[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3a01ef710d4 tests: Add a test for the idmap_nss : use_upn setting
via 086a90d52b0 idmap_nss: Install a messaging filter to reload the
configuration
via a7a4d8e5333 idmap_nss: Add a parameter to use UPNs instead of plain
names
via c8e4777a921 idmap_nss: Increase debug on failures
via de2f59c61a0 docs: Document idmap_nss "range" option
via 8e1f2ee5f7c s3:winbind: Register a messaging filter foreach domain
child
via c35937054cd s3:winbind: talloc the static locator child
via e3d0574d796 s3:winbind: talloc the static idmap child
from f642aff5544 buildtools: Remove ‘keep_underscore’ parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3a01ef710d4f0c11013214a4f8637ebdac8d9f5e
Author: Samuel Cabrero
Date: Tue Dec 12 21:17:50 2023 +0100
tests: Add a test for the idmap_nss : use_upn setting
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Wed Dec 13 16:05:19 UTC 2023 on atb-devel-224
commit 086a90d52b0c4bd388bf5707159ae1a727f8e400
Author: Samuel Cabrero
Date: Tue Dec 12 16:02:33 2023 +0100
idmap_nss: Install a messaging filter to reload the configuration
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit a7a4d8e53332f8cae68462afab7dec86c991d96f
Author: Samuel Cabrero
Date: Mon Nov 27 08:05:29 2023 +0100
idmap_nss: Add a parameter to use UPNs instead of plain names
idmap config : backend = nss
idmap config : use_upn = yes|no
When translating a Unix ID to a SID the module calls get[pwu|grg]id() but
the
name returned by some NSS modules might be a UPN instead of a plain name. If
the new parameter is enabled the returned name will be parsed and correctly
handled.
On the other hand, when translating a SID to a Unix ID the module first
resolves the SID to a domain + name, and then calls get[pw|gr]name() with
the
plain name, or the UPN if the new parameter is enabled.
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit c8e4777a921132082ee6421b2b456c82028fed46
Author: Samuel Cabrero
Date: Wed Nov 29 12:55:13 2023 +0100
idmap_nss: Increase debug on failures
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit de2f59c61a0549c54546704c07a1f41410fc50d7
Author: Samuel Cabrero
Date: Mon Nov 27 10:20:05 2023 +0100
docs: Document idmap_nss "range" option
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit 8e1f2ee5f7c5b3ee4edfa7beca289889a4e99cca
Author: Samuel Cabrero
Date: Tue Dec 12 15:55:20 2023 +0100
s3:winbind: Register a messaging filter foreach domain child
Instead of registering the "classic" callback for MSG_SMB_CONF_UPDATED,
install a message filter to allow other parts of the code to also
listen for this message because classic callbacks are delivered only
once (see commit a2436b67e5dd47d955a3bea2b83e0693b627ab96).
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit c35937054cd69580bbf5e3252fd9a1e8958f2f7b
Author: Samuel Cabrero
Date: Tue Dec 12 15:49:07 2023 +0100
s3:winbind: talloc the static locator child
Next commits will use talloc_get_type_abort() to get the reference.
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
commit e3d0574d7969b00723a6b3041a796dd4f29726e8
Author: Samuel Cabrero
Date: Tue Dec 12 15:44:21 2023 +0100
s3:winbind: talloc the static idmap child
Next commits will use talloc_get_type_abort() to get the reference.
Signed-off-by: Samuel Cabrero
Reviewed-by: Alexander Bokovoy
---
Summary of changes:
docs-xml/manpages/idmap_nss.8.xml| 38 +
nsswitch/tests/test_idmap_nss_use_upn.sh | 79 ++
source3/selftest/tests.py| 4 +-
source3/winbindd/idmap_nss.c | 249 +--
source3/winbindd/winbindd.c | 13 +-
source3/winbindd/winbindd_dual.c | 34 +++--
source3/winbindd/winbindd_idmap.c| 29 ++--
source3/winbindd/winbindd_locator.c | 21 ++-
source3/winbindd/winbindd_proto.h| 4 +-
9 files changed, 425 insertions(+), 46 deletions(-)
create mode 100755 nsswitch/tests/test_idmap_nss_use_upn.sh
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/idmap_nss.8.xml
b/docs-xml/manpages/idmap_nss.8.xml
index fc03445df2c..a9c6eceedbc 100644
--- a/docs-xml/manpages/idmap_nss.8.xml
+++ b/docs-xml/manpages/idmap_nss.8.xml
@@ -27,6 +27,44 @@
+
+ IDMAP OPTIONS
+
+
+
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via fcecdfa8e5c s4:dnsserver: Rename dns_name_equal() to
samba_dns_name_equal()
from 872ea49ac6d kdc: Don't reference ENODATA in platform-independent
code
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7
Author: Samuel Cabrero
Date: Wed Jan 18 17:25:29 2023 +0100
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
This function already exists in bind9 but takes different arguments, so when
the DLZ is loaded and this function is called bind crashes:
named[1523]: samba_dlz: allowing update of
signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa
tcpaddr=192.168.101.118 type=PTR
key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: samba_dlz: allowing update of
signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa
tcpaddr=192.168.101.118 type=PTR
key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key
DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE':
deleting rrset at '118.101.168.192.in-addr.ar
named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const
isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
('n') failed, back trace
Backtrace:
#0 0x7f2716c957ec in __pthread_kill_implementation () from
/lib64/libc.so.6
#1 0x7f2716c42816 in raise () from /lib64/libc.so.6
#2 0x7f2716c2b81c in abort () from /lib64/libc.so.6
#3 0x55d4de847995 in assertion_failed (file=,
line=,
type=, cond=) at
/usr/src/debug/bind-9.18.10/bin/named/main.c:237
#4 0x7f27176388fc in isc_assertion_failed
(file=file@entry=0x7f27173b0df6 "name.c",
line=line@entry=664, type=type@entry=isc_assertiontype_require,
cond=cond@entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const
isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
('n'")
at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
