[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7a5e7b82125 python: Fix NtVer check for site_dn_for_machine()
from cc7c12e5d5c lib: Remove an obsolete comment
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7a5e7b821259890dd2978e6f113f4a3dad110ea4
Author: Andreas Schneider
Date: Mon Apr 15 07:32:02 2024 +0200
python: Fix NtVer check for site_dn_for_machine()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633
Signed-off-by: Andreas Schneider
Reviewed-by: David Mulder
Autobuild-User(master): Andreas Schneider
Autobuild-Date(master): Wed Apr 17 19:32:11 UTC 2024 on atb-devel-224
---
Summary of changes:
python/samba/gp/gpclass.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 08be472e707..d86aacec138 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -805,9 +805,7 @@ def site_dn_for_machine(samdb, dc_hostname, lp, creds,
hostname):
samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response,
bytes(res.msgs[0]['Netlogon'][0]))
-if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX,
- (nbt.NETLOGON_NT_VERSION_1
-| nbt.NETLOGON_NT_VERSION_5EX)]:
+if not (samlogon_response.ntver & nbt.NETLOGON_NT_VERSION_5EX):
raise RuntimeError('site_dn_for_machine: Invalid NtVer in '
+ 'netlogon_samlogon_response')
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh via 84f82a09ffd selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad via 83701298384 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad from 215bb9bd48e Do not fail checksums for RFC8009 types https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 83da49f348921a21a22ff93ffecbd638ff004541 Author: Pavel Filipenský Date: Thu Mar 14 15:24:21 2024 +0100 tests: Add a test for "all_groups=no" to test_idmap_ad.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224 (cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Apr 17 14:38:42 UTC 2024 on atb-devel-224 commit 84f82a09ffd1336bf79cffbe4caa3045aedbd16e Author: Pavel Filipenský Date: Mon Mar 25 22:38:18 2024 +0100 selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a) commit 837012983840d10488404fac2ebad07dd75a6f1c Author: Pavel Filipenský Date: Tue Mar 12 13:20:24 2024 +0100 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad The LDAP query of lookup_groupmem() returns all group members from AD even those with missing uidNumber. Such group members are useless in UNIX environment for idmap_ad backend since there is no uid mapping. 'test_user' is member of group "Domanin Users" with 200K members, only 20K members have set uidNumber. Without this fix: $ time id test_user real1m5.946s user0m0.019s sys 0m0.012s With this fix: $ time id test_user real0m3.544s user0m0.004s sys 0m0.007s BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf) commit 8857cf299792f50e5917319a38d450c068fa07f4 Author: Pavel Filipenský Date: Wed Mar 13 13:55:41 2024 +0100 docs-xml: Add parameter all_groupmem to idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c) --- Summary of changes: docs-xml/manpages/idmap_ad.8.xml | 10 ++ nsswitch/tests/test_idmap_ad.sh | 22 ++ selftest/target/Samba3.pm| 1 + source3/winbindd/winbindd_ads.c | 11 +++ 4 files changed, 40 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 32df8d066c2..c7fcc65d763 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -105,6 +105,16 @@ + all_groupmem = yes/no + + If set to yes winbind will retrieve all + group members for getgrnam(3), getgrgid(3) and getgrent(3) calls, + including those with missing uidNumber. + + Default: no + + + deny ous This parameter is a list of OUs from which objects will not be mapped via the ad idmap diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 7ae112ada71..1d4bd395ba9 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -94,6 +94,14 @@ gidNumber: 201 unixHomeDirectory: /home/forbidden loginShell: /bin/tcsh gecos: User in forbidden OU + +dn: CN=no_posix_id,CN=Users,$BASE_DN +changetype: add +objectClass: user +samaccountName: no_posix_id +unixHomeDirectory: /home/no_posix_id +loginShell: /bin/sh +gecos: User without uidNumber and gidNumber EOF # @@ -171,6 +179,17 @@ then failed=$(($failed + 1)) fi +# +# Test 6: Make sure that with the default "all_groups=no" +# the group "domain users" will not show user "no_posix_id" +# but will show "SAMBA2008R2/administrator" +# + +dom_users="$DOMAIN/domain users" # Extra step to make sure that all is
