[SCM] Samba Shared Repository - branch v4-20-test updated

Jule Anger Wed, 05 Jun 2024 08:03:15 -0700

The branch, v4-20-test has been updated
       via  65e781a30b2 s3:winbind: Fix idmap_ad creating an invalid local 
krb5.conf
       via  fb4c338f030 s3:libads: Do not fail if we don't get an IP passed down
       via  069729202c3 s3:libads: Allow get_kdc_ip_string() to lookup the KDCs 
IP
       via  1917b7f052d python: Fix NtVer check for site_dn_for_machine()
      from  9d80c928b01 s4:nbt_server: simulate nmbd and provide unexpected 
handling


https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test


- Log -----------------------------------------------------------------
commit 65e781a30b247ab1056405322a8c9cbfb4bae03a
Author: Andreas Schneider <a...@samba.org>
Date:   Tue May 28 13:54:24 2024 +0200

    s3:winbind: Fix idmap_ad creating an invalid local krb5.conf
    
    In case of a trusted domain, we are providing the realm of the primary
    trust but specify the KDC IP of the trusted domain. This leads to
    Kerberos ticket requests to the trusted domain KDC which doesn't know
    about the machine account. However we need a ticket from our primary
    trust KDC.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee)
    
    Autobuild-User(v4-20-test): Jule Anger <jan...@samba.org>
    Autobuild-Date(v4-20-test): Wed Jun  5 15:01:54 UTC 2024 on atb-devel-224

commit fb4c338f03034ef47231e1fb7ec1056ac5d3aa4f
Author: Andreas Schneider <a...@samba.org>
Date:   Tue May 28 13:53:51 2024 +0200

    s3:libads: Do not fail if we don't get an IP passed down
    
    The IP should be optional and we should look it up if not provided.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2)

commit 069729202c3b287642e36c777e2b0863f593bca4
Author: Andreas Schneider <a...@samba.org>
Date:   Tue May 28 13:51:53 2024 +0200

    s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP
    
    Remove the requirement to provide an IP address. We should look up the
    IP of the KDC and use it for the specified realm/workgroup.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb)

commit 1917b7f052dc7cb69f544e1f1ef94b48dd4212fb
Author: Andreas Schneider <a...@samba.org>
Date:   Mon Apr 15 07:32:02 2024 +0200

    python: Fix NtVer check for site_dn_for_machine()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: David Mulder <dmul...@samba.org>
    (cherry picked from commit 7a5e7b821259890dd2978e6f113f4a3dad110ea4)

-----------------------------------------------------------------------

Summary of changes:
 python/samba/gp/gpclass.py  |  4 +---
 source3/libads/kerberos.c   | 32 ++++++++++++++++----------------
 source3/winbindd/idmap_ad.c | 11 +++++++++--
 3 files changed, 26 insertions(+), 21 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 08be472e707..d86aacec138 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -805,9 +805,7 @@ def site_dn_for_machine(samdb, dc_hostname, lp, creds, 
hostname):
 
     samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response,
                                    bytes(res.msgs[0]['Netlogon'][0]))
-    if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX,
-                                       (nbt.NETLOGON_NT_VERSION_1
-                                        | nbt.NETLOGON_NT_VERSION_5EX)]:
+    if not (samlogon_response.ntver & nbt.NETLOGON_NT_VERSION_5EX):
         raise RuntimeError('site_dn_for_machine: Invalid NtVer in '
                            + 'netlogon_samlogon_response')
 
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index f76c5665205..6c6d23c29da 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx,
        char *kdc_str = NULL;
        char *canon_sockaddr = NULL;
 
-       SMB_ASSERT(pss != NULL);
-
-       canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
-       if (canon_sockaddr == NULL) {
-               goto out;
-       }
+       if (pss != NULL) {
+               canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+               if (canon_sockaddr == NULL) {
+                       goto out;
+               }
 
-       kdc_str = talloc_asprintf(frame,
-                                 "\t\tkdc = %s\n",
-                                 canon_sockaddr);
-       if (kdc_str == NULL) {
-               goto out;
-       }
+               kdc_str = talloc_asprintf(frame,
+                                         "\t\tkdc = %s\n",
+                                         canon_sockaddr);
+               if (kdc_str == NULL) {
+                       goto out;
+               }
 
-       ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
-       if (!ok) {
-               goto out;
+               ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
+               if (!ok) {
+                       goto out;
+               }
        }
 
        /*
@@ -704,7 +704,7 @@ bool create_local_private_krb5_conf_for_domain(const char 
*realm,
                return false;
        }
 
-       if (domain == NULL || pss == NULL) {
+       if (domain == NULL) {
                return false;
        }
 
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 5c9fe07db95..b8002825161 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -320,7 +320,10 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
                                       struct tldap_context **pld)
 {
        struct netr_DsRGetDCNameInfo *dcinfo;
-       struct sockaddr_storage dcaddr;
+       struct sockaddr_storage dcaddr = {
+               .ss_family = AF_UNSPEC,
+       };
+       struct sockaddr_storage *pdcaddr = NULL;
        struct cli_credentials *creds;
        struct loadparm_context *lp_ctx;
        struct tldap_context *ld;
@@ -362,9 +365,13 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
         * create_local_private_krb5_conf_for_domain() can deal with
         * sitename==NULL
         */
+       if (strequal(domname, lp_realm()) || strequal(domname, lp_workgroup()))
+       {
+               pdcaddr = &dcaddr;
+       }
 
        ok = create_local_private_krb5_conf_for_domain(
-               lp_realm(), lp_workgroup(), sitename, &dcaddr);
+               lp_realm(), lp_workgroup(), sitename, pdcaddr);
        TALLOC_FREE(sitename);
        if (!ok) {
                DBG_DEBUG("Could not create private krb5.conf\n");


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-20-test updated

Reply via email to