The branch, master has been updated
via cdc0268c198 cmdline: Make -P work in clustered mode
via 63c80f25da8 cmdline: Add a callback to set the machine account
details
via d6270525699 lib: Add required includes to source3/include/secrets.h
via 9faa3173193 selftest: Add reproducer for bug 14908
from 2868b803649 lib/replace/timegm: use utf-8
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cdc0268c1987f36ab400ea01df88d55c02dccfdb
Author: Volker Lendecke <v...@samba.org>
Date: Wed Nov 17 12:27:27 2021 +0100
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
commit 63c80f25da8829a7bd3244afea29c13f699efac1
Author: Volker Lendecke <v...@samba.org>
Date: Wed Nov 17 12:25:58 2021 +0100
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit d6270525699fbc856b217cf18ece7f1d063b144d
Author: Volker Lendecke <v...@samba.org>
Date: Wed Nov 17 12:25:05 2021 +0100
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 9faa3173193ddcb95905993d960cc10d4366524e
Author: Volker Lendecke <v...@samba.org>
Date: Wed Nov 17 16:34:07 2021 +0100
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/cmdline/cmdline.c | 16 ++++++++++++--
lib/cmdline/cmdline.h | 4 ++++
lib/cmdline/cmdline_s3.c | 28 ++++++++++++++++++++++++
lib/cmdline/wscript | 2 +-
source3/include/secrets.h | 3 +++
source3/script/tests/test_net_machine_account.sh | 22 +++++++++++++++++++
source3/selftest/tests.py | 9 ++++++++
7 files changed, 81 insertions(+), 3 deletions(-)
create mode 100755 source3/script/tests/test_net_machine_account.sh
Changeset truncated at 500 lines:
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 753cec27c3f..33d0c94e3b1 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds;
static samba_cmdline_load_config cmdline_load_config_fn;
static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg;
+static NTSTATUS (*cli_credentials_set_machine_account_fn)(
+ struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx) =
+ cli_credentials_set_machine_account;
+
/* PRIVATE */
bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx)
{
@@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg
*samba_cmdline_get_daemon_cfg(void)
return &cmdline_daemon_cfg;
}
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx))
+{
+ cli_credentials_set_machine_account_fn = fn;
+}
+
void samba_cmdline_burn(int argc, char *argv[])
{
bool found = false;
@@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext
popt_ctx,
if (machine_account_pending) {
NTSTATUS status;
- status = cli_credentials_set_machine_account(creds,
- lp_ctx);
+ status = cli_credentials_set_machine_account_fn(
+ creds, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to set machine account: %s\n",
diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h
index 1f85da0099e..5cd58c3ddbb 100644
--- a/lib/cmdline/cmdline.h
+++ b/lib/cmdline/cmdline.h
@@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum
smb_cmdline_popt_options opt);
*/
struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void);
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx));
+
/**
* @brief Burn secrets on the command line.
*
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 639d403aed3..6e2c154c756 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -26,6 +26,7 @@
#include "auth/credentials/credentials.h"
#include "dynconfig/dynconfig.h"
#include "cmdline_private.h"
+#include "source3/include/secrets.h"
static bool _require_smbconf;
static enum samba_cmdline_config_type _config_type;
@@ -84,6 +85,31 @@ static bool _samba_cmdline_load_config_s3(void)
return true;
}
+static NTSTATUS _samba_cmd_set_machine_account_s3(
+ struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
+{
+ struct db_context *db_ctx = secrets_db_ctx();
+ NTSTATUS status;
+
+ if (db_ctx == NULL) {
+ DBG_WARNING("failed to open secrets.tdb to obtain our "
+ "trust credentials for %s\n",
+ lpcfg_workgroup(lp_ctx));;
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = cli_credentials_set_machine_account_db_ctx(
+ cred, lp_ctx, db_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("cli_credentials_set_machine_account_db_ctx "
+ "failed: %s\n",
+ nt_errstr(status));
+ }
+
+ return status;
+}
+
bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
enum samba_cmdline_config_type config_type,
bool require_smbconf)
@@ -119,6 +145,8 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
}
samba_cmdline_set_load_config_fn(_samba_cmdline_load_config_s3);
+ samba_cmdline_set_machine_account_fn(
+ _samba_cmd_set_machine_account_s3);
return true;
}
diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript
index 1e13561ddf6..01ead85e2c4 100644
--- a/lib/cmdline/wscript
+++ b/lib/cmdline/wscript
@@ -22,7 +22,7 @@ def build(bld):
bld.SAMBA_SUBSYSTEM('CMDLINE_S3',
source='cmdline_s3.c',
- deps='cmdline')
+ deps='cmdline secrets3')
bld.SAMBA_SUBSYSTEM('CMDLINE_S4',
source='cmdline_s4.c',
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 2478561cee7..1abfbb07e89 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -20,6 +20,9 @@
#ifndef _SECRETS_H
#define _SECRETS_H
+#include "replace.h"
+#include "librpc/gen_ndr/security.h"
+
/* the first one is for the hashed password (NT4 style) the latter
for plaintext (ADS)
*/
diff --git a/source3/script/tests/test_net_machine_account.sh
b/source3/script/tests/test_net_machine_account.sh
new file mode 100755
index 00000000000..69844443bf6
--- /dev/null
+++ b/source3/script/tests/test_net_machine_account.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# Reproducer for https://bugzilla.samba.org/show_bug.cgi?id=14908
+
+if [ $# -lt 2 ]; then
+ echo "Usage: $0 NET CONFFILE SERVER_IP"
+ exit 1
+fi
+
+NET="$1"; shift
+CONFFILE="$1"; shift
+SERVER_IP="$1"; shift
+
+export UID_WRAPPER_ROOT=1
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+testit "net_ads_user" $VALGRIND $NET rpc user --configfile="$CONFFILE" -S
"$SERVER_IP" -P || failed=`expr $failed + 1`
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index bb47851bbc6..f4319959353 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1311,6 +1311,15 @@ plantestsuite(
"",
"-b $PREFIX/clusteredmember/unclists/tmp.txt -N 5 -o 10"])
+plantestsuite(
+ "samba3.net_machine_account",
+ "clusteredmember",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_net_machine_account.sh"),
+ "bin/net",
+ "$SERVERCONFFILE",
+ "$SERVER_IP"])
+
plantestsuite(
"samba3.net_lookup_ldap",
"ad_dc:local",
--
Samba Shared Repository
