[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5199eb14123 gp: Apply Firewalld Policy
via cd73e410134 gp: Test Firewalld Group Policy Apply
via d3eb2a5de91 gp: Add Firewalld ADMX templates
from 494eb0c22a6 debug: Add new smb.conf option "debug syslog format"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5199eb14123b26b02d3a4d10d514b37688f9b580
Author: David Mulder
Date: Thu Oct 14 15:36:52 2021 -0600
gp: Apply Firewalld Policy
Signed-off-by: David Mulder
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Mon Nov 1 21:16:43 UTC 2021 on sn-devel-184
commit cd73e4101347f1e3c1bb865f9a9c361b3771fd34
Author: David Mulder
Date: Tue Oct 12 12:54:09 2021 -0600
gp: Test Firewalld Group Policy Apply
Signed-off-by: David Mulder
Reviewed-by: Jeremy Allison
commit d3eb2a5de91c7c57fe07d983722c7c21e927ddde
Author: David Mulder
Date: Wed Oct 6 12:46:26 2021 -0600
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder
Reviewed-by: Jeremy Allison
---
Summary of changes:
libgpo/admx/en-US/samba.adml | 81 ++
libgpo/admx/samba.admx | 17
python/samba/gp_firewalld_ext.py | 158 +++
python/samba/tests/bin/firewall-cmd | 110
python/samba/tests/gpo.py| 111
source4/scripting/bin/samba-gpupdate | 2 +
6 files changed, 479 insertions(+)
create mode 100644 python/samba/gp_firewalld_ext.py
create mode 100755 python/samba/tests/bin/firewall-cmd
Changeset truncated at 500 lines:
diff --git a/libgpo/admx/en-US/samba.adml b/libgpo/admx/en-US/samba.adml
index a954c41a7d0..7bac33c4554 100755
--- a/libgpo/admx/en-US/samba.adml
+++ b/libgpo/admx/en-US/samba.adml
@@ -3127,6 +3127,78 @@ Example: 192.9.200.1 192.168.2.61
U Insert the string "1 user" or "n users" where n
is the number of current users logged in.
v Insert the version of the OS, that is, the build-date and
such.
+ Firewalld
+ Zones
+ A list of
zones to create. Existing zones on the host will be unaffected.
+
+Rule creation for zones is handled in the Rules setting.
+ Rules
+ A JSON
dictionary, containing zones paired with a list of rules.
+
+For example, to create rules for the Work and Home zones, specify the
following JSON:
+
+{
+ "work": [
+{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service
name": "ftp", "reject": {}},
+{"rule": {}, "source address": "172.25.1.8", "service name": "ftp",
"reject": {}}
+ ],
+ "home": [
+{"rule": {}, "protocol value": "icmp", "reject": {}},
+{"rule": {"family": "ipv4"}, "source address": "192.168.1.2/32", "service
name": "telnet", "accept": {"limit value": "1/m"}}
+ ]
+}
+
+An improperly formatted JSON will be ignored.
+
+The rule structure loosely follows the Firewalld Rich Language Documentation.
+
+General rule structure:
+{
+ "rule": {
+"family": "ipv4 | ipv6",
+"priority": "priority"
+ },
+ "source [not] address | mac | ipset": "address[/mask] | mac-address | ipset",
+ "destination [not] adress": "address[/mask]",
+ "service name": "service name",
+ "port": {
+"port": "port value",
+"protocol": "tcp | udp"
+ }
+ "protocol value": "protocol value",
+ "icmp-block name": "icmptype name",
+ "Masquerade": true|false,
+ "icmp-type": "icmptype name",
+ "forward-port": {
+"port": "port value",
+"protocol": "tcp | udp",
+"to-port": "port value",
+"to-addr": "address"
+ },
+ "source-port": {
+"port": "port value",
+"protocol": "tcp | udp"
+ },
+ "log": {
+"prefix": "prefix text",
+"level": "emerg | alert | crit | error | warning | notice | info | debug",
+"limit value": "rate/duration"
+ },
+ "audit": {
+"limit value": "rate/duration"
+ },
+ "accept" : {
+"limit value": "rate/duration"
+ } | "reject": {
+"type": "reject type",
+"limit value": "rate/duration"
+ } | "drop": {
+"limit value": "rate/duration"
+ } | "mark": {
+"set": "mark[/mask]",
+"limit value": "rate/duration"
+ }
+}
@@ -4645,6 +4717,15 @@ Example: 192.9.200.1 192.168.2.61
Welcome to \s \r \l
+
+Firewalld
Zones
+
+
+
+ Firewalld Rules
+ {}
+
+
diff --git a/libgpo/admx/samba.admx b/libgpo/admx/samba.admx
index d09956d5394..8db67966e39 100755
--- a/libgpo/admx/samba.admx
+++ b/libgpo/admx/samba.admx
@@ -20,6 +20,9 @@
+
+
+
