[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a5e7b82125 python: Fix NtVer check for site_dn_for_machine() from cc7c12e5d5c lib: Remove an obsolete comment https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7a5e7b821259890dd2978e6f113f4a3dad110ea4 Author: Andreas Schneider Date: Mon Apr 15 07:32:02 2024 +0200 python: Fix NtVer check for site_dn_for_machine() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633 Signed-off-by: Andreas Schneider Reviewed-by: David Mulder Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Apr 17 19:32:11 UTC 2024 on atb-devel-224 --- Summary of changes: python/samba/gp/gpclass.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 08be472e707..d86aacec138 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -805,9 +805,7 @@ def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname): samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response, bytes(res.msgs[0]['Netlogon'][0])) -if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX, - (nbt.NETLOGON_NT_VERSION_1 -| nbt.NETLOGON_NT_VERSION_5EX)]: +if not (samlogon_response.ntver & nbt.NETLOGON_NT_VERSION_5EX): raise RuntimeError('site_dn_for_machine: Invalid NtVer in ' + 'netlogon_samlogon_response') -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh via 84f82a09ffd selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad via 83701298384 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad from 215bb9bd48e Do not fail checksums for RFC8009 types https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 83da49f348921a21a22ff93ffecbd638ff004541 Author: Pavel Filipenský Date: Thu Mar 14 15:24:21 2024 +0100 tests: Add a test for "all_groups=no" to test_idmap_ad.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224 (cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Apr 17 14:38:42 UTC 2024 on atb-devel-224 commit 84f82a09ffd1336bf79cffbe4caa3045aedbd16e Author: Pavel Filipenský Date: Mon Mar 25 22:38:18 2024 +0100 selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a) commit 837012983840d10488404fac2ebad07dd75a6f1c Author: Pavel Filipenský Date: Tue Mar 12 13:20:24 2024 +0100 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad The LDAP query of lookup_groupmem() returns all group members from AD even those with missing uidNumber. Such group members are useless in UNIX environment for idmap_ad backend since there is no uid mapping. 'test_user' is member of group "Domanin Users" with 200K members, only 20K members have set uidNumber. Without this fix: $ time id test_user real1m5.946s user0m0.019s sys 0m0.012s With this fix: $ time id test_user real0m3.544s user0m0.004s sys 0m0.007s BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf) commit 8857cf299792f50e5917319a38d450c068fa07f4 Author: Pavel Filipenský Date: Wed Mar 13 13:55:41 2024 +0100 docs-xml: Add parameter all_groupmem to idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c) --- Summary of changes: docs-xml/manpages/idmap_ad.8.xml | 10 ++ nsswitch/tests/test_idmap_ad.sh | 22 ++ selftest/target/Samba3.pm| 1 + source3/winbindd/winbindd_ads.c | 11 +++ 4 files changed, 40 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 32df8d066c2..c7fcc65d763 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -105,6 +105,16 @@ + all_groupmem = yes/no + + If set to yes winbind will retrieve all + group members for getgrnam(3), getgrgid(3) and getgrent(3) calls, + including those with missing uidNumber. + + Default: no + + + deny ous This parameter is a list of OUs from which objects will not be mapped via the ad idmap diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 7ae112ada71..1d4bd395ba9 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -94,6 +94,14 @@ gidNumber: 201 unixHomeDirectory: /home/forbidden loginShell: /bin/tcsh gecos: User in forbidden OU + +dn: CN=no_posix_id,CN=Users,$BASE_DN +changetype: add +objectClass: user +samaccountName: no_posix_id +unixHomeDirectory: /home/no_posix_id +loginShell: /bin/sh +gecos: User without uidNumber and gidNumber EOF # @@ -171,6 +179,17 @@ then failed=$(($failed + 1)) fi +# +# Test 6: Make sure that with the default "all_groups=no" +# the group "domain users" will not show user "no_posix_id" +# but will show "SAMBA2008R2/administrator" +# + +dom_users="$DOMAIN/domain users" # Extra step to make sure that all is
