[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ef1dbcdc6cb torture: Allow Samba as an AD DC to use zeros for LM key via cb691c51ee2 torture: Do not expect LM passwords to be accepted except by samba3 via ac79ce221f0 torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for LM key via faea2f8a6b5 selftest: Remove auth_log test for RAP password change via d0b922bd51d ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default via 4234e9b05fa s3-ntlm_auth: Convert table of tests in --diagnostics to designated initialisers via 75c54d54ad9 dsdb: Remove LM hash parameter from samdb_set_password() and callers via a2fa7f427aa selftest: Allow RPC-SAMR to cope with OemChangePasswordUser2 being un-implemented via 45af51fd6e1 selftest: Cope with LM hash not being stored in the tombstone_reanimation test via f161e3f18f0 dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute via 0f53bfe7230 s4-rpc_server: Do not use LM hash in password changes via 6aaa1245630 s4-auth: Do not supply the LM hash to the AD DC authentication code via 2dbc8b98435 s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes" via 09eaf7403e8 s4/dsdb: Remove LM password generation and storage from password_hash via 338492d3457 s4-rpc_server: Remove pre-check for existing NT and LM hash from netlogon via 557b1ab5f96 kdc: Remove pre-check for existing NT and LM hash from kpasswd via 0a907c2f45c dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID via 1144addec50 dsdb: No longer supply exact password hashes in a control to indicate password changes via 9cec421d4df selftest: run s4member tests less via 4e21be7e89c selftest: Remove duplicate run of rpc.lsa tests against ad_dc as "samba3" via 5e9cb0ad208 selftest: Remove duplicate run of rpc.samr tests against ad_dc as "samba3" via 28fc8df722b selftest: Allow samba.tests.ntlm_auth to fail rather than error checking --diagnostics via 5b41c871d9b selftest: Use more torture_assert_goto() et al in rpc.samlogon test from def505e68be wafsamba: Fix call to sorted() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ef1dbcdc6cbf723bb98280c798484ea7de36eb96 Author: Andrew Bartlett Date: Mon Feb 28 13:24:31 2022 +1300 torture: Allow Samba as an AD DC to use zeros for LM key This is simple, explainable and secure. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184 commit cb691c51ee2e4b0a2d64234383dffddba00bb257 Author: Andrew Bartlett Date: Mon Feb 28 13:19:58 2022 +1300 torture: Do not expect LM passwords to be accepted except by samba3 This allows Samba as an AD DC (compared with the fileserver/NT4-like DC mode) to match windows and refuse all LM passwords, no matter what. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit ac79ce221f0536bf0643b25f157bac2621bef4cf Author: Andrew Bartlett Date: Mon Feb 28 10:07:35 2022 +1300 torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for LM key Not all cases are covered, but this much covers the areas that Samba and Win19 will agree on. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit faea2f8a6b54714c50e0a5b15bd1775d67944e06 Author: Andrew Bartlett Date: Fri Feb 18 12:55:57 2022 +1300 selftest: Remove auth_log test for RAP password change RAP is SMB1, the password change routine requires LM hashes and so everything here is going away or has now gone, so remove the test. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit d0b922bd51d0c75ac9d850ceac689707cd24cf92 Author: Andrew Bartlett Date: Thu Feb 17 17:50:43 2022 +1300 ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 4234e9b05fade4339dab99f296776d5f55bd8629 Author: Andrew Bartlett Date: Thu Feb 17 10:48:54 2022 +1300 s3-ntlm_auth: Convert table of tests in --diagnostics to designated initialisers This makes it easeir to set some as "LM auth". Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 75c54d54ad9fdff7098c1b4f11252528f35ea658 Author: Andrew Bartlett Date: Thu Feb 17 07:35:54 2022 +1300 dsdb: Remove LM hash parameter from samdb_set_password() and callers This fixes the rpc.samr test because we no longer specify an LM hash to the DSDB layer only to have it
