catalyst.net.nz>
+ * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.
+
+
CHANGES SINCE 4.16.0rc3
=======================
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index b5b6362dc93..fda014c87d5 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -616,11 +616,13 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
}
if (pac_upn_dns_info != NULL) {
- user_info_dc->info->user_principal_name =
- talloc_strdup(user_info_dc->info,
- pac_upn_dns_info->upn_name);
- if (user_info_dc->info->user_principal_name == NULL) {
- return NT_STATUS_NO_MEMORY;
+ if (pac_upn_dns_info->upn_name != NULL) {
+ user_info_dc->info->user_principal_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->upn_name);
+ if (user_info_dc->info->user_principal_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
user_info_dc->info->dns_domain_name =
diff --git a/buildtools/wafsamba/samba_autoconf.py
b/buildtools/wafsamba/samba_autoconf.py
index 8b499825230..78927d85193 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -343,6 +343,23 @@ def CHECK_SIZEOF(conf, vars, headers=None, define=None,
critical=True):
sys.exit(1)
return ret
+@conf
+def CHECK_SIGN(conf, v, headers=None):
+ '''check the sign of a type'''
+ define_name = v.upper().replace(' ', '_')
+ for op, signed in [('<', 'signed'),
+ ('>', 'unsigned')]:
+ if CHECK_CODE(conf,
+ f'static int test_array[1 - 2 * !((({v})-1) {op} 0)];',
+ define=f'{define_name}_{signed.upper()}',
+ quote=False,
+ headers=headers,
+ local_include=False,
+ msg=f"Checking if '{v}' is {signed}"):
+ return True
+
+ return False
+
@conf
def CHECK_VALUEOF(conf, v, headers=None, define=None):
'''check the value of a variable/define'''
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 1bdc0ee535a..e814a47233d 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -691,8 +691,6 @@ class cmd_domain_join(Command):
os.rename(f.name, smb_conf)
s3_lp = s3param.get_context()
s3_lp.load(smb_conf)
- if machinepass is None:
- machinepass = samba.generate_random_machine_password(14,
40)
s3_net = s3_Net(creds, s3_lp, server=server)
(sid, domain_name) = s3_net.join_member(netbios_name,
machinepass=machinepass,
diff --git a/python/samba/provision/__init__.py
b/python/samba/provision/__init__.py
index 1723d9935d4..ff9b8fac916 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1924,11 +1924,14 @@ def provision_fill(samdb, secrets_ldb, logger, names,
paths,
invocationid = str(uuid.uuid4())
if krbtgtpass is None:
+ # Note that the machinepass value is ignored
+ # as the backend (password_hash.c) will generate its
+ # own random values for the krbtgt keys
krbtgtpass = samba.generate_random_machine_password(128, 255)
if machinepass is None:
machinepass = samba.generate_random_machine_password(120, 120)
if dnspass is None:
- dnspass = samba.generate_random_password(128, 255)
+ dnspass = samba.generate_random_password(120, 120)
samdb.transaction_start()
try:
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index d1e102bdcab..9949b0abe4d 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -565,7 +565,7 @@ class
AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
self.assertEqual("NT_STATUS_OK", msg["Authentication"]["status"])
self.assertEqual("LDAP",
msg["Authentication"]["serviceDescription"])
- self.assertEqual("simple bind",
+ self.assertEqual("simple bind/TLS",
msg["Authentication"]["authDescription"])
self.assertEqual(
EVT_ID_SUCCESSFUL_LOGON, msg["Authentication"]["eventId"])
@@ -579,7 +579,7 @@ class
AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] ==
"NT_STATUS_WRONG_PASSWORD") and
(msg["Authentication"]["authDescription"] ==
- "simple bind") and
+ "simple bind/TLS") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
@@ -611,7 +611,7 @@ class
AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["authDescription"] ==
- "simple bind") and
+ "simple bind/TLS") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
@@ -641,7 +641,7 @@ class
AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["status"] ==
"NT_STATUS_NO_SUCH_USER") and
(msg["Authentication"]["authDescription"] ==
- "simple bind") and
+ "simple bind/TLS") and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index 7f92b45f3fb..c853668058e 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -582,7 +582,7 @@ def update_machine_account_password(samdb, secrets_ldb,
names):
assert(len(res) == 1)
msg = ldb.Message(res[0].dn)
- machinepass = samba.generate_random_machine_password(128, 255)
+ machinepass = samba.generate_random_machine_password(120, 120)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
ldb.FLAG_MOD_REPLACE,
@@ -658,9 +658,12 @@ def update_krbtgt_account_password(samdb):
assert(len(res) == 1)
msg = ldb.Message(res[0].dn)
- machinepass = samba.generate_random_machine_password(128, 255)
- mputf16 = machinepass.encode('utf-16-le')
- msg["clearTextPassword"] = ldb.MessageElement(mputf16,
+ # Note that the machinepass value is ignored
+ # as the backend (password_hash.c) will generate its
+ # own random values for the krbtgt keys
+ krbtgtpass = samba.generate_random_machine_password(128, 255)
+ kputf16 = krbtgtpass.encode('utf-16-le')
+ msg["clearTextPassword"] = ldb.MessageElement(kputf16,
ldb.FLAG_MOD_REPLACE,
"clearTextPassword")
diff --git a/selftest/knownfail b/selftest/knownfail
index 2a5287cba2d..7e897dd026d 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -377,7 +377,6 @@
^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs\)
# We currently don't send referrals for LDAP modify of non-replicated attrs
^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
-^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos
# NETLOGON is disabled in any non-DC environments
^samba.tests.netlogonsvc.python\(ad_member\)
^samba.tests.netlogonsvc.python\(simpleserver\)
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 55e3c74494a..71e1a35eba7 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -55,10 +55,18 @@ char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
int security)
{
/*
- * use secure defaults.