#5 0x7f27172946f9 in dns_name_equal (name1=,
name2=)
at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
Here bind's dns_name_equal() is called instead of samba's
dns_name_equal()
#6 0x7f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70,
rec2=0x7f26f8044d10)
at ../../source4/dns_server/dnsserver_common.c:1346
#7 0x7f271404732c in b9_record_match (rec1=0x7f26f8042d70,
rec2=0x7f26f8044d10)
at ../../source4/dns_server/dlz_bind9.c:1830
#8 0x7f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0
"118.101.168.192.in-addr.arpa",
rdatastr=0x7f26c9c1
"118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
dbdata=0x7f271003d300, version=0x7f26f8044b20) at
../../source4/dns_server/dlz_bind9.c:2077
#9 0x55d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0
"118.101.168.192.in-addr.arpa",
rdatastr=, driverarg=,
dbdata=0x7f270430f680, version=)
at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
#10 0x7f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740,
node=0x7f26c9c006e0,
version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
mod_function=0x55d4de84af80 ,
options=)
at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
#11 0x7f2717251855 in diff_apply (diff=diff@entry=0x7f2706ff8df0,
db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20, warn=warn@entry=true) at
/usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
#12 0x7f2717251c8a in dns_diff_apply (diff=diff@entry=0x7f2706ff8df0,
db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20) at
/usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
#13 0x7f2717d105aa in do_one_tuple (tuple=tuple@entry=0x7f2706ff8e50,
db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20, diff=diff@entry=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
#14 0x7f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8,
ttl=,
name=, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400,
ver=0x7f26f8044b20, db=0x7f2704291740)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
#15 delete_if_action (data=, rr=0x7f2706ff8ee0)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
#16 0x7f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=, name=0x7f26caa61d00,
type=, covers=,
rr_action=rr_action@entry=0x7f2717d10f60 ,
rr_action_data=0x7f2706ff9280)
at /usr/src/debug/bind-9.18
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 17f8ec6f57a s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for
DAL >= 9
from 96b77d87639 s3:dbwrap_ctdb: improve the error handling in
ctdb_async_ctx_init_internal()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 17f8ec6f57a831de90bf66fd7523b4d1148cb397
Author: Samuel Cabrero
Date: Mon Jun 27 16:04:56 2022 +0200
s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for DAL >= 9
The KRB5_KDB_FLAG_REFERRAL_OK is to indicate wether a realm referral is
allowed. In AD this is always allowed. Also there is no way to pass that
indication to the SamDB layer.
Pair-Programmed-With: Andreas Schneider
Signed-off-by: Samuel Cabrero
Signed-off-by: Andreas Schneider
Reviewed-by: Andreas Schneider
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Mon Jul 4 12:22:16 UTC 2022 on sn-devel-184
---
Summary of changes:
source4/kdc/mit_samba.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index c264191bf6b..e316c57ee31 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -234,10 +234,7 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
if (kflags & KRB5_KDB_FLAG_CLIENT) {
sflags |= SDB_F_GET_CLIENT;
-
- if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
- sflags |= SDB_F_FOR_AS_REQ;
- }
+ sflags |= SDB_F_FOR_AS_REQ;
} else {
int equal = smb_krb5_principal_is_tgs(ctx->context, principal);
if (equal == -1) {
@@ -248,10 +245,7 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
sflags |= SDB_F_GET_KRBTGT;
} else {
sflags |= SDB_F_GET_SERVER;
-
- if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
- sflags |= SDB_F_FOR_TGS_REQ;
- }
+ sflags |= SDB_F_FOR_TGS_REQ;
}
}
#else /* KRB5_KDB_DAL_MAJOR_VERSION < 9 */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 971441ca524 third_party/heimdal: Fix build with gcc version 12.1
via 89e0c732b1c replace: Check for -Wuse-after-free
from 3dcdd13a250 tests/krb5: Use object() rather than auto() to
initialise enums
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 971441ca5244b0e56f6b664d785fcefa3867ede1
Author: Samuel Cabrero
Date: Thu Jun 9 10:51:54 2022 +0200
third_party/heimdal: Fix build with gcc version 12.1
Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS
and avoid the following error:
[1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘_krb5_internal_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast
discards ‘const’ qualifier from pointer target type [-Wcast-qual]
302 | iov[0].data.data = (void *) data;
|^
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘derive_key_sp800_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast
discards ‘const’ qualifier from pointer target type [-Wcast-qual]
2427 | label.data = (void *)constant;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘decrypt_internal_derived’:
../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’
may be used after ‘realloc’ [-Werror=use-after-free]
1280 | free(p);
| ^~~
../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to
‘realloc’ here
1278 | result->data = realloc(p, l);
|^
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘decrypt_internal_enc_then_cksum’:
../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’
may be used after ‘realloc’ [-Werror=use-after-free]
1365 | free(p);
| ^~~
../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to
‘realloc’ here
1363 | result->data = realloc(p, l);
|^
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘decrypt_internal’:
../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’
may be used after ‘realloc’ [-Werror=use-after-free]
1431 | free(p);
| ^~~
../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to
