The branch, v4-0-test has been updated via 07073fb dns: Add support for MX queries via 46e82a2 More generic check for OpenBSD platform via 9b1fac4 docs: mention AD prerequirements for using idmap_ad via f6f3849 winbind/idmap_ad: be verbose about the user that we fail to map via 27a3cab s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST via 671943a s3-rpc_server: Ensure we are root when starting and usiing gensec from c497442 VERSION: Bump version number up to 4.0.7...
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 07073fb8b4efdf14629ada83ad97adecba4de29a Author: Kai Blin <k...@samba.org> Date: Mon Dec 10 05:50:05 2012 +1000 dns: Add support for MX queries Due to an oversight, the internal DNS server supports MX record updates, but not MX record queries. Add support for MX queries and tests. This should fix bug #9485 Signed-off-by: Kai Blin <k...@samba.org> Reviewed-By: Amitay Isaacs <ami...@gmail.com> Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Mon May 27 15:46:22 CEST 2013 on sn-devel-104 commit 46e82a275cf3216d229912485b8939705e1a920c Author: Vadim Zhukov <persg...@gmail.com> Date: Fri May 17 12:43:08 2013 +0400 More generic check for OpenBSD platform OpenBSD versioning is different from many other projects, and, say, 5.0 does not differ from 4.9 more than from 5.1. So the right approach will be to check that platform name starts with "openbsd" instead. This is also the thing OpenBSD developers do when patching other software, so this patch is consistent with already existing practicies. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9888 Reviewed-by: Lars Müller <l...@samba.org> Reviewed-by: Björn Jacke <b...@sernet.de> Autobuild-User(master): Björn Jacke <b...@sernet.de> Autobuild-Date(master): Fri May 17 17:58:16 CEST 2013 on sn-devel-104 (cherry picked from commit 2fda6c47f4aa46dbb42028732207a94821881c67) commit 9b1fac4bcb3af0688af5e26b931144c0c3e97735 Author: Björn Jacke <b...@sernet.de> Date: Wed May 15 15:52:25 2013 +0200 docs: mention AD prerequirements for using idmap_ad Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit c3057f69a274f0d8e0e66183bd5e8be7703b6750) The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group field. commit f6f3849d46ae9a293e8524f14356a65246f4e3de Author: Björn Jacke <b...@sernet.de> Date: Tue May 14 16:51:28 2013 +0200 winbind/idmap_ad: be verbose about the user that we fail to map Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit f08205be7003f6c0a15fd5fd99d01951164ad15c) commit 27a3caba2916dc13c006d418e0d4b7f771dd687e Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 28 11:04:31 2013 +0100 s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST /var/lock/samba is typically on tpmfs. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 821171e422133d64e7c07b4d610984c33cd23244) Fix bug #9805 - s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST. commit 671943a7e19c91a207909c44655f28dc319b5efa Author: Andrew Bartlett <abart...@samba.org> Date: Thu May 2 16:29:21 2013 +1200 s3-rpc_server: Ensure we are root when starting and usiing gensec This fixes bug 9465. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 10f6926aaa6a8c49b29e183d12f6f767072ecff7) ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_autoconf.py | 4 +- docs-xml/manpages/idmap_ad.8.xml | 9 ++++-- lib/ldb/wscript | 2 +- python/samba/tests/dns.py | 43 ++++++++++++++++++++++++++++++ source3/lib/server_mutex.c | 5 +++- source3/rpc_server/dcesrv_auth_generic.c | 38 ++++++++++++++++++++++---- source3/winbindd/idmap_ad.c | 5 ++- source4/dns_server/dns_query.c | 8 +++++ wscript | 2 +- 9 files changed, 100 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 65c66f3..fe110bd 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -776,9 +776,9 @@ def SETUP_CONFIGURE_CACHE(conf, enable): def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf): # we don't want any libraries or modules to rely on runtime # resolution of symbols - if sys.platform != "openbsd4" and sys.platform != "openbsd5": + if not sys.platform.startswith("openbsd"): conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True) - if sys.platform != "openbsd4" and sys.platform != "openbsd5" and conf.env.undefined_ignore_ldflags == []: + if not sys.platform.startswith("openbsd") and conf.env.undefined_ignore_ldflags == []: if conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup']): conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup'] diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 2ae7fc8..0e33b77 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -22,9 +22,12 @@ id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance - by the administrator by adding the posixAccount/posixGroup - classes and relative attribute/value pairs to the user and - group objects in the AD.</para> + by the administrator by adding the uidNumber attributes for + users and gidNumber attributes for groups in the AD. Winbind + will only map users that have a uidNumber and whose primary + group have a gidNumber attribute set. It is however + recommended that all groups in use have gidNumber attributes + assigned, otherwise they are not working.