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cc7c12e5d5c lib: Remove an obsolete comment
via 80cd127b20f smbd: Remove sconn->using_smb2
via 59d7850ffaf smbd: Add conn_using_smb2()
via f1bb46ad4e8 smbd: Change protocol selection to not use
"sconn->using_smb2"
from 7e621b1b530 ctdb: Modernize a few DEBUGs
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cc7c12e5d5c74812e089b7f4bc5b0c78553ccf24
Author: Volker Lendecke
Date: Tue Mar 12 15:06:33 2024 +0100
lib: Remove an obsolete comment
Signed-off-by: Volker Lendecke
Reviewed-by: Martin Schwenke
Autobuild-User(master): Martin Schwenke
Autobuild-Date(master): Wed Apr 17 09:01:34 UTC 2024 on atb-devel-224
commit 80cd127b20f46bfece91316171958a054a78cb00
Author: Volker Lendecke
Date: Tue Feb 13 13:05:42 2024 +0100
smbd: Remove sconn->using_smb2
We have the same information available via conn_using_smb2()
Signed-off-by: Volker Lendecke
Reviewed-by: Martin Schwenke
commit 59d7850ffaf03ad00a9850683fab1b6e64be3e39
Author: Volker Lendecke
Date: Tue Feb 13 12:28:06 2024 +0100
smbd: Add conn_using_smb2()
Signed-off-by: Volker Lendecke
Reviewed-by: Martin Schwenke
commit f1bb46ad4e8b0b43ead60c70a463709892fd1779
Author: Volker Lendecke
Date: Tue Feb 13 12:56:17 2024 +0100
smbd: Change protocol selection to not use "sconn->using_smb2"
To me this is pretty confusing, it seems to overload this struct
element.
Signed-off-by: Volker Lendecke
Reviewed-by: Martin Schwenke
---
Summary of changes:
lib/async_req/async_sock.c | 7 ---
source3/smbd/close.c| 2 +-
source3/smbd/conn.c | 6 ++
source3/smbd/conn_idle.c| 2 +-
source3/smbd/dir.c | 4 ++--
source3/smbd/filename.c | 2 +-
source3/smbd/globals.h | 1 -
source3/smbd/open.c | 4 ++--
source3/smbd/proto.h| 1 +
source3/smbd/smb1_process.c | 4 ++--
source3/smbd/smb2_negprot.c | 2 --
source3/smbd/smb2_nttrans.c | 2 +-
source3/smbd/smb2_oplock.c | 4 ++--
source3/smbd/smb2_process.c | 27 ++-
source3/smbd/smb2_service.c | 2 +-
source3/smbd/smb2_trans2.c | 15 ---
16 files changed, 34 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index bdbefd162ac..795a2c63dba 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -144,13 +144,6 @@ struct tevent_req *async_connect_send(
return tevent_req_post(req, ev);
}
- /*
-* Note for historic reasons TEVENT_FD_WRITE is not enough
-* to get notified for POLLERR or EPOLLHUP even if they
-* come together with POLLOUT. That means we need to
-* use TEVENT_FD_READ in addition until we have
-* TEVENT_FD_ERROR.
-*/
state->fde = tevent_add_fd(ev, state, fd,
TEVENT_FD_ERROR|TEVENT_FD_WRITE,
async_connect_connected, req);
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index bbca474a28a..987a0ed5183 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1480,7 +1480,7 @@ static NTSTATUS close_directory(struct smb_request *req,
files_struct *fsp,
SMB_ASSERT(fsp->fsp_flags.is_fsa);
- if (fsp->conn->sconn->using_smb2) {
+ if (conn_using_smb2(fsp->conn->sconn)) {
notify_status = NT_STATUS_NOTIFY_CLEANUP;
} else {
notify_status = NT_STATUS_OK;
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index e6c1fa72dcb..b7a745a951e 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -84,6 +84,12 @@ enum protocol_types conn_protocol(struct
smbd_server_connection *sconn)
return PROTOCOL_COREPLUS;
}
+bool conn_using_smb2(struct smbd_server_connection *sconn)
+{
+ enum protocol_types proto = conn_protocol(sconn);
+ return (proto >= PROTOCOL_SMB2_02);
+}
+
/
Find first available connection slot, starting from a random position.
The randomisation stops problems with the server dying and clients
diff --git a/source3/smbd/conn_idle.c b/source3/smbd/conn_idle.c
index 870b2b717df..6eebdd363b1 100644
--- a/source3/smbd/conn_idle.c
+++ b/source3/smbd/conn_idle.c
@@ -238,7 +238,7 @@ static void conn_force_tdis_done(struct tevent_req *req)
return;
}
- if (conn->sconn->using_smb2) {
+ if (conn_using_smb2(conn->sconn)) {
vuid = conn->vuid;
}
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 49c37cbb4d9..76eb5756dc8 100644
--- a/source3/smbd/dir.c
+++