@@ -2528,5 +2531,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 494eb0c22a6 debug: Add new smb.conf option "debug syslog format" via 5e1e9d74ab6 debug: Add debug_syslog_format setting from be3a47e22ad s3:modules:recycle - fix crash in recycle_unlink_internal https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 494eb0c22a67f0a9672a53f8941ad6fecf291a77 Author: Martin Schwenke Date: Sun Oct 31 11:59:30 2021 +1100 debug: Add new smb.conf option "debug syslog format" Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184 commit 5e1e9d74ab6f59a62ac8dae3239299a0ef334708 Author: Martin Schwenke Date: Thu Oct 28 19:05:19 2021 +1100 debug: Add debug_syslog_format setting Without debug_hires_timestamp this produces a syslog style header containing: "MON DD HH:MM:SS HOSTNAME PROGNAME[PID] " With debug_hires_timestamp this produces a syslog style header containing: "RFC5424-TIMESTAMP HOSTNAME PROGNAME[PID] " All other settings are ignored. This will be made visible via smb.conf in a subsequent commit. This commit adds some simple hostname handling. It avoids using get_myname() from util.c because using that potentially pulls in all manner of dependencies. No real error handling is done. In the worst case debug_set_hostname() sets the hostname to a truncated version of the given string. Similarly, in an even weirder world, ensure_hostname() sets the hostname to a truncation of "unknown". Both of these are unlikely in all reasonable cases. Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme --- Summary of changes: .../smbdotconf/logging/debughirestimestamp.xml | 3 +- docs-xml/smbdotconf/logging/debugsyslogformat.xml | 21 ++ lib/param/loadparm.c | 2 + lib/util/debug.c | 75 +- lib/util/debug.h | 2 + lib/util/debug_s3.c| 2 + source3/param/loadparm.c | 1 + 7 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 docs-xml/smbdotconf/logging/debugsyslogformat.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/logging/debughirestimestamp.xml b/docs-xml/smbdotconf/logging/debughirestimestamp.xml index 72598d757ca..79d928ab3d9 100644 --- a/docs-xml/smbdotconf/logging/debughirestimestamp.xml +++ b/docs-xml/smbdotconf/logging/debughirestimestamp.xml @@ -9,7 +9,8 @@ -Note that the parameter must be on for this to have an effect. +Note that the parameter or + must be on for this to have an effect. diff --git a/docs-xml/smbdotconf/logging/debugsyslogformat.xml b/docs-xml/smbdotconf/logging/debugsyslogformat.xml new file mode 100644 index 000..f943f3a5323 --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugsyslogformat.xml @@ -0,0 +1,21 @@ +http://www.samba.org/samba/DTD/samba-doc;> + + +With this option enabled, debug messages are printed in a +single-line format like that traditionally produced by syslog. +The timestamp consists of an abbreviated month, space-padded date, +and time including seconds. This is followed by the hostname and +the program name, with the process-ID in square brackets. + + + +If is also enabled +then an RFC5424 timestamp is used instead. + + + +no + diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 2eac1ba7c38..9c725402758 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2559,6 +2559,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "debug timestamp", "Yes"); lpcfg_do_global_parameter(lp_ctx, "debug prefix timestamp", "No"); lpcfg_do_global_parameter(lp_ctx, "debug hires timestamp", "Yes"); + lpcfg_do_global_parameter(lp_ctx, "debug syslog format", "No"); lpcfg_do_global_parameter(lp_ctx, "debug pid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug uid", "No"); lpcfg_do_global_parameter(lp_ctx, "debug class", "No"); @@ -3102,6 +3103,7 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx) settings.timestamp_logs = lp_ctx->globals->timestamp_logs; settings.debug_prefix_timestamp = lp_ctx->globals->debug_prefix_timestamp; settings.debug_hires_timestamp = lp_ctx->globals->debug_hires_timestamp; + settings.debug_syslog_format = lp_ctx->globals->debug_syslog_format; settings.debug_pid = lp_ctx->globals->debug_pid; settings.debug_uid = lp_ctx->globals->debug_uid;
