The branch, master has been updated via 8dd3013 s4-param Allow +foo syntax in smb.conf list parsing via 94f4929 s4-spnego use "not_defined_in_rfc4...@please_ignore" if no principal specified via a21cb5a libcli/auth bring ADS_IGNORE_PRINCIPAL in common from 53b49d4 build: tru64 needs -shared for building libs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 8dd3013208ae02ee4365cd36f0c4688bdc6b46a2 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Dec 8 16:27:38 2010 +1100 s4-param Allow +foo syntax in smb.conf list parsing The idea here is to allow an smb.conf file to work from the defaults, rather than override them. For example, 'server services = +openchange'. Pair-Programmed-With: Andrew Tridgell <tri...@samba.org> Autobuild-User: Andrew Bartlett <abart...@samba.org> Autobuild-Date: Wed Dec 8 09:39:06 CET 2010 on sn-devel-104 commit 94f4929e04ce4357e3c74b6a14a4b8fccde30fda Author: Andrew Bartlett <abart...@samba.org> Date: Wed Dec 8 18:52:33 2010 +1100 s4-spnego use "not_defined_in_rfc4...@please_ignore" if no principal specified We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett commit a21cb5a0a11c63f7746a483dca845c12dcfdf1b2 Author: Andrew Bartlett <abart...@samba.org> Date: Sat Dec 4 15:23:44 2010 +1100 libcli/auth bring ADS_IGNORE_PRINCIPAL in common ----------------------------------------------------------------------- Summary of changes: libcli/auth/spnego.h | 2 + source3/include/smb_krb5.h | 2 - source4/auth/gensec/spnego.c | 5 ++- source4/param/loadparm.c | 61 +++++++++++++++++++++++++++------ source4/param/loadparm.h | 2 +- source4/param/pyparam.c | 1 + source4/scripting/bin/samba_dnsupdate | 5 ++- 7 files changed, 61 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h index 6aed765..9a93f2e 100644 --- a/libcli/auth/spnego.h +++ b/libcli/auth/spnego.h @@ -25,6 +25,8 @@ #define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2" #define OID_KERBEROS5 "1.2.840.113554.1.2.2" +#define ADS_IGNORE_PRINCIPAL "not_defined_in_rfc4...@please_ignore" + #define SPNEGO_DELEG_FLAG 0x01 #define SPNEGO_MUTUAL_FLAG 0x02 #define SPNEGO_REPLAY_FLAG 0x04 diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 0a6ba79..64c5136 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -4,8 +4,6 @@ #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ /* this file uses DEPRECATED interfaces! */ -#define ADS_IGNORE_PRINCIPAL "not_defined_in_rfc4...@please_ignore" - #if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) #define KRB5_DEPRECATED 1 #else diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 813bf0a..b757e62 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -639,6 +639,8 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec struct cli_credentials *creds = gensec_get_credentials(gensec_security); if (creds) { principal = cli_credentials_get_principal(creds, out_mem_ctx); + } else { + principal = ADS_IGNORE_PRINCIPAL; } } if (principal) { @@ -827,7 +829,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } - if (spnego.negTokenInit.targetPrincipal) { + if (spnego.negTokenInit.targetPrincipal + && strcmp(spnego.negTokenInit.targetPrincipal, ADS_IGNORE_PRINCIPAL) != 0) { DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal)); if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 55cb45e..fa3b591 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -188,7 +188,7 @@ struct loadparm_global const char **szRNDCCommand; const char **szDNSUpdateCommand; const char **szSPNUpdateCommand; - char *szNSUpdateCommand; + const char **szNSUpdateCommand; struct parmlist_entry *param_opt; }; @@ -505,10 +505,10 @@ static struct parm_struct parm_table[] = { {"idmap trusted only", P_BOOL, P_GLOBAL, GLOBAL_VAR(bIdmapTrustedOnly), NULL, NULL}, {"ntp signd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szNTPSignDSocketDirectory), NULL, NULL }, - {"rndc command", P_LIST, P_GLOBAL, GLOBAL_VAR(szRNDCCommand), NULL, NULL }, - {"dns update command", P_LIST, P_GLOBAL, GLOBAL_VAR(szDNSUpdateCommand), NULL, NULL }, - {"spn update command", P_LIST, P_GLOBAL, GLOBAL_VAR(szSPNUpdateCommand), NULL, NULL }, - {"nsupdate command", P_STRING, P_GLOBAL, GLOBAL_VAR(szNSUpdateCommand), NULL, NULL }, + {"rndc command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szRNDCCommand), NULL, NULL }, + {"dns update command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szDNSUpdateCommand), NULL, NULL }, + {"spn update command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szSPNUpdateCommand), NULL, NULL }, + {"nsupdate command", P_CMDLIST, P_GLOBAL, GLOBAL_VAR(szNSUpdateCommand), NULL, NULL }, {NULL, P_BOOL, P_NONE, 0, NULL, NULL} }; @@ -678,7 +678,7 @@ FN_GLOBAL_STRING(piddir, szPidDir) FN_GLOBAL_LIST(rndc_command, szRNDCCommand) FN_GLOBAL_LIST(dns_update_command, szDNSUpdateCommand) FN_GLOBAL_LIST(spn_update_command, szSPNUpdateCommand) -FN_GLOBAL_STRING(nsupdate_command, szNSUpdateCommand) +FN_GLOBAL_LIST(nsupdate_command, szNSUpdateCommand) FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers) FN_GLOBAL_LIST(server_services, server_services) FN_GLOBAL_STRING(ntptr_providor, ntptr_providor) @@ -1682,11 +1682,40 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr, return false; } - case P_LIST: + case P_CMDLIST: *(const char ***)parm_ptr = (const char **)str_list_make(mem_ctx, pszParmValue, NULL); break; + case P_LIST: + { + char **new_list = str_list_make(mem_ctx, + pszParmValue, NULL); + for (i=0; new_list[i]; i++) { + if (new_list[i][0] == '+' && new_list[i][1]) { + *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr, + &new_list[i][1]); + } else if (new_list[i][0] == '-' && new_list[i][1]) { + if (!str_list_check(*(const char ***)parm_ptr, + &new_list[i][1])) { + DEBUG(0, ("Unsupported value for: %s = %s, %s is not in the original list\n", + pszParmName, pszParmValue, new_list[i])); + return false; + } + str_list_remove(*(const char ***)parm_ptr, + &new_list[i][1]); + } else { + if (i != 0) { + DEBUG(0, ("Unsupported list syntax for: %s = %s\n", + pszParmName, pszParmValue)); + return false; + } + *(const char ***)parm_ptr = new_list; + break; + } + } + break; + } case P_STRING: string_set(mem_ctx, (char **)parm_ptr, pszParmValue); break; @@ -1918,6 +1947,7 @@ bool lpcfg_set_option(struct loadparm_context *lp_ctx, const char *option) static void print_parameter(struct parm_struct *p, void *ptr, FILE * f) { int i; + const char *list_sep = ", "; /* For the seperation of lists values that we print below */ switch (p->type) { case P_ENUM: @@ -1943,13 +1973,20 @@ static void print_parameter(struct parm_struct *p, void *ptr, FILE * f) fprintf(f, "0%o", *(int *)ptr); break; + case P_CMDLIST: + list_sep = " "; + /* fall through */ case P_LIST: if ((char ***)ptr && *(char ***)ptr) { char **list = *(char ***)ptr; - for (; *list; list++) - fprintf(f, "%s%s", *list, - ((*(list+1))?", ":"")); + for (; *list; list++) { + if (*(list+1) == NULL) { + /* last item, print no extra seperator after */ + list_sep = ""; + } + fprintf(f, "%s%s", *list, list_sep); + } } break; @@ -1978,6 +2015,7 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2) case P_ENUM: return (*((int *)ptr1) == *((int *)ptr2)); + case P_CMDLIST: case P_LIST: return str_list_equal((const char **)(*(char ***)ptr1), (const char **)(*(char ***)ptr2)); @@ -2055,6 +2093,7 @@ static bool is_default(struct loadparm_service *sDefault, int i) if (!defaults_saved) return false; switch (parm_table[i].type) { + case P_CMDLIST: case P_LIST: return str_list_equal((const char **)parm_table[i].def.lvalue, (const char **)def_ptr); diff --git a/source4/param/loadparm.h b/source4/param/loadparm.h index 454d3f8..7a76321 100644 --- a/source4/param/loadparm.h +++ b/source4/param/loadparm.h @@ -29,7 +29,7 @@ /* the following are used by loadparm for option lists */ typedef enum { - P_BOOL,P_INTEGER,P_OCTAL,P_BYTES,P_LIST,P_STRING,P_USTRING,P_ENUM + P_BOOL,P_INTEGER,P_OCTAL,P_BYTES,P_LIST,P_CMDLIST,P_STRING,P_USTRING,P_ENUM } parm_type; typedef enum { diff --git a/source4/param/pyparam.c b/source4/param/pyparam.c index 4e4d041..fb7ff88 100644 --- a/source4/param/pyparam.c +++ b/source4/param/pyparam.c @@ -119,6 +119,7 @@ static PyObject *py_lp_ctx_get_helper(struct loadparm_context *lp_ctx, const cha } } return NULL; + case P_CMDLIST: case P_LIST: { int j; diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index faba124..cacdc36 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -261,8 +261,9 @@ def call_nsupdate(d): os.putenv("KRB5CCNAME", ccachename) try: - cmd = "%s %s" % (nsupdate_cmd, tmpfile) - subprocess.check_call(cmd, shell=True) + cmd = nsupdate_cmd[:] + cmd.append(tmpfile) + subprocess.check_call(cmd, shell=False) except Exception, estr: global error_count if opts.fail_immediately: -- Samba Shared Repository