The branch, master has been updated
via fcedf5514b1 smbcacls/smbcquotas: check for valid UNC path
via 61f3e16d9f8 bootstrap: Add a note about cleaning bootstrap/
via bb46379845f Configure builtin heimdal to use KEYRING ccache
from 198a844ff51 third_party: Fix version of socket_wrapper and
uid_wrapper
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fcedf5514b121914483bbc0ffe77580929093ac6
Author: Björn Jacke <b...@sernet.de>
Date: Tue Jan 10 12:25:35 2023 +0100
smbcacls/smbcquotas: check for valid UNC path
we used to strip the first two characters of the path and used that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2312
Signed-off-by: Bjoern Jacke <bja...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Tue Jun 6 09:33:47 UTC 2023 on atb-devel-224
commit 61f3e16d9f8d6907b0b8576ae0cf4c4e48c0b37e
Author: Łukasz Stelmach <l.stelm...@samsung.com>
Date: Thu May 11 13:33:45 2023 +0200
bootstrap: Add a note about cleaning bootstrap/
Signed-off-by: Łukasz Stelmach <l.stelm...@samsung.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit bb46379845fb2b3d4e04dca1a8493a8e2126a6fe
Author: Łukasz Stelmach <l.stelm...@samsung.com>
Date: Fri Mar 31 19:42:13 2023 +0200
Configure builtin heimdal to use KEYRING ccache
Signed-off-by: Łukasz Stelmach <l.stelm...@samsung.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 2 +-
bootstrap/README.md | 9 +++++++++
bootstrap/config.py | 2 +-
bootstrap/generated-dists/debian11/bootstrap.sh | 1 +
bootstrap/generated-dists/debian11/packages.yml | 1 +
bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu1804-32bit/packages.yml | 1 +
bootstrap/generated-dists/ubuntu1804/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu1804/packages.yml | 1 +
bootstrap/generated-dists/ubuntu2004/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu2004/packages.yml | 1 +
bootstrap/generated-dists/ubuntu2204/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu2204/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
source3/utils/smbcacls.c | 5 +++++
source3/utils/smbcquotas.c | 5 +++++
third_party/heimdal_build/wscript_build | 8 ++++++--
third_party/heimdal_build/wscript_configure | 10 ++++++++++
wscript | 15 +++++++++++++++
19 files changed, 63 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 4208cbcc104..279c1087789 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -47,7 +47,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: cfddaa8d36c3f512827bd96fe05c30f7f8337f4b
+ SAMBA_CI_CONTAINER_TAG: 6f4e1c3f1eb3b3236ae793c11def2135386a0ee9
#
# We use the ubuntu2204 image as default as
# it matches what we have on atb-devel-224
diff --git a/bootstrap/README.md b/bootstrap/README.md
index d9a60878f61..6b3de983728 100644
--- a/bootstrap/README.md
+++ b/bootstrap/README.md
@@ -34,6 +34,15 @@ Just calculate the sha1sum for consistency checks:
The checksum needs to be added as `SAMBA_CI_CONTAINER_TAG` in
the toplevel .gitlab-ci-main.yml file.
+NOTE: Remember to remove any files not tracked by git from the bootstrap
+directory before running bootstrap/template.py.
+
+ git clean -dfx bootstrap
+
+Otherwise the files will affect the checksum but because they are not
+checked in and won't be pushed to CI system the checksum calculated there
+won't match.