‘realloc’ here
1429 | result->data = realloc(p, l);
|^
../../third_party/heimdal/lib/krb5/crypto.c: In function
‘decrypt_internal_special’:
../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’
may be used after ‘realloc’ [-Werror=use-after-free]
1478 | free(p);
| ^~~
../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to
‘realloc’ here
1476 | result->data = realloc(p, sz);
|^~
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184
commit 89e0c732b1c45f6498ed0f39add77c2a52afddce
Author: Samuel Cabrero
Date: Wed Jun 1 11:56:19 2022 +0200
replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero
Reviewed-by: Andrew Bartlett
---
Summary of changes:
lib/replace/wscript | 3 +++
third_party/heimdal_build/wscript_build | 17 ++---
2 files changed, 17 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 827d74f19cb..2808db2e518 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -128,6 +128,9 @@ def configure(conf):
if conf.CHECK_CFLAGS('-Wno-strict-overflow'):
conf.define('HAVE_WNO_STRICT_OVERFLOW', '1')
+if conf.CHECK_CFLAGS('-Wuse-after-free=1'):
+conf.define('HAVE_WUSE_AFTER_FREE_1', '1')
+
# Check for process set name support
conf.CHECK_CODE('''
#include
diff --git a/third_party/heimdal_build/wscript_build
b/third_party/heimdal_build/wscript_build
index a395430c28f..fc136bc4116 100644
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -670,6 +670,17 @@ if not bld.CONFIG_SET("
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aa2ab7feb10 s3: VFS: Remove SMB_VFS_NTIMES(), no longer used via 34f5594f2e3 s3: VFS: default: Remove SMB_VFS_NTIMES() via adb952f01c0 s3: VFS: unityed_media: Remove SMB_VFS_NTIMES() via b60693cbd79 s3: VFS: time_audit: Remove SMB_VFS_NTIMES() via f2d1eb3870a s3: VFS: snapper: Remove SMB_VFS_NTIMES() via 395c3922c24 s3: VFS: shadow_copy2: Remove SMB_VFS_NTIMES() via 0b9ead076e5 s3: VFS: not_implemented: Remove SMB_VFS_NTIMES() via bec491dd651 s3: VFS: media_harmony: Remove SMB_VFS_NTIMES() via bc4bef5e6a4 gpfswrap: Remove wrapper for gpfs_set_times_path() via fad792aa5ca s3: VFS: gpfs: Remove SMB_VFS_NTIMES() via bd01e5a4556 s3: VFS: glusterfs: Remove SMB_VFS_NTIMES() via 7c70be05048 s3: VFS: full_audit: Remove SMB_VFS_NTIMES() via 23c27b7f822 s3: VFS: fruit: Remove SMB_VFS_NTIMES() via 059b565abab s3: VFS: delay_inject: Remove SMB_VFS_NTIMES() via 248151bac65 s3: VFS: ceph_snapshots: Remove SMB_VFS_NTIMES() via 0456cad10cc s3: VFS: ceph: Remove SMB_VFS_NTIMES() via 2e3608b040d s3: VFS: catia: Remove SMB_VFS_NTIMES() via 17a7f2cadb6 s3: VFS: cap: Remove SMB_VFS_NTIMES() via ae9044395f5 s3: torture: Change cmd_utime to use SMB_VFS_FNTIMES() via 1e677da50b4 s3: VFS: recycle: set the recycled file times using SMB_VFS_FNTIMES() via 0a13237db9c s3: smbd: Use SMB_VFS_FNTIMES() instead of SMB_VFS_NTIMES() via 11969032310 s3: smbd: Pass full fsp to file_ntimes() via bccbc5bb1ec s3: smbd: Update file times right before closing the underlying fd via ed287c35d7a s3: smbd: Use new debug macros via c942e2bd399 s3: VFS: snapper: Implement SMB_VFS_FNTIMES() via 6d9fc8de56b s3: VFS: shadow_copy2: Implement VFS_SMB_FNTIMES() via 02d624c46f2 s3: VFS: gpfs: Implement SMB_VFS_FNTIMES() via 28174fc1e7c gpfswrap: Add wrapper for gpfs_set_times() via 7125279a1e0 s3: VFS: glusterfs: Implement SMB_VFS_FNTIMES() via 5d84ad711a3 s3: VFS: fruit: Implement SMB_VFS_FNTIMES() via 5e0def5e320 s3: VFS: delay_inject: Implement SMB_VFS_FNTIMES() via 31091cc5382 s3: VFS: ceph_snapshots: Implement SMB_VFS_FNTIMES() via f07f3a5c22c s3: VFS: ceph: Implement SMB_VFS_FNTIMES() via c7712ec0e61 s3: VFS: catia: Implement SMB_VFS_FNTIMES() via ee3ea1bc745 VFS: Add SMB_VFS_FNTIMES via 4cc06106998 build: Do not check for unused functions futimes() and futimens() via 564e066024d s3: VFS: default: ntimes profile not ended when times not changed from fbf95a641bb auth4: Remove unused auth_unix https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aa2ab7feb10f7c8bc0d84e3dabb484f728f6f3ba Author: Samuel Cabrero Date: Tue Apr 13 18:00:29 2021 +0200 s3: VFS: Remove SMB_VFS_NTIMES(), no longer used --- / \ / REST \ /IN \ /PEACE\ / \ | | | SMB_VFS_NTIMES| | | | | | 13 April| | 2021 | | | | | *| * * * | * _)/\\_//(\/(/\)/\//\/\|_)___ Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme Autobuild-User(master): Samuel Cabrero Autobuild-Date(master): Mon Apr 19 13:19:35 UTC 2021 on sn-devel-184 commit 34f5594f2e3cbf76fb88e6d5210a66a542e59f1b Author: Samuel Cabrero Date: Tue Apr 13 17:18:20 2021 +0200 s3: VFS: default: Remove SMB_VFS_NTIMES() Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme commit adb952f01c04e097279b52532ec917517d9fb727 Author: Samuel Cabrero Date: Tue Apr 13 17:45:51 2021 +0200 s3: VFS: unityed_media: Remove SMB_VFS_NTIMES() Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme commit b60693cbd79ee393c7aa6b2d79e7aada27abdd06 Author: Samuel Cabrero Date: Tue Apr 13 17:45:12 2021 +0200 s3: VFS: time_audit: Remove SMB_VFS_NTIMES() Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme commit f2d1eb3870ab35f20ab29d899370e55a149da2ca Author: Samuel Cabrero Date: Tue Apr 13 17:42:56 2021 +0200 s3: VFS: snapper: Remove SMB_VFS_NTIMES() Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 49a0f6170bf oss-fuzz: Update build script to be compatible with rpm distros from 11aac9d0433 smbd: reduce loglevel for failed openat_pathref_fsp() calls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 49a0f6170bf6b914bb7d513664c6cfc6b3864bb5 Author: Samuel Cabrero Date: Tue Mar 30 16:17:31 2021 +0200 oss-fuzz: Update build script to be compatible with rpm distros The /etc/default/locale file does not exists in the rpm family distros so the do_build.sh script failed with: ./lib/fuzzing/oss-fuzz/do_build.sh: line 31: /etc/default/locale: No such file or directory Signed-off-by: Samuel Cabrero Reviewed-by: David Mulder Autobuild-User(master): Samuel Cabrero Autobuild-Date(master): Tue Apr 6 15:54:54 UTC 2021 on sn-devel-184 --- Summary of changes: lib/fuzzing/oss-fuzz/do_build.sh | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh index f1f830ec34c..4c6796d2350 100755 --- a/lib/fuzzing/oss-fuzz/do_build.sh +++ b/lib/fuzzing/oss-fuzz/do_build.sh @@ -28,7 +28,11 @@ set -u # It is critical that this script, just as the rest of Samba's GitLab # CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this) -. /etc/default/locale +if [ -f /etc/default/locale ]; then + . /etc/default/locale +elif [ -f /etc/locale.conf ]; then + . /etc/locale.conf +fi export LANG export LC_ALL -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 41b2beeffb9 bootstrap: Add OpenSUSE 15.2