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via def505e68be wafsamba: Fix call to sorted() via 005866b1092 s4-smbtorture: Fix typo in assertion message via 27dd0afb62d python/ntacls.py: Fix ACE type comparison via 52afaa0ceb5 s4:policy: Fix ACE type comparison via 95abdbcbb8c dsdb audit tests: Use assert_in_range() for comparing timestamps via 591db0ccc09 dsdb audit tests: Fix flapping test via 2a8ae72bc01 samba-tool: Fix typo via c4ecb66715c s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin via 1a28d97fefe s4:kdc: Remove trailing whitespace in wdc-samba4.c via 2380c7eab4d s4:kdc: Remove ks_is_tgs_principal() via c78f5b724be s4:kdc: Use samba_kdc_update_pac() in mit_samba_update_pac() via b59c55e0528 s4:kdc: Use samba_kdc_update_pac() in mit_samba_reget_pac() via 0828cbd4bfe s4:kdc: Implement common samba_kdc_update_pac() via 27554581c1d s4:kdc: Make pac parameter of samba_client_requested_pac() const via 95cdbe1724f s4:kdc: Cleanup include files in pac-glue.c via a84cabf4711 lib:krb5_wrap: Implement smb_krb5_principal_is_tgs() via 1f24724b24e auth: Add required headers to auth_sam_reply.h via 27dd3d9fca0 s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy() via 70b4660c208 s4:kdc: Make sure ret is set if we goto bad_option via 94e9b338338 s4:kdc: Fix return code in mit_samba_update_pac() via 18dbdf6aace python:tests: Fix type error in raw_testcase.py via 5294dc80090 s4:kdc: tunnel the check_client_access status to hdb_samba4_audit() via b01388da8a7 s4-kdc: Handle previously unhandled auth event types from 70b9977a46e s3:libsmb: Fix errno for failed authentication in SMBC_server_internal() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit def505e68be66e0179a345d3f7e2bd930712e150 Author: Joseph Sutton Date: Tue Feb 15 20:05:55 2022 +1300 wafsamba: Fix call to sorted() In Python 3, sorted() does not take a 'cmp' parameter, so we need to use the 'key' parameter instead. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 17 01:36:59 UTC 2022 on sn-devel-184 commit 005866b10922c8dd59d334f1a77712be33213986 Author: Joseph Sutton Date: Tue Feb 15 09:25:38 2022 +1300 s4-smbtorture: Fix typo in assertion message Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 27dd0afb62d4f7427c966e984c7c8b01bc4d93b5 Author: Joseph Sutton Date: Fri Mar 4 16:11:42 2022 +1300 python/ntacls.py: Fix ACE type comparison SEC_ACE_TYPE_ values are not flags, so this comparison does not behave as intended. Modify the check to more closely match the one in gp_create_gpt_security_descriptor(). Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 52afaa0ceb5f2a372c075f64c5ae445621263b36 Author: Joseph Sutton Date: Wed Mar 2 17:14:42 2022 +1300 s4:policy: Fix ACE type comparison SEC_ACE_TYPE_ values are not flags, so this comparison does not behave as intended. Modify the check to more closely match the comment. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 95abdbcbb8c96bb58aa1fe08ddc5c8280e9e6a30 Author: Joseph Sutton Date: Thu Mar 17 11:20:45 2022 +1300 dsdb audit tests: Use assert_in_range() for comparing timestamps This can make the code clearer. assert_in_range() takes only integer parameters, but POSIX allows us to assume that time_t is an integer. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 591db0ccc090f49c74dff8dab6a7240432d03024 Author: Joseph Sutton Date: Tue Sep 28 20:42:36 2021 +1300 dsdb audit tests: Fix flapping test Use gettimeofday() to obtain the current time for comparison, to be consistent with audit_logging.c. On Linux, time() may occasionally return a smaller value than gettimeofday(), despite being called later. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 2a8ae72bc0125e22b2637b961ca3b03a16774dcb Author: Joseph Sutton Date: Thu Mar 18 19:22:52 2021 +1300 samba-tool: Fix typo Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit c4ecb66715caec7cb900f6bdf6b7ad749c4ef037 Author: Andreas Schneider Date: Mon Mar 7 10:41:41 2022 +0100 s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit 1a28d97fefed6391e4d4e9c37b51baac598a66cc Author: Andreas Schneider Date: Mon Mar 7 13:15:08 2022 +0100 s4:kdc: Remove trailing whitespace in wdc-samba4.c Signed-off-by: Andreas Schneider