+
## User Stories
As a gitlab-ci user, I can use this tool to build new CI docker images:
diff --git a/bootstrap/config.py b/bootstrap/config.py
index fd1753fb3e1..c67ab9184ab 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -181,7 +181,7 @@ PKGS = [
# rpm has no pkg for docbook-xml
('docbook-xml', 'docbook-dtds'),
('docbook-xsl', 'docbook-style-xsl'),
- ('', 'keyutils-libs-devel'),
+ ('libkeyutils-dev', 'keyutils-libs-devel'),
('', 'which'),
('xz-utils', 'xz')
]
diff --git a/bootstrap/generated-dists/debian11/bootstrap.sh
b/bootstrap/generated-dists/debian11/bootstrap.sh
index 1f9cddfe8ee..1aac852e83e 100755
--- a/bootstrap/generated-dists/debian11/bootstrap.sh
+++ b/bootstrap/generated-dists/debian11/bootstrap.sh
@@ -57,6 +57,7 @@ apt-get -y install \
libjansson-dev \
libjs-jquery \
libjson-perl \
+ libkeyutils-dev \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
diff --git a/bootstrap/generated-dists/debian11/packages.yml
b/bootstrap/generated-dists/debian11/packages.yml
index e6336463721..1ff63e4b272 100644
--- a/bootstrap/generated-dists/debian11/packages.yml
+++ b/bootstrap/generated-dists/debian11/packages.yml
@@ -46,6 +46,7 @@ packages:
- libjansson-dev
- libjs-jquery
- libjson-perl
+ - libkeyutils-dev
- libkrb5-dev
- libldap2-dev
- liblmdb-dev
diff --git a/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh
b/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh
index 56e7b805dfd..702f5153382 100755
--- a/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh
@@ -58,6 +58,7 @@ apt-get -y install \
libjansson-dev \
libjs-jquery \
libjson-perl \
+ libkeyutils-dev \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
diff --git a/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml
b/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml
index b42b4d05989..78a73aec01f 100644
--- a/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml
@@ -47,6 +47,7 @@ packages:
- libjansson-dev
- libjs-jquery
- libjson-perl
+ - libkeyutils-dev
- libkrb5-dev
- libldap2-dev
- liblmdb-dev
diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
index 56e7b805dfd..702f5153382 100755
--- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
@@ -58,6 +58,7 @@ apt-get -y install \
libjansson-dev \
libjs-jquery \
libjson-perl \
+ libkeyutils-dev \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml
b/bootstrap/generated-dists/ubuntu1804/packages.yml
index b42b4d05989..78a73aec01f 100644
--- a/bootstrap/generated-dists/ubuntu1804/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1804/packages.yml
@@ -47,6 +47,7 @@ packages:
- libjansson-dev
- libjs-jquery
- libjson-perl
+ - libkeyutils-dev
- libkrb5-dev
- libldap2-dev
- liblmdb-dev
diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
index 56e7b805dfd..702f5153382 100755
--- a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
@@ -58,6 +58,7 @@ apt-get -y install \
libjansson-dev \
libjs-jquery \
libjson-perl \
+ libkeyutils-dev \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml
b/bootstrap/generated-dists/ubuntu2004/packages.yml
index b42b4d05989..78a73aec01f 100644
--- a/bootstrap/generated-dists/ubuntu2004/packages.yml
+++ b/bootstrap/generated-dists/ubuntu2004/packages.yml
@@ -47,6 +47,7 @@ packages:
- libjansson-dev
- libjs-jquery
- libjson-perl
+ - libkeyutils-dev
- libkrb5-dev
- libldap2-dev
- liblmdb-dev
diff --git a/bootstrap/generated-dists/ubuntu2204/bootstrap.sh
b/bootstrap/generated-dists/ubuntu2204/bootstrap.sh
index 481d46c186c..83012cda983 100755
--- a/bootstrap/generated-dists/ubuntu2204/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu2204/bootstrap.sh
@@ -58,6 +58,7 @@ apt-get -y install \
libjansson-dev \
libjs-jquery \
libjson-perl \
+ libkeyutils-dev \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
diff --git a/bootstrap/generated-dists/ubuntu2204/packages.yml
b/bootstrap/generated-dists/ubuntu2204/packages.yml
index 91e48034a05..7d9f66e7f1f 100644
--- a/bootstrap/generated-dists/ubuntu2204/packages.yml
+++ b/bootstrap/generated-dists/ubuntu2204/packages.yml
@@ -47,6 +47,7 @@ packages:
- libjansson-dev
- libjs-jquery
- libjson-perl
+ - libkeyutils-dev
- libkrb5-dev
- libldap2-dev
- liblmdb-dev
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 3a6671d4fb8..77937ea6800 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-cfddaa8d36c3f512827bd96fe05c30f7f8337f4b