from 6ac16232de7 autobuild: Encode text/plain into base64 to wrap
long-lines
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 41b2beeffb94dac3679abc7b5c1187c1494f4970
Author: Samuel Cabrero
Date: Tue Nov 17 13:32:19 2020 +0100
bootstrap: Add OpenSUSE 15.2
Signed-off-by: Samuel Cabrero
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Tue Nov 17 18:50:05 UTC 2020 on sn-devel-184
---
Summary of changes:
.gitlab-ci.yml | 12 +-
bootstrap/.gitlab-ci.yml | 4 ++--
bootstrap/config.py| 14 +--
bootstrap/generated-dists/Vagrantfile | 14 +--
bootstrap/generated-dists/opensuse150/Dockerfile | 27 --
.../{debian10 => opensuse152}/Dockerfile | 2 +-
.../{opensuse150 => opensuse152}/bootstrap.sh | 2 ++
.../{opensuse150 => opensuse152}/locale.sh | 0
.../{opensuse150 => opensuse152}/packages.yml | 2 ++
bootstrap/sha1sum.txt | 2 +-
10 files changed, 27 insertions(+), 52 deletions(-)
delete mode 100644 bootstrap/generated-dists/opensuse150/Dockerfile
copy bootstrap/generated-dists/{debian10 => opensuse152}/Dockerfile (91%)
rename bootstrap/generated-dists/{opensuse150 => opensuse152}/bootstrap.sh
(97%)
rename bootstrap/generated-dists/{opensuse150 => opensuse152}/locale.sh (100%)
rename bootstrap/generated-dists/{opensuse150 => opensuse152}/packages.yml
(96%)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 77c57135b86..d65f4d2b769 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -32,7 +32,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 446341a5c66a0cd04cac694991e4522385389e0f
+ SAMBA_CI_CONTAINER_TAG: d4867986881a9601c4620baf9a3bf28f5d1d1343
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
@@ -48,8 +48,8 @@ variables:
SAMBA_CI_CONTAINER_IMAGE_ubuntu2004:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu2004:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_debian9:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian9:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_debian10:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG}
- SAMBA_CI_CONTAINER_IMAGE_opensuse150:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_opensuse151:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG}
+ SAMBA_CI_CONTAINER_IMAGE_opensuse152:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse152:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_fedora32:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora32:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_fedora33:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora33:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_centos7:
${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG}
@@ -330,14 +330,14 @@ debian10-samba-o3:
extends: .samba-o3-template
image: $SAMBA_CI_CONTAINER_IMAGE_debian10
-opensuse150-samba-o3:
- extends: .samba-o3-template
- image: $SAMBA_CI_CONTAINER_IMAGE_opensuse150
-
opensuse151-samba-o3:
extends: .samba-o3-template
image: $SAMBA_CI_CONTAINER_IMAGE_opensuse151
+opensuse152-samba-o3:
+ extends: .samba-o3-template
+ image: $SAMBA_CI_CONTAINER_IMAGE_opensuse152
+
centos7-samba-o3:
extends: .samba-o3-template
image: $SAMBA_CI_CONTAINER_IMAGE_centos7
diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml
index e9249f151a6..5f79ac1fbf2 100644
--- a/bootstrap/.gitlab-ci.yml
+++ b/bootstrap/.gitlab-ci.yml
@@ -116,8 +116,8 @@ centos7:
# We install a compat-gnutls34 package for GnuTLS >= 3.4.7
PKG_CONFIG_PATH:
/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig
-opensuse150:
+opensuse151:
extends: .build_image_template
-opensuse151:
+opensuse152:
extends: .build_image_template
diff --git a/bootstrap/config.py b/bootstrap/config.py
index fa313728f55..ecbc614f056 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -490,9 +490,9 @@ RPM_DISTS = {
'policycoreutils-python': 'python3-policycoreutils',
}
},
-'opensuse150': {
-'docker_image': 'opensuse/leap:15.0',
-'vagrant_box': 'opensuse/openSUSE-15.0-x86_64',
+'opensuse151': {
+'docker_image': 'opensuse/leap:15.1',
+'vagrant_box': 'opensuse/openSUSE-15.1-x86_64',
'bootstrap': ZYPPER_B
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d08a6b42004 librpc/dcesrv_core: let dcesrv_call_dispatch_local()
call context->iface->reply()
via 7bd321e71b7 librpc/dcesrv_core: assert that
dcesrv_call_dispatch_local() never gets async.
via 42e79cee3d3 librpc/dcesrv_core: make use of
dcerpc_fault_to_nt_status() in dcesrv_call_dispatch_local()
via 7c8a7e8a15b librpc/dcesrv_core: move two rpcint_dispatch() copies
into dcesrv_call_dispatch_local()
from 3b5b23ea848 examples:auth: Do not install example plugin
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d08a6b420044c0b9a8fa46dd6acd91d47476
Author: Stefan Metzmacher
Date: Fri Oct 23 11:56:19 2020 +0200
librpc/dcesrv_core: let dcesrv_call_dispatch_local() call
context->iface->reply()
This is needed in order to get NDR_PRINT_FUNCTION_DEBUG(..., NDR_OUT)
called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher
Reviewed-by: Samuel Cabrero
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Fri Oct 23 17:24:37 UTC 2020 on sn-devel-184
commit 7bd321e71b7f38994236d84795e08d3818b69dc1
Author: Stefan Metzmacher
Date: Fri Oct 23 11:54:29 2020 +0200
librpc/dcesrv_core: assert that dcesrv_call_dispatch_local() never gets
async.