</para> <para> Currently, the <parameter>ad</parameter> backend diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 1ae5438..983d5a2 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -64,7 +64,7 @@ def configure(conf): # we don't want any libraries or modules to rely on runtime # resolution of symbols - if sys.platform != "openbsd4" and sys.platform != "openbsd5": + if not sys.platform.startswith("openbsd"): conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True) conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True) diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 49d699e..a29025d 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -510,6 +510,49 @@ class TestDNSUpdates(DNSTest): response = self.dns_transaction_udp(p) self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN) + def test_update_add_mx_record(self): + "test adding MX records works" + p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) + updates = [] + + name = self.get_dns_domain() + + u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) + updates.append(u) + self.finish_name_packet(p, updates) + + updates = [] + r = dns.res_rec() + r.name = "%s" % self.get_dns_domain() + r.rr_type = dns.DNS_QTYPE_MX + r.rr_class = dns.DNS_QCLASS_IN + r.ttl = 900 + r.length = 0xffff + rdata = dns.mx_record() + rdata.preference = 10 + rdata.exchange = 'mail.%s' % self.get_dns_domain() + r.rdata = rdata + updates.append(r) + p.nscount = len(updates) + p.nsrecs = updates + + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + name = "%s" % self.get_dns_domain() + q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN) + questions.append(q) + + self.finish_name_packet(p, questions) + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + self.assertEqual(response.ancount, 1) + self.assertEqual(response.answers[0].rdata.preference, 10) + self.assertEqual(response.answers[0].rdata.exchange, 'mail.%s' % self.get_dns_domain()) + class TestComplexQueries(DNSTest): diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c index 619fbd0..38bf2ca 100644 --- a/source3/lib/server_mutex.c +++ b/source3/lib/server_mutex.c @@ -69,7 +69,10 @@ struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx, const char *name, } result->tdb = tdb_wrap_open(result, lock_path("mutex.tdb"), 0, - TDB_DEFAULT, O_RDWR|O_CREAT, 0600, lp_ctx); + TDB_DEFAULT | + TDB_CLEAR_IF_FIRST | + TDB_INCOMPATIBLE_HASH, + O_RDWR|O_CREAT, 0600, lp_ctx); talloc_unlink(result, lp_ctx); if (result->tdb == NULL) { DEBUG(1, ("Could not open mutex.tdb: %s\n", diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c index c4c08b2..77d76fc 100644 --- a/source3/rpc_server/dcesrv_auth_generic.c +++ b/source3/rpc_server/dcesrv_auth_generic.c @@ -24,12 +24,12 @@ #include "auth.h" #include "auth/gensec/gensec.h" -NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, - uint8_t auth_type, uint8_t auth_level, - DATA_BLOB *token_in, - DATA_BLOB *token_out, - const struct tsocket_address *remote_address, - struct gensec_security **ctx) +static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx, + uint8_t auth_type, uint8_t auth_level, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx) { struct gensec_security *gensec_security = NULL; NTSTATUS status; @@ -62,6 +62,27 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, + uint8_t auth_type, uint8_t auth_level, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx) +{ + NTSTATUS status; + become_root(); + + /* this has to be done as root in order to create the messaging socket */ + status = auth_generic_server_authtype_start_as_root(mem_ctx, + auth_type, auth_level, + token_in, + token_out, + remote_address, + ctx); + unbecome_root(); + return status; +} + NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, @@ -101,7 +122,12 @@ NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_securi { NTSTATUS status; + /* this has to be done as root in order to get to the + * messaging sockets for IDMAP and privilege.ldb in the AD + * DC */ + become_root(); status = gensec_session_info(gensec_security, mem_ctx, session_info); + unbecome_root(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (__location__ ": Failed to get authenticated user " "info: %s\n", nt_errstr(status))); diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index bfe7d4b..b92e3a9 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -452,7 +452,7 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id)); continue; } @@ -649,7 +649,8 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get unix ID for SID %s\n", + sid_string_dbg(map->sid))); continue; } if (!idmap_unix_id_is_in_range(id, dom)) { diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 54e0c7f..75f0e9f 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -89,6 +89,14 @@ static WERROR create_response_rr(const struct dns_name_question *question, case DNS_QTYPE_PTR: ans[ai].rdata.ptr_record = talloc_strdup(ans, rec->data.ptr); break; + case DNS_QTYPE_MX: + ans[ai].rdata.mx_record.preference = rec->data.mx.wPriority; + ans[ai].rdata.mx_record.exchange = talloc_strdup( + ans, rec->data.mx.nameTarget); + if (ans[ai].rdata.mx_record.exchange == NULL) { + return WERR_NOMEM; + } + break; case DNS_QTYPE_TXT: tmp = talloc_asprintf(ans, "\"%s\"", rec->data.txt.str[0]); W_ERROR_HAVE_NO_MEMORY(tmp); diff --git a/wscript b/wscript index de518ac..645deb2 100644 --- a/wscript +++ b/wscript @@ -148,7 +148,7 @@ def configure(conf): # allows us to find problems on our development hosts faster. # It also results in faster load time. - if sys.platform != "openbsd4": + if not sys.platform.startswith("openbsd"): conf.env.asneeded_ldflags = conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True) if not conf.CHECK_NEED_LC("-lc not needed"): -- Samba Shared Repository