+6f4e1c3f1eb3b3236ae793c11def2135386a0ee9
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 71cd93b8bc7..6e6a5d932be 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -1736,6 +1736,11 @@ int main(int argc, char *argv[])
return -1;
}
+ if (strncmp(path, "\\\\", 2) && strncmp(path, "//", 2)) {
+ printf("Invalid argument: %s\n", path);
+ return -1;
+ }
+
if(!poptPeekArg(pc)) {
poptPrintUsage(pc, stderr, 0);
return -1;
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index 748334a04a6..ce8ca2fafd0 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -760,6 +760,11 @@ int main(int argc, char *argv[])
exit(EXIT_PARSE_ERROR);
}
+ if (strncmp(path, "\\\\", 2) && strncmp(path, "//", 2)) {
+ printf("Invalid argument: %s\n", path);
+ return -1;
+ }
+
poptFreeContext(pc);
samba_cmdline_burn(argc, argv);
diff --git a/third_party/heimdal_build/wscript_build
b/third_party/heimdal_build/wscript_build
index 1518afe9ef4..8aea52b55f5 100644
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -710,7 +710,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
get_port.c init_creds.c init_creds_pw.c
kcm.c keyblock.c keytab.c keytab_any.c
keytab_file.c keytab_memory.c
- keytab_keyfile.c krbhst.c log.c
+ keytab_keyfile.c krbhst.c krcache.c log.c
mcache.c misc.c mk_error.c mk_priv.c
mk_rep.c mk_req.c mk_req_ext.c
mit_glue.c net_read.c net_write.c n-fold.c
padata.c pkinit.c pkinit-ec.c
@@ -726,10 +726,14 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
mk_cred.c kx509_err.c
k524_err.c krb_err.c k5e1_err.c''')] +
["../heimdal_build/krb5-glue.c"]
+ krb5_keyutils_dep = ''
+ if bld.CONFIG_SET('HAVE_KEYCTL_GET_PERSISTENT'):
+ krb5_keyutils_dep = ' keyutils'
+
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
version_script='lib/krb5/version-script.map',
includes='../heimdal/lib/krb5 ../heimdal/lib/asn1
../heimdal/include',
- deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err
HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO',
+ deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err
HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO' +
krb5_keyutils_dep,
cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(),
)
KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c',
'lib/krb5/plugin.c', 'lib/krb5/context.c', 'lib/krb5/crypto.c']
diff --git a/third_party/heimdal_build/wscript_configure
b/third_party/heimdal_build/wscript_configure
index a97a1b9baa8..645ce3a3468 100644
--- a/third_party/heimdal_build/wscript_configure
+++ b/third_party/heimdal_build/wscript_configure
@@ -66,6 +66,16 @@ conf.CHECK_FUNCS('dirfd', headers='dirent.h')
conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h')
conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD',
headers='dirent.h')
+if conf.env['WITH_KERNEL_KEYRING'] != False:
+ require_keyutils = False
+ if conf.env['WITH_KERNEL_KEYRING'] == True:
+ require_keyutils = True
+ conf.CHECK_FUNCS_IN('add_key keyctl_get_persistent',
+ 'keyutils', headers='keyutils.h',
+ mandatory=require_keyutils)
+ conf.CHECK_SIZEOF('key_serial_t', headers='keyutils.h',
+ critical=require_keyutils)
+
heimdal_no_error_flags = ['-Wno-error=discarded-qualifiers',
'-Wno-error=cast-qual',
'-Wno-error=missing-field-initializers',
diff --git a/wscript b/wscript
index b219297f0e0..681e669d019 100644
--- a/wscript
+++ b/wscript
@@ -116,6 +116,14 @@ def options(opt):
help=("Disable RELRO builds"),
action="store_false", dest='enable_relro')
+ opt.add_option('--with-kernel-keyring',
+ help=('Enable kernely keyring support for credential storage
' +
+ '(default if keyutils libraries are available)'),
+ action='store_true', dest='enable_keyring')
+ opt.add_option('--without-kernel-keyring',
+ help=('Disable kernely keyring support for credential
storage'),
+ action='store_false', dest='enable_keyring')
+
gr = opt.option_group('developer options')
opt.load('python') # options for disabling pyc or pyo compilation
@@ -200,6 +208,13 @@ def configure(conf):
mandatory=True)
conf.CHECK_FUNCS_IN('inflateInit2', 'z')
+ if Options.options.enable_keyring != False:
+ conf.env['WITH_KERNEL_KEYRING'] = 'auto'
+ if Options.options.enable_keyring == True:
+ conf.env['WITH_KERNEL_KEYRING'] = True
+ else:
+ conf.env['WITH_KERNEL_KEYRING'] = False
+
if conf.CHECK_FOR_THIRD_PARTY():
conf.RECURSE('third_party')
else:
--
Samba Shared Repository