This is just not supported for now...
We would need a dcesrv_call_dispatch_local_send/recv in order to
support async calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher
Reviewed-by: Samuel Cabrero
commit 42e79cee3d306a92243cc6c4898c5e280535d67b
Author: Stefan Metzmacher
Date: Fri Oct 23 11:52:57 2020 +0200
librpc/dcesrv_core: make use of dcerpc_fault_to_nt_status() in
dcesrv_call_dispatch_local()
The caller wants to get a useful NTSTATUS instead of a generic
NT_STATUS_NET_WRITE_FAULT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher
Reviewed-by: Samuel Cabrero
commit 7c8a7e8a15b433cd151afff0b52e9e5096a2c230
Author: Stefan Metzmacher
Date: Fri Oct 23 11:42:14 2020 +0200
librpc/dcesrv_core: move two rpcint_dispatch() copies into
dcesrv_call_dispatch_local()
We only need this function once, so that we need to fix bugs only once...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher
Reviewed-by: Samuel Cabrero
---
Summary of changes:
librpc/rpc/dcesrv_core.c | 76
librpc/rpc/dcesrv_core.h | 2 +
source3/rpc_server/rpc_ncacn_np.c| 65 +-
source3/winbindd/winbindd_dual_ndr.c | 65 +-
4 files changed, 80 insertions(+), 128 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index a12bf134077..064ad38b8d6 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -2971,3 +2971,79 @@ _PUBLIC_ NTSTATUS dcesrv_connection_loop_start(struct
dcesrv_connection *conn)
return NT_STATUS_OK;
}
+
+_PUBLIC_ NTSTATUS dcesrv_call_dispatch_local(struct dcesrv_call_state *call)
+{
+ NTSTATUS status;
+ struct ndr_pull *pull = NULL;
+ struct ndr_push *push = NULL;
+ struct data_blob_list_item *rep = NULL;
+
+ pull = ndr_pull_init_blob(>pkt.u.request.stub_and_verifier,
+ call);
+ if (pull == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+ call->ndr_pull = pull;
+
+ /* unravel the NDR for the packet */
+ status = call->context->iface->ndr_pull(call, call, pull, >r);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("DCE/RPC fault in call %s:%02X - %s\n",
+ call->context->iface->name,
+ call->pkt.u.request.opnum,
+ dcerpc_errstr(call, call->fault_code));
+ return dcerpc_fault_to_nt_status(call->fault_code);
+ }
+
+ status = call->context->iface->local(call, call, call->r);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("DCE/RPC fault in call %s:%02X - %s\n",
+ call->context->iface->name,
+ call->pkt.u.request.opnum,
+ dcerpc_errstr(call, call->fault_code));
+ return dcerpc_fault_to_nt_status(call->fault_code);
+ }
+
+ /* This can never go async for now! */
+ SMB_ASSERT(!(call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 61e93698e59 s4:rpc_server: Implement epmapper LookupHandleFree
via 072cdbd3713 s4:torture: Do not skip epmapper lookup terminate test
in samba4
via 054f58e468c selftest: Split samba4 epmapper expected failures into
individual tests
from 31d187be0f4 s4:selftest: test for smbtorture subunit names with and
without --fullname
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 61e93698e597ad9e2480464df94b5f2ceb57bb24
Author: Samuel Cabrero
Date: Mon Jun 29 12:49:33 2020 +0200
s4:rpc_server: Implement epmapper LookupHandleFree
Signed-off-by: Samuel Cabrero
Reviewed-by: David Mulder
Reviewed-by: Andreas Schneider
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Tue Jul 7 13:43:14 UTC 2020 on sn-devel-184
commit 072cdbd371312311377f7a4449dddb18e4605462
Author: Samuel Cabrero
Date: Mon Jun 29 12:46:50 2020 +0200
s4:torture: Do not skip epmapper lookup terminate test in samba4
Signed-off-by: Samuel Cabrero
Reviewed-by: David Mulder
Reviewed-by: Andreas Schneider
commit 054f58e468c48e1223441db73e33302454646699
Author: Samuel Cabrero
Date: Mon Jun 29 12:45:33 2020 +0200
selftest: Split samba4 epmapper expected failures into individual tests
Signed-off-by: Samuel Cabrero
Reviewed-by: David Mulder
Reviewed-by: Andreas Schneider
---
Summary of changes:
selftest/knownfail | 4 +++-
source4/rpc_server/epmapper/rpc_epmapper.c | 11 ++-
source4/torture/rpc/epmapper.c | 4
3 files changed, 13 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 9b25d22eae0..c5f1f447838 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -87,7 +87,9 @@
^samba4.local.registry.*.local.security
^samba4.rpc.wkssvc
^samba4.rpc.handles.*.lsarpc-shared
-^samba4.rpc.epmapper
+^samba4.rpc.epmapper.*.Lookup_simple
+^samba4.rpc.epmapper.*.Map_simple
+^samba4.rpc.epmapper.*.Map_full
^samba4.rpc.lsalookup on ncalrpc
^samba4.rpc.lsalookup on ncacn_np
^samba4.rpc.lsalookup with seal,padcheck
diff --git a/source4/rpc_server/epmapper/rpc_epmapper.c
b/source4/rpc_server/epmapper/rpc_epmapper.c
index 462553dfe6f..1634b9f4eaf 100644
--- a/source4/rpc_server/epmapper/rpc_epmapper.c
+++ b/source4/rpc_server/epmapper/rpc_epmapper.c
@@ -261,7 +261,16 @@ failed:
static error_status_t dcesrv_epm_LookupHandleFree(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
struct epm_LookupHandleFree *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h = NULL;
+
+ r->out.entry_handle = r->in.entry_handle;
+
