The branch, v4-13-test has been updated via a0c9e2e4907 s3:libads: Also add a realm entry for the domain name via 41f9aef217f s3:libads: Only add RC4 if weak crypto is allowed via 3e145fef4f9 s3:libads: Remove DES legacy types for Kerberos via 88a31703a2d lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE via 191c2cd7b93 vfs_ring: Adapt to 4.13 VFS via b29103ef46a Add vfs_ring. from 99d555f772a VERSION: Bump version up to 4.13.0rc5...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log ----------------------------------------------------------------- commit a0c9e2e49079f093baa26621a593d45d10ba69ed Author: Andreas Schneider <a...@samba.org> Date: Thu Sep 3 13:49:33 2020 +0200 s3:libads: Also add a realm entry for the domain name This is required if we try to authenticate as Administrator@DOMAIN so it can find the KDC. This fixes 'net ads join' for ad_member_fips if we require Kerberos auth. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Isaac Boukris <ibouk...@samba.org> (cherry picked from commit 6444a743525532c70634e2dd4cacadce54ba2eab) Autobuild-User(v4-13-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-13-test): Thu Sep 10 09:42:31 UTC 2020 on sn-devel-184 commit 41f9aef217fd67c2809b4a660a2bf8d479e55371 Author: Andreas Schneider <a...@samba.org> Date: Thu Sep 3 11:45:33 2020 +0200 s3:libads: Only add RC4 if weak crypto is allowed Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Isaac Boukris <ibouk...@samba.org> (cherry picked from commit a5303967287cef0c3d0b653e2aca73d25d438cf7) commit 3e145fef4f9a139e7517d101cfba011862ef2f4a Author: Andreas Schneider <a...@samba.org> Date: Thu Sep 3 11:11:14 2020 +0200 s3:libads: Remove DES legacy types for Kerberos We already removed DES support for Kerberos in Samba 4.12. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Isaac Boukris <ibouk...@samba.org> (cherry picked from commit 9cf1aecd73e011ad03ddb072760454379b3f0a32) commit 88a31703a2d28d5f61e334153ef10920fac63e96 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Sep 8 10:13:20 2020 +0000 lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE This is where it really belongs and we avoid the strange interaction with source4/heimdal_build/config.h. This a follow up for commit f31333d40e6fa38daa32a3ebb32d5a317c06fc62. This fixes a build problem if libbsd-dev is not installed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184 (cherry picked from commit 0022cd94587b805a525b0b9ef71ff0f15780424a) commit 191c2cd7b93524fc1ee119c0f995171fb38dc210 Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 10 12:12:30 2020 +0200 vfs_ring: Adapt to 4.13 VFS commit b29103ef46a9f80a0184d4d999f22512b7fdcd89 Author: Jean-Marc Saffroy <j...@scality.com> Date: Wed Sep 11 12:44:59 2019 +0200 Add vfs_ring. ----------------------------------------------------------------------- Summary of changes: lib/replace/wscript | 3 + source3/libads/kerberos.c | 11 +++- source3/modules/vfs_ring.c | 115 ++++++++++++++++++++++++++++++++++++ source3/modules/wscript_build | 8 +++ source3/wscript | 1 + source4/heimdal_build/wscript_build | 7 +-- 6 files changed, 136 insertions(+), 9 deletions(-) create mode 100644 source3/modules/vfs_ring.c Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index 55c8903f1c8..64f305d6df0 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -876,6 +876,9 @@ def build(bld): if bld.CONFIG_SET('HAVE_LIBRT'): extra_libs += ' rt' if bld.CONFIG_SET('REPLACE_REQUIRES_LIBSOCKET_LIBNSL'): extra_libs += ' socket nsl' + if not bld.CONFIG_SET('HAVE_CLOSEFROM'): + REPLACE_HOSTCC_SOURCE += ' closefrom.c' + bld.SAMBA_SUBSYSTEM('LIBREPLACE_HOSTCC', REPLACE_HOSTCC_SOURCE, use_hostcc=True, diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 5959da919b0..03c7f35a44d 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -592,9 +592,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx) #endif } - if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL || - lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) { - legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5"; + if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED && + (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL || + lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) { + legacy_enctypes = "RC4-HMAC"; } enctypes = @@ -725,11 +726,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, "\tdns_lookup_kdc = true\n\n" "[realms]\n\t%s = {\n" "%s\t}\n" + "\t%s = {\n" + "%s\t}\n" "%s\n", realm_upper, enctypes, realm_upper, kdc_ip_string, + domain, + kdc_ip_string, include_system_krb5); if (!file_contents) { diff --git a/source3/modules/vfs_ring.c b/source3/modules/vfs_ring.c new file mode 100644 index 00000000000..eedcb25c3d8 --- /dev/null +++ b/source3/modules/vfs_ring.c @@ -0,0 +1,115 @@ +/* + * VFS module implementing get_real_filename for Scality SOFS + * + * Copyright (C) 2016, Jean-Marc Saffroy <j...