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cc7c12e5d5c lib: Remove an obsolete comment via 80cd127b20f smbd: Remove sconn->using_smb2 via 59d7850ffaf smbd: Add conn_using_smb2() via f1bb46ad4e8 smbd: Change protocol selection to not use "sconn->using_smb2" from 7e621b1b530 ctdb: Modernize a few DEBUGs https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc7c12e5d5c74812e089b7f4bc5b0c78553ccf24 Author: Volker Lendecke Date: Tue Mar 12 15:06:33 2024 +0100 lib: Remove an obsolete comment Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Martin Schwenke Autobuild-Date(master): Wed Apr 17 09:01:34 UTC 2024 on atb-devel-224 commit 80cd127b20f46bfece91316171958a054a78cb00 Author: Volker Lendecke Date: Tue Feb 13 13:05:42 2024 +0100 smbd: Remove sconn->using_smb2 We have the same information available via conn_using_smb2() Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke commit 59d7850ffaf03ad00a9850683fab1b6e64be3e39 Author: Volker Lendecke Date: Tue Feb 13 12:28:06 2024 +0100 smbd: Add conn_using_smb2() Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke commit f1bb46ad4e8b0b43ead60c70a463709892fd1779 Author: Volker Lendecke Date: Tue Feb 13 12:56:17 2024 +0100 smbd: Change protocol selection to not use "sconn->using_smb2" To me this is pretty confusing, it seems to overload this struct element. Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke --- Summary of changes: lib/async_req/async_sock.c | 7 --- source3/smbd/close.c| 2 +- source3/smbd/conn.c | 6 ++ source3/smbd/conn_idle.c| 2 +- source3/smbd/dir.c | 4 ++-- source3/smbd/filename.c | 2 +- source3/smbd/globals.h | 1 - source3/smbd/open.c | 4 ++-- source3/smbd/proto.h| 1 + source3/smbd/smb1_process.c | 4 ++-- source3/smbd/smb2_negprot.c | 2 -- source3/smbd/smb2_nttrans.c | 2 +- source3/smbd/smb2_oplock.c | 4 ++-- source3/smbd/smb2_process.c | 27 ++- source3/smbd/smb2_service.c | 2 +- source3/smbd/smb2_trans2.c | 15 --- 16 files changed, 34 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index bdbefd162ac..795a2c63dba 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -144,13 +144,6 @@ struct tevent_req *async_connect_send( return tevent_req_post(req, ev); } - /* -* Note for historic reasons TEVENT_FD_WRITE is not enough -* to get notified for POLLERR or EPOLLHUP even if they -* come together with POLLOUT. That means we need to -* use TEVENT_FD_READ in addition until we have -* TEVENT_FD_ERROR. -*/ state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_ERROR|TEVENT_FD_WRITE, async_connect_connected, req); diff --git a/source3/smbd/close.c b/source3/smbd/close.c index bbca474a28a..987a0ed5183 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -1480,7 +1480,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, SMB_ASSERT(fsp->fsp_flags.is_fsa); - if (fsp->conn->sconn->using_smb2) { + if (conn_using_smb2(fsp->conn->sconn)) { notify_status = NT_STATUS_NOTIFY_CLEANUP; } else { notify_status = NT_STATUS_OK; diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index e6c1fa72dcb..b7a745a951e 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -84,6 +84,12 @@ enum protocol_types conn_protocol(struct smbd_server_connection *sconn) return PROTOCOL_COREPLUS; } +bool conn_using_smb2(struct smbd_server_connection *sconn) +{ + enum protocol_types proto = conn_protocol(sconn); + return (proto >= PROTOCOL_SMB2_02); +} + / Find first available connection slot, starting from a random position. The randomisation stops problems with the server dying and clients diff --git a/source3/smbd/conn_idle.c b/source3/smbd/conn_idle.c index 870b2b717df..6eebdd363b1 100644 --- a/source3/smbd/conn_idle.c +++ b/source3/smbd/conn_idle.c @@ -238,7 +238,7 @@ static void conn_force_tdis_done(struct tevent_req *req) return; } - if (conn->sconn->using_smb2) { + if (conn_using_smb2(conn->sconn)) { vuid = conn->vuid; } diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 49c37cbb4d9..76eb5756dc8 100644 --- a/source3/smbd/dir.c +++