+ DCESRV_PULL_HANDLE_FAULT(h, r->in.entry_handle, HTYPE_LOOKUP);
+ TALLOC_FREE(h);
+
+ ZERO_STRUCTP(r->out.entry_handle);
+
+ return EPMAPPER_STATUS_OK;
}
static error_status_t dcesrv_epm_InqObject(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
diff --git a/source4/torture/rpc/epmapper.c b/source4/torture/rpc/epmapper.c
index f32d122b36e..be0acc0946e 100644
--- a/source4/torture/rpc/epmapper.c
+++ b/source4/torture/rpc/epmapper.c
@@ -437,10 +437,6 @@ static bool test_LookupHandleFree(struct torture_context
*tctx,
NTSTATUS status;
struct epm_LookupHandleFree r;
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_skip(tctx, "Skip Insert test against Samba4");
- }
-
if (ndr_policy_handle_empty(entry_handle)) {
torture_comment(tctx,
"epm_LookupHandleFree failed - empty
policy_handle\n");
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c012f924382 third_party: Update nss_wrapper to version 1.1.11
from 53324c35d13 selftest: add two more nbt.dgram flapping tests
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c012f924382bc694d3ddcc2946bb2c1d92742aff
Author: Andreas Schneider
Date: Thu Apr 2 13:43:44 2020 +0200
third_party: Update nss_wrapper to version 1.1.11
This fixes strict aliasing which leads to segfaults on certain
architectures, e.g. armv7hl.
Signed-off-by: Andreas Schneider
Reviewed-by: Samuel Cabrero
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Mon Apr 6 17:34:53 UTC 2020 on sn-devel-184
---
Summary of changes:
buildtools/wafsamba/samba_third_party.py | 2 +-
third_party/nss_wrapper/nss_wrapper.c| 878 +++
third_party/nss_wrapper/wscript | 2 +-
3 files changed, 554 insertions(+), 328 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_third_party.py
b/buildtools/wafsamba/samba_third_party.py
index 181d0b352a5..fae9029002d 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -29,7 +29,7 @@ Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
@conf
def CHECK_NSS_WRAPPER(conf):
-return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.10')
+return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.11')
Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER
@conf
diff --git a/third_party/nss_wrapper/nss_wrapper.c
b/third_party/nss_wrapper/nss_wrapper.c
index d90264c6d24..17c87321d4d 100644
--- a/third_party/nss_wrapper/nss_wrapper.c
+++ b/third_party/nss_wrapper/nss_wrapper.c
@@ -185,6 +185,8 @@ typedef nss_status_t NSS_STATUS;
pthread_mutex_unlock(&( m ## _mutex)); \
} while(0)
+static pthread_mutex_t libc_symbol_binding_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pthread_mutex_t nss_module_symbol_binding_mutex =
PTHREAD_MUTEX_INITIALIZER;
static bool nwrap_initialized = false;
static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -201,6 +203,8 @@ static pthread_mutex_t nwrap_sp_global_mutex =
PTHREAD_MUTEX_INITIALIZER;
* nwrap_init() function.
*/
# define NWRAP_LOCK_ALL do { \
+ NWRAP_LOCK(libc_symbol_binding); \
+ NWRAP_LOCK(nss_module_symbol_binding); \
NWRAP_LOCK(nwrap_initialized); \
NWRAP_LOCK(nwrap_global); \
NWRAP_LOCK(nwrap_gr_global); \
@@ -216,6 +220,8 @@ static pthread_mutex_t nwrap_sp_global_mutex =
PTHREAD_MUTEX_INITIALIZER;
NWRAP_UNLOCK(nwrap_gr_global); \
NWRAP_UNLOCK(nwrap_global); \
NWRAP_UNLOCK(nwrap_initialized); \
+ NWRAP_UNLOCK(nss_module_symbol_binding); \
+ NWRAP_UNLOCK(libc_symbol_binding); \
} while (0);
static void nwrap_init(void);
@@ -311,107 +317,278 @@ static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
buffer);
}
-struct nwrap_libc_fns {
- struct passwd *(*_libc_getpwnam)(const char *name);
- int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd,
- char *buf, size_t buflen, struct passwd **result);
- struct passwd *(*_libc_getpwuid)(uid_t uid);
- int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf,
size_t buflen, struct passwd **result);
- void (*_libc_setpwent)(void);
- struct passwd *(*_libc_getpwent)(void);
+/*
+ * LIBC
+ */
+
+#define LIBC_NAME "libc.so"
+
+typedef struct passwd *(*__libc_getpwnam)(const char *name);
+
+typedef int (*__libc_getpwnam_r)(const char *name,
+struct passwd *pwd,
+char *buf,
+size_t buflen,
+struct passwd **result);
+
+typedef struct passwd *(*__libc_getpwuid)(uid_t uid);
+
+typedef int (*__libc_getpwuid_r)(uid_t uid,
+struct passwd *pwd,
+char *buf,
+size_t buflen,
+struct passwd **result);
+
+typedef void (*__libc_setpwent)(void);
+
+typedef struct passwd *(*__libc_getpwent)(void);
+
#ifdef HAVE_GETPWENT_R
-# ifdef HAVE_SOLARIS_GETPWENT_R
- struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf,
size_t buflen);
-# else /* HAVE_SOLARIS_GETPWENT_R */
- int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen,
struct passwd **pwbufp);
-# endif /* HAVE_SOLARIS_GETPWENT_R */
+# ifdef HAVE_SOLARIS_GETPWENT_R
+typedef struct passwd *(*__libc_getpwent_r)(struct passwd *pwbuf,
+
[SCM] Samba Shared Repository - branch master updated