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 70b9977a46e s3:libsmb: Fix errno for failed authentication in
SMBC_server_internal()
via fb13c7c94f1 vfs: Getting exact attribute value during gpfs_stat_x
calls
from 68d181ee676 s3:libads: Fix creating local krb5.conf
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 70b9977a46e5242174b4461a7f49d5f640c1db62
Author: Elia Geretto
Date: Fri Mar 11 19:32:30 2022 +0100
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto
Reviewed-by: Jeremy Allison
Reviewed-by: Volker Lendecke
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
commit fb13c7c94f17283615953ce3bf690722c6918e9f
Author: Archana
Date: Mon Mar 14 15:16:17 2022 +0530
vfs: Getting exact attribute value during gpfs_stat_x calls
To properly update the filesize on all cluster nodes simultaneously
Signed-off-by: Archana Chidirala
Reviewed-by: Volker Lendecke
Reviewed-by: Jeremy Allison
---
Summary of changes:
source3/libsmb/libsmb_server.c | 2 +-
source3/modules/vfs_gpfs.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index b92477c88fe..09d27868c0e 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -572,7 +572,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
!NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
cli_shutdown(c);
-errno = EPERM;
+ errno = map_errno_from_nt_status(status);
return NULL;
}
}
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 1444d44bbb9..004c74cd43a 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1482,7 +1482,7 @@ static NTSTATUS vfs_gpfs_fget_dos_attributes(struct
vfs_handle_struct *handle,
char buf[PATH_MAX];
const char *p = NULL;
struct gpfs_iattr64 iattr = { };
- unsigned int litemask;
+ unsigned int litemask = GPFS_SLITE_EXACT_BITS;
struct timespec ts;
uint64_t file_id;
NTSTATUS status;
@@ -1988,7 +1988,7 @@ static int vfs_gpfs_check_pathref_fstat_x(struct
gpfs_config_data *config,
struct connection_struct *conn)
{
struct gpfs_iattr64 iattr = {0};
- unsigned int litemask;
+ unsigned int litemask = GPFS_SLITE_EXACT_BITS;
int saved_errno;
int fd;
int ret;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated
via 2a9a5185553 s4:auth: let authenticate_ldap_simple_bind() pass down
the mapped nt4names
via 65498505cbf auth: let auth logging prefer
user_info->orig_client.{account,domain}_name if available
via f4179deb273 s4:auth: rename user_info->mapped_state to
user_info->cracknames_called
via 8fa656cdeed winbindd: don't set mapped_state in
winbindd_dual_auth_passdb()
via 9b631f4efeb nsswitch: let test_wbinfo.sh also test wbinfo -a
$USERNAME@$DOMAIN
via 57401a170aa s3:auth: make_user_info_map() should not set
mapped_state
via 311a4cc141a s4:auth: fix confusing DEBUG message in
authsam_want_check()
via 8bdf62eb2d3 s4:auth: check for user_info->mapped.account_name if it
needs to be filled
via 9981c6731d0 s4:rpc_server/samr: don't set mapped_state in
auth_usersupplied_info for audit logging
via e0222e2fd8b s4:kdc: don't set mapped_state in
auth_usersupplied_info for audit logging
via 7ef4c442c63 s4:dsdb: don't set mapped_state in
auth_usersupplied_info for audit logging
via 1d8369c9232 s4:smb_server: don't set mapped_state explicitly in
auth_usersupplied_info
via 9d4b98aa568 auth/ntlmssp: don't set mapped_state explicitly in
auth_usersupplied_info
via 1ead3a4d0dd s4:auth: encrypt_user_info() should set password_state
instead of mapped_state