+ * use secure defaults, which match
+ * what windows uses for computer passwords.
+ *
+ * We used to have min=128 and max=255 here, but
+ * it's a bad idea because of bugs in the Windows
+ * RODC/RWDC PasswordUpdateForward handling via
+ * NetrLogonSendToSam.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14984
*/
- size_t min = 128;
- size_t max = 255;
+ size_t min = 120;
+ size_t max = 120;
switch (sec_channel_type) {
case SEC_CHAN_WKSTA:
diff --git a/source3/script/tests/test_smbstatus.sh
b/source3/script/tests/test_smbstatus.sh
index b29ba15c377..20846f6d4ed 100755
--- a/source3/script/tests/test_smbstatus.sh
+++ b/source3/script/tests/test_smbstatus.sh
@@ -144,6 +144,100 @@ EOF
return 0
}
+test_smbstatus_output()
+{
+ local cmdfile=$PREFIX/smbclient_commands
+ local tmpfile=$PREFIX/smbclient_lock_file
+ local file=smbclient_lock_file
+ local status_shares=smbstatus_output_shares
+ local status_processes=smbstatus_output_processes
+ local status_locks=smbstatus_output_locks
+
+ cat > $tmpfile <<EOF
+Hello World!
+EOF
+ cat > $cmdfile <<EOF
+lcd $PREFIX_ABS
+put $file
+open $file
+!UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $SMBSTATUS --shares >
$status_shares
+!UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $SMBSTATUS --processes
> $status_processes
+!UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $SMBSTATUS --locks >
$status_locks
+close 1
+rm $file
+quit
+EOF
+
+
+ cmd="CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U$USERNAME%$PASSWORD
//$SERVER/tmp -I $SERVER_IP $ADDARGS --quiet < $cmdfile 2>&1"
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+
+ rm -f $cmpfile
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to run smbclient with error $ret"
+ echo "$out"
+ return 1
+ fi
+
+ out=$(cat $PREFIX/$status_processes)
+ echo "$out" | grep -c 'PID *Username'
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: Could not start smbstatus"
+ echo "$out"
+ return 1
+ fi
+ echo "$out" | grep -c "$USERNAME"
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: open connection not found"
+ echo "$out"
+ return 1
+ fi
+
+ out=$(cat $PREFIX/$status_shares)
+ echo "$out" | grep -c 'Service *pid'
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: Could not start smbstatus"
+ echo "$out"
+ return 1
+ fi
+ echo "$out" | grep -c "tmp"
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: shares not found"
+ echo "$out"
+ return 1
+ fi
+
+ out=$(cat $PREFIX/$status_locks)
+ echo "$out" | grep -c "Locked files:"
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: locked file not found"
+ echo "$out"
+ return 1
+ fi
+ echo "$out" | grep -c "$file"
+ ret=$?
