The branch, v4-16-test has been updated
via 33f74aea5d5 nsswitch: Fix uninitialized memory when allocating
pwdlastset_prelim
via 399522d048e nsswitch: Fix pam_set_data()/pam_get_data() to use
pointers to a time_t, not try and embedd it directly.
via b11ceb58fee s3:rpc_server: Fix include directive substitution when
enumerating shares
via ef39898066c s3:tests: Add substitution test for listing shares
via 5ade6d20f35 s3:tests: Add substitution test for include directive
via 450dd63bdf9 lib/replace: fix memory leak in snprintf replacements
from 83da21f4292 VERSION: Bump version up to Samba 4.16.8...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit 33f74aea5d5d8096dfd71089a74a123161957197
Author: Noel Power <noel.po...@suse.com>
Date: Wed Nov 16 15:37:52 2022 +0000
nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184
(cherry picked from commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c)
Autobuild-User(v4-16-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-16-test): Wed Nov 23 13:52:37 UTC 2022 on sn-devel-184
commit 399522d048e5f7effec31c67588fac722a970f8d
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 8 16:16:07 2022 -0800
nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t,
not try and embedd it directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
Autobuild-User(master): Noel Power <npo...@samba.org>
Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184
(cherry picked from commit 7cb50405515298b75dcc512633fb3877045aabc6)
commit b11ceb58fee9442f4a1f113d5375273fe4357913
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 16 11:24:12 2022 +0100
s3:rpc_server: Fix include directive substitution when enumerating shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f)
(cherry picked from commit 2b643c17d486ecbd0b46a9f31aeb3593ad19e464)
commit ef39898066c3dcdb5f11ca10ae037f2e404d514d
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 16 11:23:44 2022 +0100
s3:tests: Add substitution test for listing shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit c213ead8c4c1b5287294a67e65f271fbb0b922b2)
(cherry picked from commit 8f1ba9193b0a11a320754cfbde2ab42b68d61ad4)
commit 5ade6d20f35b6dc70f2b4449c72ddf67f924ff82
Author: Andreas Schneider <a...@samba.org>
Date: Tue Nov 15 16:35:15 2022 +0100
s3:tests: Add substitution test for include directive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(backported from commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30)
commit 450dd63bdf9d8f48701828c52990d3633e738e82
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 31 13:16:25 2022 +0100
lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Volker Lendecke <v...@samba.org>
Autobuild-Date(master): Wed Nov 9 11:18:02 UTC 2022 on sn-devel-184
(cherry picked from commit 76adda9d2fea9f93f4cf97536db5c0be6deeb98c)
-----------------------------------------------------------------------
Summary of changes:
lib/replace/snprintf.c | 2 ++
nsswitch/pam_winbind.c | 24 +++++++++++++++++-------
selftest/target/Samba3.pm | 19 ++++++++++++++++++-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 8 ++++++++
source3/script/tests/test_substitutions.sh | 27 +++++++++++++++++++++++++++
5 files changed, 72 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 6e4424b0b31..de814af4164 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -751,6 +751,8 @@ done:
while (chunks) {
cnk = chunks->next;
+ if (chunks->min_star) free(chunks->min_star);
+ if (chunks->max_star) free(chunks->max_star);
free(chunks);
chunks = cnk;
}
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index e7ae605b341..06a8db21b69 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
*/
if (flags & PAM_PRELIM_CHECK) {
- time_t pwdlastset_prelim = 0;
+ time_t *pwdlastset_prelim = NULL;
+
+ pwdlastset_prelim = talloc_zero(NULL, time_t);
+ if (pwdlastset_prelim == NULL) {
+ _pam_log(ctx, LOG_CRIT,
+ "password - out of memory");
+ ret = PAM_BUF_ERR;
+ goto out;
+ }
/* instruct user what is happening */
@@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = winbind_auth_request(ctx, user, pass_old,
NULL, NULL, 0,
&error, NULL,
- &pwdlastset_prelim, NULL);
+ pwdlastset_prelim, NULL);
if (ret != PAM_ACCT_EXPIRED &&
ret != PAM_AUTHTOK_EXPIRED &&
@@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET,
- (void *)pwdlastset_prelim, NULL);
+ pwdlastset_prelim,
+ _pam_winbind_cleanup_func);
ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
(const void *) pass_old);
@@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
} else if (flags & PAM_UPDATE_AUTHTOK) {
- time_t pwdlastset_update = 0;
+ time_t *pwdlastset_update = NULL;
/*
* obtain the proposed password
@@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
* By reaching here we have approved the passwords and must now
* rebuild the password database file.