via dd91493ed62 s4:auth: a simple bind uses the DCs name as workstation
via e7a0e1db90d s3:rpc_client: let rpccli_netlogon_network_logon()
fallback to workstation = lp_netbios_name()
via c331fc104e7 rodc: Add tests for simple BIND alongside NTLMSSP binds
via 1a0d92a9bef s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as
inducation for an interactive logon
via f0891c0a891 s3:auth: let make_user_info_netlogon_interactive() set
USER_INFO_INTERACTIVE_LOGON
via 2472d44f9c9 dsdb/tests: add test_login_basics_simple()
via 50954766056 dsdb/tests: prepare BasePasswordTestCase for simple
bind tests
via 275f57f3796 dsdb/tests: introduce assertLoginSuccess
via 845d3674286 dsdb/tests: make use of assertLoginFailure helper
via 6e43d4ca919 dsdb/tests: let all BasePasswordTestCase tests provide
self.host_url[_ldaps]
via 657c7c9a34b dsdb/tests: passwords.py don't need to import
BasePasswordTestCase
via 5ca48372032 python:tests: let insta_creds() also copy the bind_dn
from the template
from 0e793fe124b s3: smbd: Fix our leases code to return the correct
error in the non-dynamic share case.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -
commit 2a9a5185553ba7b4abc6e65680f881ee936842a1
Author: Stefan Metzmacher
Date: Thu Mar 3 11:10:00 2022 +0100
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
Autobuild-User(v4-14-test): Jule Anger
Autobuild-Date(v4-14-test): Wed Mar 16 15:37:02 UTC 2022 on sn-devel-184
commit 65498505cbfab81471e77fd1eedad4c7374be32d
Author: Stefan Metzmacher
Date: Thu Mar 3 11:10:00 2022 +0100
auth: let auth logging prefer user_info->orig_client.{account,domain}_name
if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
[SCM] Samba Shared Repository - branch v4-16-test updated
The branch, v4-16-test has been updated
via bf8f8c592b0 s4:auth: let authenticate_ldap_simple_bind() pass down
the mapped nt4names
via 7bb17ee5134 auth: let auth logging prefer
user_info->orig_client.{account,domain}_name if available
via f4e39095450 s4:auth: rename user_info->mapped_state to
user_info->cracknames_called
via 1e617128adb winbindd: don't set mapped_state in
winbindd_dual_auth_passdb()
via cd29a661e0f nsswitch: let test_wbinfo.sh also test wbinfo -a
$USERNAME@$DOMAIN
via c46c341016d s3:auth: make_user_info_map() should not set
mapped_state
via a219a81ff89 s4:auth: fix confusing DEBUG message in
authsam_want_check()
via e691165b4de s4:auth: check for user_info->mapped.account_name if it
needs to be filled
via 03996701fb5 s4:rpc_server/samr: don't set mapped_state in
auth_usersupplied_info for audit logging
via b353567acf0 s4:kdc: don't set mapped_state in
auth_usersupplied_info for audit logging
via 20be02ecfde s4:dsdb: don't set mapped_state in
auth_usersupplied_info for audit logging
via 7b31dcbd704 s4:smb_server: don't set mapped_state explicitly in
auth_usersupplied_info
via 27a8698ced5 auth/ntlmssp: don't set mapped_state explicitly in
auth_usersupplied_info
via 6841fdef65b s4:auth: encrypt_user_info() should set password_state
instead of mapped_state
via 9898afd747f s4:auth: a simple bind uses the DCs name as workstation
via 80f35f7ab6a s3:rpc_client: let rpccli_netlogon_network_logon()
fallback to workstation = lp_netbios_name()
via fcec3b21d9a rodc: Add tests for simple BIND alongside NTLMSSP binds
via 64b2075c119 s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as
inducation for an interactive logon
via cafbb3e7307 s3:auth: let make_user_info_netlogon_interactive() set
USER_INFO_INTERACTIVE_LOGON
via d92b46a4c04 dsdb/tests: add test_login_basics_simple()
via 54bb3569e5d dsdb/tests: prepare BasePasswordTestCase for simple
bind tests
via 4b245891416 dsdb/tests: introduce assertLoginSuccess
via c35de738dad dsdb/tests: make use of assertLoginFailure helper
via ff7ffbdf612 dsdb/tests: let all BasePasswordTestCase tests provide
self.host_url[_ldaps]
via 43c4dc75e21 dsdb/tests: passwords.py don't need to import
