The branch, master has been updated via f1a204d3154 gp: sshd policy correctly sort policy via de009c194c1 tests: Replace iconv(1) UTF-16LE conversion with a python3 call via ce31acf28d3 selftest: Report "unknown environment" if setup returns "UNKNOWN" via e480868509e build:waf: Check value of GNU_TLS_* with detected env via 25b2c07a9d7 build:wafsamba: Allow lib for CHECK_VALUEOF() from 303d2109f63 s4:kdc: Check lifetime of correct ticket
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f1a204d315473f5d87363259004358e2c0c5f450 Author: David Mulder <dmul...@samba.org> Date: Thu May 18 11:28:46 2023 +0200 gp: sshd policy correctly sort policy The sshd_config man page says that key value pairs 'the first obtained value will be used'. So we need to sort policies from last to first. Signed-off-by: David Mulder <dmul...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri May 19 01:23:19 UTC 2023 on atb-devel-224 commit de009c194c148ab0d38b6b82e0b4e8c900a6627c Author: SATOH Fumiyasu <fumi...@osstech.co.jp> Date: Fri May 12 14:53:10 2023 +0900 tests: Replace iconv(1) UTF-16LE conversion with a python3 call GNU libiconv and its iconv(1) do NOT define 'utf16le' as an alias of 'UTF-16LE' encoding. Signed-off-by: SATOH Fumiyasu <fumi...@osstech.co.jp> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> commit ce31acf28d3c4474b21aa2d8a2b7acc3d751ad92 Author: SATOH Fumiyasu <fumi...@osstech.co.jp> Date: Sat May 13 22:30:04 2023 +0900 selftest: Report "unknown environment" if setup returns "UNKNOWN" Samba*::setup_*() may return the string "UNKNOWN". ``` $ ./configure --with-ads ... ... $ make ... $ make test ... Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at /.../samba-4.18.2/selftest/target/Samba.pm line 131. ``` Signed-off-by: SATOH Fumiyasu <fumi...@osstech.co.jp> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit e480868509ead997f954d939225bc0219397293a Author: SATOH Fumiyasu <fumi...@osstech.co.jp> Date: Tue May 9 16:54:16 2023 +0900 build:waf: Check value of GNU_TLS_* with detected env Signed-off-by: SATOH Fumiyasu <fumi...@osstech.co.jp> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 25b2c07a9d7fd921dcae0b4e94d9f735d076f303 Author: SATOH Fumiyasu <fumi...@osstech.co.jp> Date: Tue May 9 16:52:04 2023 +0900 build:wafsamba: Allow lib for CHECK_VALUEOF() Signed-off-by: SATOH Fumiyasu <fumi...@osstech.co.jp> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_autoconf.py | 3 ++- python/samba/gp/vgp_openssh_ext.py | 18 +++++++++++++----- selftest/target/Samba.pm | 4 ++++ source3/script/tests/test_rpcclient_pw_nt_hash.sh | 2 +- wscript_configure_system_gnutls | 4 ++-- 5 files changed, 22 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 75d5f4acbcc..8541d003e2a 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -364,7 +364,7 @@ def CHECK_SIGN(conf, v, headers=None): return False @conf -def CHECK_VALUEOF(conf, v, headers=None, define=None): +def CHECK_VALUEOF(conf, v, headers=None, define=None, lib=None): '''check the value of a variable/define''' ret = True v_define = define @@ -376,6 +376,7 @@ def CHECK_VALUEOF(conf, v, headers=None, define=None): execute=True, define_ret=True, quote=False, + lib=lib, headers=headers, local_include=False, msg="Checking value of %s" % v): diff --git a/python/samba/gp/vgp_openssh_ext.py b/python/samba/gp/vgp_openssh_ext.py index be9139d5be8..bf865e78375 100644 --- a/python/samba/gp/vgp_openssh_ext.py +++ b/python/samba/gp/vgp_openssh_ext.py @@ -31,6 +31,16 @@ intro = b''' ''' +# For each key value pair in sshd_config, the first obtained value will be +# used. We must insert config files in reverse, so that the last applied policy +# takes precedence. +def select_next_conf(directory): + configs = [re.match(r'(\d+)', f) for f in os.listdir(directory)] + conf_ids = [int(m.group(1)) for m in configs if m] + conf_ids.append(9000000000) # The starting node + conf_id = min(conf_ids)-1 + return os.path.join(directory, '%010d_gp.conf' % conf_id) + class vgp_openssh_ext(gp_xml_ext, gp_file_applier): def __str__(self): return 'VGP/Unix Settings/OpenSSH' @@ -72,13 +82,11 @@ class vgp_openssh_ext(gp_xml_ext, gp_file_applier): if not os.path.isdir(cfg_dir): os.mkdir(cfg_dir, 0o640) def applier_func(cfg_dir, raw): - f = NamedTemporaryFile(prefix='gp_', - delete=False, - dir=cfg_dir) + filename = select_next_conf(cfg_dir) + f = open(filename, 'wb') f.write(intro) f.write(raw.getvalue()) - os.chmod(f.name, 0o640) - filename = f.name + os.chmod(filename, 0o640) f.close() return [filename] self.apply(gpo.name, attribute, value_hash, applier_func, diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 4f0f29df5cf..29a612aab8b 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -127,6 +127,10 @@ sub setup_env($$$) warn("failed to start up environment '$envname'"); return undef; } + if ($env eq "UNKNOWN") { + warn("unknown environment '$envname'"); + return undef; + } $target->{vars}->{$envname} = $env; $target->{vars}->{$envname}->{target} = $target; diff --git a/source3/script/tests/test_rpcclient_pw_nt_hash.sh b/source3/script/tests/test_rpcclient_pw_nt_hash.sh index 24d81519c4c..c1e3660e578 100755 --- a/source3/script/tests/test_rpcclient_pw_nt_hash.sh +++ b/source3/script/tests/test_rpcclient_pw_nt_hash.sh @@ -15,7 +15,7 @@ PASSWORD="$2" SERVER="$3" RPCCLIENT="$4" -HASH=$(echo -n $PASSWORD | iconv -t utf16le | $PYTHON -c 'import sys, binascii, samba, samba.crypto; sys.stdout.buffer.write(binascii.hexlify(samba.crypto.md4_hash_blob(sys.stdin.buffer.read(1000))))') +HASH=$(echo -n $PASSWORD | $PYTHON -c 'import sys, binascii, samba, samba.crypto; sys.stdout.buffer.write(binascii.hexlify(samba.crypto.md4_hash_blob(sys.stdin.buffer.read(1000).decode().encode("UTF-16LE"))))') RPCCLIENTCMD="$RPCCLIENT $SERVER --pw-nt-hash -U$USERNAME%$HASH -c queryuser" diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls index 176585c4ce4..2461eb2ed78 100644 --- a/wscript_configure_system_gnutls +++ b/wscript_configure_system_gnutls @@ -76,12 +76,12 @@ conf.CHECK_CODE(fragment, msg='Checking for gnutls fips mode support') del os.environ['GNUTLS_FORCE_FIPS_MODE'] -if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): +if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h', lib='gnutls'): conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) else: Logs.warn('No gnutls support for AES CFB8') -if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'): +if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h', lib='gnutls'): conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1) else: Logs.warn('No gnutls support for AES CMAC') -- Samba Shared Repository