*/
- pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
- (const void **) &pwdlastset_update);
+ pam_get_data(pamh,
+ PAM_WINBIND_PWD_LAST_SET,
+ (const void **)&pwdlastset_update);
/*
* if cached creds were enabled, make sure to set the
@@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
}
ret = winbind_chauthtok_request(ctx, user, pass_old,
- pass_new, pwdlastset_update);
+ pass_new, *pwdlastset_update);
if (ret != PAM_SUCCESS) {
pass_old = pass_new = NULL;
goto out;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 976afe89186..0b720a68927 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2557,6 +2557,8 @@ sub provision($$)
my $errorinjectconf="$libdir/error_inject.conf";
my $delayinjectconf="$libdir/delay_inject.conf";
my $globalinjectconf="$libdir/global_inject.conf";
+ my $aliceconfdir="$libdir";
+ my $aliceconffile="$libdir/alice.conf";
my $nss_wrapper_pl = "$ENV{PERL}
$self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl";
my $nss_wrapper_passwd = "$privatedir/passwd";
@@ -3317,6 +3319,8 @@ sub provision($$)
[acls_non_canonical]
copy = tmp
acl flag inherited canonicalization = no
+
+include = $aliceconfdir/%U.conf
";
close(CONF);
@@ -3357,6 +3361,19 @@ sub provision($$)
}
close(DELAYCONF);
+ unless (open(ALICECONF, ">$aliceconffile")) {
+ warn("Unable to open $aliceconffile");
+ return undef;
+ }
+
+ print ALICECONF "
+[alice_share]
+ path = $shrdir
+ comment = smb username is [%U]
+ ";
+
+ close(ALICECONF);
+
##
## create a test account
##
@@ -3962,4 +3979,4 @@ sub wait_for_start_ctdb($$)
return 1;
}
-1;
+1;
\ No newline at end of file
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 950aa2f2814..f0686a411e1 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -643,6 +643,14 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct
*p,
added_home = register_homes_share(unix_name);
}
+ /*
+ * We need to make sure to reload the services for the connecting user.
+ * It is possible that the we have includes with substitutions.
+ *
+ * include = /etc/samba/%U.conf
+ */
+ reload_services(NULL, NULL, false);
+
num_services = lp_numservices();
allowed = talloc_zero_array(ctx, bool, num_services);
diff --git a/source3/script/tests/test_substitutions.sh
b/source3/script/tests/test_substitutions.sh
index d1525fddc4e..32df560070d 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -20,6 +20,7 @@ failed=0
samba_bindir="$BINDIR"
samba_srcdir="$SRCDIR"
smbclient="$samba_bindir/smbclient"
+rpcclient="$samba_bindir/rpcclient"
. $samba_srcdir/testprogs/blackbox/subunit.sh
. $samba_srcdir/testprogs/blackbox/common_test_fns.inc
@@ -49,4 +50,30 @@ SMB_UNC="//$SERVER/sub_valid_users_group"
test_smbclient "Test login to share with substitution for valid user's UNIX
group" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+test_smbclient \
+ "Test for login to share with include substitution [${USERNAME}]" \
+ "ls" "//${SERVER}/${USERNAME}_share" "-U$USERNAME%$PASSWORD" ||
+ failed=$((failed + 1))
+
+test_smbclient_expect_failure \
+ "Netative test for login to share with include substitution
[${DC_USERNAME}]" \
+ "ls" "//${SERVER}/${USERNAME}_share" "-U$DC_USERNAME%$DC_PASSWORD" ||
+ failed=$((failed + 1))
+
+testit_grep_count \
+ "Test for share enum with include substitution" \
+ "netname: ${USERNAME}_share" \
+ 1 \
+ ${rpcclient} "ncacn_np:${SERVER}" "-U$USERNAME%$PASSWORD" \
+ -c netshareenum ||
+ failed=$((failed + 1))
+
+testit_grep_count \
+ "Negative test for share enum with include substitution" \
+ "netname: ${USERNAME}_share" \
+ 0 \
+ ${rpcclient} "ncacn_np:${SERVER}" "-U$DC_USERNAME%$DC_PASSWORD" \
+ -c netshareenum ||
+ failed=$((failed + 1))
+
exit $failed
--
Samba Shared Repository