BasePasswordTestCase
via 528ed90d03a python:tests: let insta_creds() also copy the bind_dn
from the template
from 1fcb5ed30f9 s4-kdc: Fix memory leak in FAST cookie handling
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -
commit bf8f8c592b0395562a7bd296505c24ec09f65e4b
Author: Stefan Metzmacher
Date: Thu Mar 3 11:10:00 2022 +0100
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
Autobuild-User(v4-16-test): Jule Anger
Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184
commit 7bb17ee5134fa8cbcc2278da142defa4834bd2b3
Author: Stefan Metzmacher
Date: Thu Mar 3 11:10:00 2022 +0100
auth: let auth logging prefer user_info->orig_client.{account,domain}_name
if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 68d181ee676 s3:libads: Fix creating local krb5.conf via 12c843ad0a9 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string() via cca189d0934 s3:libads: Remove obsolete free's of kdc_str via 652c8ce1672 s3:libads: Allocate all memory on the talloc stackframe via 812032833aa s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string() via 7f721dc2eee s3:libads: Improve debug messages for get_kdc_ip_string() via 313f03c7848 s3:libads: Leave early on error in get_kdc_ip_string() via 567b1996796 s3:libads: Remove trailing spaces in kerberos.c via d2ac90cdd56 testprogs: Add test that local krb5.conf has been created from d8e966da1c8 smbd: Remove a few vfs_stat() calls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c Author: Andreas Schneider Date: Tue Mar 15 13:10:06 2022 +0100 s3:libads: Fix creating local krb5.conf We create an KDC ip string entry directly at the beginning, use it if we don't have any additional DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184 commit 12c843ad0a97fcbaaea738b82941533e5d2aec99 Author: Andreas Schneider Date: Tue Mar 15 13:02:05 2022 +0100 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit cca189d0934790418e27d9d01282370b1e6a057f Author: Andreas Schneider Date: Tue Mar 15 12:57:18 2022 +0100 s3:libads: Remove obsolete free's of kdc_str This is allocated on the stackframe now! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit 652c8ce1672dfead00c7af6af22e3bb3927764ec Author: Andreas Schneider Date: Tue Mar 15 12:56:58 2022 +0100 s3:libads: Allocate all memory on the talloc stackframe BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit 812032833aa65729dbbfd4313a6e3fe072c88530 Author: Andreas Schneider Date: Tue Mar 15 12:48:23 2022 +0100 s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26 Author: Andreas Schneider Date: Tue Mar 15 12:10:47 2022 +0100 s3:libads: Improve debug messages for get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit 313f03c78487ae49747b8143220ecbfe8ad9310a Author: Andreas Schneider Date: Tue Mar 15 12:04:34 2022 +0100 s3:libads: Leave early on error in get_kdc_ip_string() This avoids useless allocations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit 567b1996796e5d3cf572653f38817d832fa135ca Author: Andreas Schneider Date: Tue Mar 15 12:03:40 2022 +0100 s3:libads: Remove trailing spaces in kerberos.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f Author: Andreas Schneider Date: Tue Mar 15 16:53:02 2022 +0100 testprogs: Add test that local krb5.conf has been created BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner --- Summary of changes: source3/libads/kerberos.c | 80 +- testprogs/blackbox/test_net_ads.sh | 6 +++ 2 files changed, 50 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 75beeef4a44..3fd86e87064 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. kerberos utility library Copyright (C) Andrew Tridgell 2001 @@ -37,11 +37,11 @@ #define LIBADS_CCACHE_NAME "MEMORY:libads" /* - we use a prompter to avoid a crash bug in the kerberos libs when + we use a prompter to avoid a crash bug in the kerberos libs when dealing with empty passwords