via 3692290e3b0 s3:rpc_server: Register endpoint servers in external spoolssd daemon via 612c7fa341b s3:rpc_server: Register endpoint servers in external fssd daemon via 909cf570d46 s3:rpc_server: Register endpoint servers in external lsasd daemon via da5aabde57f s3:rpc_server: Register endpoint servers in external epmd daemon via d77a4e553da s3:rpc_server: Register endpoint servers for embedded services via 06f1bad0518 s3:rpc_server: Provide LSA ncacn_np secondary endpoint and LSA over Netlogon via 9331772e4ce selftests: Tests only appropiate RPC interfaces are available in smb pipes via 3bcbad0c573 selftests: Test lsa over netlogon in nt4 dc environment via dc1d34d388f s3:rpc_server: Include generated boilerplate code via 1903467014a pidl:NDR/ServerCompat: Compat server PIDL parser via d809da3acef selftest: Run python.samba.tests.dcerpc.raw_protocol against S3 ad_member from bce99f59332 gitlab-ci: Add Fedora 32 (Beta) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9496e0523ea156b5705b1d3866f0d887a6fc4d2d Author: Samuel Cabrero Date: Tue May 28 17:15:19 2019 +0200 s3:rpc_server: Remove dead code Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett Autobuild-User(master): Samuel Cabrero Autobuild-Date(master): Fri Mar 20 17:11:28 UTC 2020 on sn-devel-184 commit 93224d4184dfbc369667d6a56c08ff217d839d93 Author: Samuel Cabrero Date: Tue May 28 16:54:52 2019 +0200 s3:rpc_server: Remove unused RPC module init and shutdown callbacks The setup function registers the endpoint server and RPC core routines initialize and shutdown it. Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit e8e4ecfb8b92b99b6d566ea79a4268738e486f6a Author: Samuel Cabrero Date: Tue May 28 17:01:36 2019 +0200 s3:rpc_server: Do not generate and build s3 RPC server code Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit 4c09839ec9991bd7c1019242d5691fce123a0ec3 Author: Samuel Cabrero Date: Tue May 28 16:12:51 2019 +0200 s3:rpc_server: Do not include s3 autogenerated headers Prototype is generated by the server compat parser. Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit f6d41e5b44fd68c6f47828930bdd9f1a621a5c02 Author: Samuel Cabrero Date: Tue May 28 16:32:39 2019 +0200 s3:rpc_server: Remove api_struct Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit d891c2d389b39d1535c30ab759f1a0dd48787ec0 Author: Samuel Cabrero Date: Thu Mar 7 11:37:48 2019 +0100 s3:rpc_server: Remove dead code and unused struct members Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit 04172e966b899763d6b982a688ff6564f3deaa28 Author: Samuel Cabrero Date: Thu Feb 28 14:04:08 2019 +0100 s3:rpc_server: Remove s3 rpc server loop Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit c647c13a5487512ee198e1564a543d8156869196 Author: Samuel Cabrero Date: Mon Sep 9 18:22:43 2019 +0200 s3:rpc_server: Remove call to s3 rpc services shutdown code The rpc__shutdown function unregisters the legacy api_struct from the local dispatch table, which is not longer used as local dispatching is done through dcesrv_interface and will be removed in following commits. The dcesrv_shutdown_registered_ep_servers will unregister endpoint servers. Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlett commit 9bdf3ccde6550093daf7e5bdf4dc25cbd2c9a41d Author: Samuel Cabrero Date: Thu Dec 5 11:45:54 2019 +0100 s3:rpc_server: Switch to core dcerpc server loop This commit finally switches the RPC server implementation. At the same we have to do other related changes to keep code compiling and test environments running. First avoid moving the session_info into the allocated pipes_struct memory context as it is owned now by the core RPC server, and the s3compat pidl compiler will update the pipes_struct session_info before dispatching the call with dcesrv_call->auth_state->session_info. Also, fix a segfault in the endpoint mapper daemon when it tries to delete the endpoints previously registered over a NCALRPC connection. If we have: rpc_server : epmapper = external rpc_server : lsarpc = external rpc_daemon : epmd = fork rpc_daemon : lsasd = fork The sequence is: * The endpoint mapper starts (start_epmd in source3/smbd/server.c) * The lsarpc daemon starts (start_lsasd in source3/smbd/server.c) * The lsarpc daemon creates the sockets and registers its endpoints (rpc_ep_register in source3/rpc_server/lsasd.c) * The endpoint registration code
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f9eaf4dc713 dns: Always return SOA record for records we should know
via 8dbb8643499 dns: Extend DNS tests to check the SOA record is always
returned
from f5f89b1b990 ctdb: Use TALLOC_FREE() in a few places
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f9eaf4dc713bab48703a053c9446b6becabe18dc
Author: Samuel Cabrero
Date: Tue Oct 8 13:30:18 2019 +0200
dns: Always return SOA record for records we should know
Regression introduced by commit 4b54e14b7cf456e327b176b365e8471e0899210b,
where the number of returned records is not set by talloc_array_length
when the record is not found.
Found by DELL EMC at SDC SMB3 plugfest trying to perform a secure DNS
update.