+ if [ $ret -eq 1 ] ; then
+ echo "Failed: wrong file locked"
+ echo "$out"
+ return 1
+ fi
+
+ rm $PREFIX/$status_shares
+ rm $PREFIX/$status_processes
+ rm $PREFIX/$status_locks
+
+ return 0
+}
+
testit "plain" \
test_smbstatus || \
failed=`expr $failed + 1`
@@ -152,4 +246,8 @@ testit "resolve_uids" \
test_smbstatus || \
failed=`expr $failed + 1`
+testit "test_output" \
+ test_smbstatus_output || \
+ failed=`expr $failed + 1`
+
testok $0 $failed
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index ef382b43bd6..9146bf07ddc 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1133,6 +1133,13 @@ NTSTATUS unix_convert(TALLOC_CTX *mem_ctx,
&state->name,
state->smb_fname->twrp,
&state->smb_fname->st);
+ /*
+ * stat_cache_lookup() allocates on talloc_tos() even
+ * when !found, reparent correctly
+ */
+ talloc_steal(state->smb_fname, state->smb_fname->base_name);
+ talloc_steal(state->mem_ctx, state->dirpath);
+
if (found) {
goto done;
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index a5664b319ad..5a3ac2c064a 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5302,8 +5302,42 @@ static void lease_match_parser(
/* Everything should be the same. */
if (!file_id_equal(&state->id, &f->id)) {
- /* This should catch all dynamic share cases. */
- state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
+ /*
+ * The client asked for a lease on a
+ * file that doesn't match the file_id
+ * in the database.
+ *
+ * Maybe this is a dynamic share, i.e.
+ * a share where the servicepath is
+ * different for different users (e.g.
+ * the [HOMES] share.
+ *
+ * If the servicepath is different, but the requested
+ * file name + stream name is the same then this is
+ * a dynamic share, the client is using the same share
+ * name and doesn't know that the underlying servicepath
+ * is different. It was expecting a lease on the
+ * same file. Return NT_STATUS_OPLOCK_NOT_GRANTED
+ * to break leases
+ *
+ * Otherwise the client has messed up, or is
+ * testing our error codes, so return
+ * NT_STATUS_INVALID_PARAMETER.
+ */
+ if (!strequal(f->servicepath, state->servicepath) &&
+ strequal(f->base_name, state->fname->base_name) &&
+ strequal(f->stream_name, state->fname->stream_name))
+ {
+ /*
+ * Name is the same but servicepath is
+ * different, dynamic share. Break leases.
+ */
+ state->match_status =
+ NT_STATUS_OPLOCK_NOT_GRANTED;
+ } else {
+ state->match_status =
+ NT_STATUS_INVALID_PARAMETER;
+ }
break;
}
if (!strequal(f->servicepath, state->servicepath)) {
diff --git a/source3/utils/conn_tdb.c b/source3/utils/conn_tdb.c
index 24fd460c081..1d19d04f1aa 100644
--- a/source3/utils/conn_tdb.c
+++ b/source3/utils/conn_tdb.c
@@ -120,6 +120,8 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0
*global,
ZERO_STRUCT(data);
+ data.pid = global->server_id;
+ data.cnum = global->tcon_global_id;
fstrcpy(data.servicename, global->share_name);
data.uid = sess.uid;
data.gid = sess.gid;
diff --git a/source3/utils/py_net.c b/source3/utils/py_net.c
index 3142f83bc7f..0d774bcb805 100644
--- a/source3/utils/py_net.c
+++ b/source3/utils/py_net.c
@@ -88,7 +88,7 @@ static PyObject *py_net_join_member(py_net_Object *self,
PyObject *args, PyObjec
return NULL;
}
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|ssssssspp:Join",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sssssszpp:Join",
discard_const_p(char *, kwnames),
&r->in.dnshostname,
&r->in.upn,
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 8301aec519c..b2e76381395 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -88,9 +88,9 @@ _PUBLIC_ struct tevent_req
*authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_c
user_info->service_description = "LDAP";
if (using_tls) {
- user_info->auth_description = "simple bind";
- } else {
user_info->auth_description = "simple bind/TLS";
+ } else {
+ user_info->auth_description = "simple bind";
}
user_info->password_state = AUTH_PASSWORD_PLAIN;
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 93b41be3b21..8b233bab3ad 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -454,12 +454,15 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx,
user_info_dc->info = info = talloc_zero(user_info_dc, struct
auth_user_info);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- info->account_name = talloc_steal(info,
- ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
+ str = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
+ info->account_name = talloc_strdup(info, str);
+ if (info->account_name == NULL) {
+ TALLOC_FREE(user_info_dc);
+ return NT_STATUS_NO_MEMORY;
+ }
- info->user_principal_name = talloc_steal(info,
- ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL));
- if (info->user_principal_name == NULL && dns_domain_name != NULL) {
+ str = ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL);
+ if (str == NULL && dns_domain_name != NULL) {
--
Samba Shared Repository
