The branch, master has been updated via cdc0268c198 cmdline: Make -P work in clustered mode via 63c80f25da8 cmdline: Add a callback to set the machine account details via d6270525699 lib: Add required includes to source3/include/secrets.h via 9faa3173193 selftest: Add reproducer for bug 14908 from 2868b803649 lib/replace/timegm: use utf-8
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit cdc0268c1987f36ab400ea01df88d55c02dccfdb Author: Volker Lendecke <v...@samba.org> Date: Wed Nov 17 12:27:27 2021 +0100 cmdline: Make -P work in clustered mode Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184 commit 63c80f25da8829a7bd3244afea29c13f699efac1 Author: Volker Lendecke <v...@samba.org> Date: Wed Nov 17 12:25:58 2021 +0100 cmdline: Add a callback to set the machine account details source3 clients need to work in clustered mode, the default cli_credentials_set_machine_account() only looks at the local secrets.tdb file Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit d6270525699fbc856b217cf18ece7f1d063b144d Author: Volker Lendecke <v...@samba.org> Date: Wed Nov 17 12:25:05 2021 +0100 lib: Add required includes to source3/include/secrets.h Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 9faa3173193ddcb95905993d960cc10d4366524e Author: Volker Lendecke <v...@samba.org> Date: Wed Nov 17 16:34:07 2021 +0100 selftest: Add reproducer for bug 14908 Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/cmdline/cmdline.c | 16 ++++++++++++-- lib/cmdline/cmdline.h | 4 ++++ lib/cmdline/cmdline_s3.c | 28 ++++++++++++++++++++++++ lib/cmdline/wscript | 2 +- source3/include/secrets.h | 3 +++ source3/script/tests/test_net_machine_account.sh | 22 +++++++++++++++++++ source3/selftest/tests.py | 9 ++++++++ 7 files changed, 81 insertions(+), 3 deletions(-) create mode 100755 source3/script/tests/test_net_machine_account.sh Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 753cec27c3f..33d0c94e3b1 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds; static samba_cmdline_load_config cmdline_load_config_fn; static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg; +static NTSTATUS (*cli_credentials_set_machine_account_fn)( + struct cli_credentials *cred, + struct loadparm_context *lp_ctx) = + cli_credentials_set_machine_account; + /* PRIVATE */ bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx) { @@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void) return &cmdline_daemon_cfg; } +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_ctx)) +{ + cli_credentials_set_machine_account_fn = fn; +} + void samba_cmdline_burn(int argc, char *argv[]) { bool found = false; @@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext popt_ctx, if (machine_account_pending) { NTSTATUS status; - status = cli_credentials_set_machine_account(creds, - lp_ctx); + status = cli_credentials_set_machine_account_fn( + creds, lp_ctx); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to set machine account: %s\n", diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h index 1f85da0099e..5cd58c3ddbb 100644 --- a/lib/cmdline/cmdline.h +++ b/lib/cmdline/cmdline.h @@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum smb_cmdline_popt_options opt); */ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void); +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_ctx)); + /** * @brief Burn secrets on the command line. * diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c index 639d403aed3..6e2c154c756 100644 --- a/lib/cmdline/cmdline_s3.c +++ b/lib/cmdline/cmdline_s3.c @@ -26,6 +26,7 @@ #include "auth/credentials/credentials.h" #include "dynconfig/dynconfig.h" #include "cmdline_private.h" +#include "source3/include/secrets.h" static bool _require_smbconf; static enum samba_cmdline_config_type _config_type; @@ -84,6 +85,31 @@ static bool _samba_cmdline_load_config_s3(void) return true; } +static NTSTATUS _samba_cmd_set_machine_account_s3( + struct cli_credentials *cred, + struct loadparm_context *lp_ctx) +{ + struct db_context *db_ctx = secrets_db_ctx(); + NTSTATUS status; + + if (db_ctx == NULL) { + DBG_WARNING("failed to open secrets.tdb to obtain our " + "trust credentials for %s\n", + lpcfg_workgroup(lp_ctx));; + return NT_STATUS_INTERNAL_ERROR; + } + + status = cli_credentials_set_machine_account_db_ctx( + cred, lp_ctx, db_ctx); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("cli_credentials_set_machine_account_db_ctx " + "failed: %s\n", + nt_errstr(status)); + } + + return status; +} + bool samba_cmdline_init(TALLOC_CTX *mem_ctx, enum samba_cmdline_config_type config_type, bool require_smbconf) @@ -119,6 +145,8 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx, } samba_cmdline_set_load_config_fn(_samba_cmdline_load_config_s3); + samba_cmdline_set_machine_account_fn( + _samba_cmd_set_machine_account_s3); return true; } diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript index 1e13561ddf6..01ead85e2c4 100644 --- a/lib/cmdline/wscript +++ b/lib/cmdline/wscript @@ -22,7 +22,7 @@ def build(bld): bld.SAMBA_SUBSYSTEM('CMDLINE_S3', source='cmdline_s3.c', - deps='cmdline') + deps='cmdline secrets3') bld.SAMBA_SUBSYSTEM('CMDLINE_S4', source='cmdline_s4.c', diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 2478561cee7..1abfbb07e89 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -20,6 +20,9 @@ #ifndef _SECRETS_H #define _SECRETS_H +#include "replace.h" +#include "librpc/gen_ndr/security.h" + /* the first one is for the hashed password (NT4 style) the latter for plaintext (ADS) */ diff --git a/source3/script/tests/test_net_machine_account.sh b/source3/script/tests/test_net_machine_account.sh new file mode 100755 index 00000000000..69844443bf6 --- /dev/null +++ b/source3/script/tests/test_net_machine_account.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Reproducer for https://bugzilla.samba.org/show_bug.cgi?id=14908 + +if [ $# -lt 2 ]; then + echo "Usage: $0 NET CONFFILE SERVER_IP" + exit 1 +fi + +NET="$1"; shift +CONFFILE="$1"; shift +SERVER_IP="$1"; shift + +export UID_WRAPPER_ROOT=1 + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +testit "net_ads_user" $VALGRIND $NET rpc user --configfile="$CONFFILE" -S "$SERVER_IP" -P || failed=`expr $failed + 1` + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index bb47851bbc6..f4319959353 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1311,6 +1311,15 @@ plantestsuite( "", "-b $PREFIX/clusteredmember/unclists/tmp.txt -N 5 -o 10"]) +plantestsuite( + "samba3.net_machine_account", + "clusteredmember", + [os.path.join(samba3srcdir, + "script/tests/test_net_machine_account.sh"), + "bin/net", + "$SERVERCONFFILE", + "$SERVER_IP"]) + plantestsuite( "samba3.net_lookup_ldap", "ad_dc:local", -- Samba Shared Repository