Signed-off-by: Samuel Cabrero
Reviewed-by: Andreas Schneider
Autobuild-User(master): Samuel Cabrero
Autobuild-Date(master): Fri Nov 8 12:31:30 UTC 2019 on sn-devel-184
commit 8dbb8643499c495474f28071750cbfc2da5b60f0
Author: Samuel Cabrero
Date: Tue Oct 8 13:29:28 2019 +0200
dns: Extend DNS tests to check the SOA record is always returned
Signed-off-by: Samuel Cabrero
Reviewed-by: Andreas Schneider
---
Summary of changes:
python/samba/tests/dns.py | 19 +++
source4/dns_server/dns_query.c | 33 +
2 files changed, 44 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 275d4fcd692..1dd1f549a33 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -264,6 +264,25 @@ class TestSimpleQueries(DNSTest):
# But we do respond with an authority section
self.assertEqual(response.nscount, 1)
+def test_soa_unknown_hostname_query(self):
+"create a SOA query for an unknown hostname"
+p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+questions = []
+
+name = "foobar.%s" % (self.get_dns_domain())
+q = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+questions.append(q)
+
+self.finish_name_packet(p, questions)
+(response, response_packet) =\
+self.dns_transaction_udp(p, host=server_ip)
+self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN)
+self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+# We don't get SOA records for single hosts
+self.assertEquals(response.ancount, 0)
+# But we do respond with an authority section
+self.assertEqual(response.nscount, 1)
+
def test_soa_domain_query(self):
"create a SOA query for a domain"
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index b75fabe7e82..762bcca6fb6 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -645,20 +645,12 @@ static void handle_authoritative_done(struct tevent_req
*subreq)
static WERROR handle_authoritative_recv(struct tevent_req *req)
{
- struct handle_authoritative_state *state = tevent_req_data(
- req, struct handle_authoritative_state);
WERROR werr;
if (tevent_req_is_werror(req, )) {
return werr;
}
- werr = add_zone_authority_record(state->dns, state, state->question,
-state->nsrecs);
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
return WERR_OK;
}
@@ -1091,6 +1083,7 @@ static void dns_server_process_query_got_auth(struct
tevent_req *subreq)
struct dns_server_process_query_state *state = tevent_req_data(
req, struct dns_server_process_query_state);
WERROR werr;
+ WERROR werr2;
werr = handle_authoritative_recv(subreq);
TALLOC_FREE(subreq);
@@ -1103,6 +1096,20 @@ static void dns_server_process_query_got_auth(struct
tevent_req *subreq)
/* If you have run out of forwarders, simply finish */
if (state->forwarders == NULL) {
+ werr2 = add_zone_authority_record(state->dns,
+ state,
+ state->question,
+ >nsrecs);
+ if (tevent_req_werror(req, werr2)) {
+ DBG_WARNING("Failed to add SOA record: %s\n",
+ win_errstr(werr2));
+ return;
+ }
+
+ state->ancount = talloc_arra
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi Jacó, we had the same problem and this patch worked for us: https://attachments.samba.org/attachment.cgi?id=9210 Cheers. On Sunday 13 October 2013 19:13:10 Jacó Ramos wrote: Hi Andrew... Aplied patch but not work! Same error! Thanks! Jacó Ramos 2013/10/12 Andrew Bartlett abart...@samba.org On Fri, 2013-10-11 at 12:06 -0300, Jacó Ramos wrote: Hi guys, When run join in DC root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC= jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur ation,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur ation,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC= jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# Sorry about that. Try the attached patch. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Samuel Cabrero - Developer scabr...@zentyal.com Easy IT for small business www.zentyal.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] \map to guest = bad user\ ignored in Samba 4?
Hi Andrew,
I have written a small patch for this issue. I would appreciate if someone
could take a look at and comment. I have tested it on XP machines and seems to
work properly.
Cheers.
--
Samuel Cabrero - Developer
scabr...@zentyal.com
Easy IT for small business
www.zentyal.comdiff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index f234f72..582eb0d 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -69,6 +69,58 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
}
/
+ Look for the guest account in the sam, return ldb result structures
+/
+
+static NTSTATUS authsam_search_guest_account(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ struct ldb_dn *domain_dn,
+ struct ldb_message **ret_msg)
+{
+ int ret;
+ const struct dom_sid *domain_sid;
+ struct dom_sid *guest_sid;
+
+ domain_sid = samdb_domain_sid(sam_ctx);
+ if (domain_sid == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ guest_sid = dom_sid_add_rid(mem_ctx, domain_sid, DOMAIN_RID_GUEST);
+ if (guest_sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* pull the user attributes */
+ ret = dsdb_search_one(sam_ctx, mem_ctx, ret_msg, domain_dn,
+ LDB_SCOPE_SUBTREE,
+ user_attrs,
+ DSDB_SEARCH_SHOW_EXTENDED_DN,
+ ((objectSID=%s)(objectclass=user)),
+ ldap_encode_ndr_dom_sid(mem_ctx, guest_sid));
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ DEBUG(3,(%s: Couldn't find guest user in samdb, under %s\n,
+ __func__,
+ ldb_dn_get_linearized(domain_dn)));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ /* Return no such user if the account is disabled */
+ uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
+ *ret_msg, domain_dn);
+ if (acct_flags ACB_DISABLED) {
+ DEBUG(3,(%s: Account for guest user is disabled.\n,
+ __func__));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
/
@@ -269,15 +321,28 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return NT_STATUS_NO_SUCH_DOMAIN;
}
- nt_status = authsam_search_account(tmp_ctx, ctx-auth_ctx-sam_ctx, account_name, domain_dn, msg);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- nt_status = authsam_authenticate(ctx-auth_ctx, tmp_ctx, ctx-auth_ctx-sam_ctx, domain_dn, msg, user_info,
- user_sess_key, lm_sess_key);
- if (!NT_STATUS_IS_OK(nt_status)) {
+ nt_status = authsam_search_account(tmp_ctx, ctx-auth_ctx-sam_ctx,
+ account_name, domain_dn, msg);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ nt_status = authsam_authenticate(ctx-auth_ctx,
+tmp_ctx, ctx-auth_ctx-sam_ctx, domain_dn,
+msg, user_info, user_sess_key, lm_sess_key);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
+ DEBUG(3, (%s: User %s not found, mapping to guest account\n,
+ __func__, account_name));
+ nt_status = authsam_search_guest_account(tmp_ctx,
+ctx-auth_ctx-sam_ctx, domain_dn, msg);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+ user_sess_key = data_blob(NULL, 0);
+ lm_sess_key = data_blob(NULL, 0);
+ } else {
talloc_free(tmp_ctx);
return nt_status;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