@scality.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "smbd/smbd.h" + +#define DBG 10 + +#define GRFN_PREFIX "scal.grfn." +#define GRFN_PREFIX_LEN (sizeof(GRFN_PREFIX)-1) + +static int vfs_ring_get_real_filename(struct vfs_handle_struct *handle, + const struct smb_filename *dirpath, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + const char *path = dirpath->base_name; + bool mangled; + char attr_name [NAME_MAX+1]; + char attr_value[NAME_MAX+1]; + int rc; + const struct smb_filename *smb_fname = NULL; + + if (!strcmp(path, "")) + path = "."; + + smb_fname = synthetic_smb_fname(talloc_tos(), + path, + NULL, + NULL, + dirpath->twrp, + 0); + if (smb_fname == NULL) { + errno = ENOMEM; + return -1; + } + + DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" lookup \"%s\"\n", + path, name)); + + mangled = mangle_is_mangled(name, handle->conn->params); + if (mangled) { + return SMB_VFS_NEXT_GET_REAL_FILENAME( + handle, dirpath, name, mem_ctx, found_name); + } + + if (strlen(name) > NAME_MAX - GRFN_PREFIX_LEN) { + errno = ENAMETOOLONG; + return -1; + } + + strncpy(attr_name, GRFN_PREFIX, sizeof(attr_name)); + strncpy(attr_name + GRFN_PREFIX_LEN, name, + sizeof(attr_name) - GRFN_PREFIX_LEN); + + rc = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, attr_name, + attr_value, sizeof(attr_value)); + if (rc < 0) { + DEBUG(DBG, ("vfs_ring_get_real_filename: getxattr(\"%s\",\"%s\") -> %s\n", + path, name, strerror(errno))); + if (errno == EOPNOTSUPP) + return SMB_VFS_NEXT_GET_REAL_FILENAME( + handle, dirpath, name, mem_ctx, found_name); + if (errno == ENOATTR) + errno = ENOENT; + return -1; + } + + attr_value[rc] = 0; + *found_name = talloc_strdup(mem_ctx, attr_value); + if (*found_name == NULL) { + errno = ENOMEM; + return -1; + } + + DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" found \"%s\" as \"%s\"\n", + path, name, *found_name)); + + return 0; +} + +static struct vfs_fn_pointers vfs_ring_fns = { + .get_real_filename_fn = vfs_ring_get_real_filename, +}; + +NTSTATUS vfs_ring_init(TALLOC_CTX *); +NTSTATUS vfs_ring_init(TALLOC_CTX *ctx) +{ + NTSTATUS ret; + + ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "ring", + &vfs_ring_fns); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + + return ret; +} diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build index 09528f38070..9ae787aa6f4 100644 --- a/source3/modules/wscript_build +++ b/source3/modules/wscript_build @@ -598,6 +598,14 @@ bld.SAMBA3_MODULE('vfs_vxfs', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_vxfs'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_vxfs')) +bld.SAMBA3_MODULE('vfs_ring', + subsystem='vfs', + source='vfs_ring.c', + deps='talloc', + init_function='', + internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_ring'), + enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_ring')) + bld.SAMBA3_MODULE('vfs_offline', subsystem='vfs', source='vfs_offline.c', diff --git a/source3/wscript b/source3/wscript index 335cfd797f1..3f490bae336 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1941,6 +1941,7 @@ main() { vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid vfs_time_audit vfs_offline vfs_virusfilter vfs_widelinks + vfs_ring ''')) if host_os.rfind('linux') > -1: default_shared_modules.extend(['vfs_snapper']) diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index e031d9831ff..9904b245218 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -382,12 +382,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'): ../heimdal_build/replace.c ''' - if not bld.CONFIG_SET('HAVE_CLOSEFROM'): - ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + ''' - ../../lib/replace/closefrom.c - ''' - else: - ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE ROKEN_SOURCE = ROKEN_COMMON_SOURCE + ''' lib/roken/resolve.c -- Samba Shared Repository