The branch, v4-20-test has been updated
       via  5b90acbef15 s3/smbd: fix nested chdir into msdfs links on 
(widelinks = yes) share
       via  4b4b0152fd7 selftest: Add a python blackbox test for some misc 
(widelink) DFS tests
       via  dceb2e56b63 script/autobuild.py: Add test for --vendor-name and 
--vendor-patch-revision
       via  5d593a735d3 build: Add --vendor-name --vendor-patch-revision 
options to ./configure
       via  f46faceae1f ctdb/docs: Include ceph rados namespace support in man 
page
       via  9110627bc24 ctdb/ceph: Add optional namespace support for mutex 
helper
       via  df54d3fdda9 s4:dns_server: no-op dns updates with ACCESS_DENIED 
should be ignored
       via  89817ed2165 s4:dns_server: correctly sign dns update responses with 
gss-tsig like Windows
       via  fdd61d60caa s4:dns_server: dns_verify_tsig should return REFUSED on 
error
       via  f663b386156 s4:dns_server: also search DNS_QTYPE_TKEY in the 
answers section if it's the last section
       via  3b36f447040 s4:dns_server: use tkey->algorithm if available in 
dns_sign_tsig()
       via  299818567ea s4:dns_server: use the client provided algorithm for 
the fake TSIG structure
       via  7ddd758da50 s4:dns_server: only allow gss-tsig and 
gss.microsoft.com for TSIG
       via  6e395cabf38 s4:dns_server: only allow gss-tsig and 
gss.microsoft.com for TKEY
       via  ed8ef00c297 s4:dns_server: failed dns updates should result in 
REFUSED for ACCESS_DENIED
       via  a7f3293ddf7 python:tests/dns_tkey: add 
test_update_tsig_record_access_denied()
       via  9137bb66ab4 s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to 
samba.tests.dns_tkey
       via  5a98bc50263 python:tests/dns_base: add get_unpriv_creds() helper
       via  ff0afdd1b05 python:tests/dns_tkey: let test_update_tsig_windows() 
actually pass against windows 2022
       via  bda80382eb5 python:tests/dns_base: let verify_packet() work against 
Windows
       via  fdfd4e8adce python:tests/dns_tkey: test bad and changing tsig 
algorithms
       via  7dabac46b5a python:tests/dns_tkey: add gss.microsoft.com tsig 
updates
       via  6438249cf1e python:tests/dns_tkey: let us have 
test_update_gss_tsig_tkey_req_{additional,answers}()
       via  501a25a1f07 python:tests/dns_tkey: test TKEY with gss-tsig, 
gss.microsoft.com and invalid algorithms
       via  c7a936ecd27 python:tests/dns_base: maintain a dict with tkey 
related state
       via  da7c313740d python:tests/dns_base: let dns_transaction_udp() take 
allow_{remaining,truncated}=True
       via  85784854629 python:tests/dns_base: pass tkey_trans(expected_rcode)
       via  e58fe908371 python:tests/dns_base: let tkey_trans() take 
tkey_req_in_answers
       via  12d4e452410 python:tests/dns_base: let tkey_trans() and 
sign_packet() take algorithm_name as argument
       via  9cfc2e24331 python:tests/dns_tkey: make use of 
self.assert_echoed_dns_error()
       via  f7f0518b46a python:tests/dns_base: add 
self.assert_echoed_dns_error()
       via  c00749edb35 python:tests/dns_base: let dns_transaction_tcp() handle 
short receives
       via  3bd80a2545a python:tests/dns_base: use ndr_deepcopy() and 
ndr_pack() in verify_packet()
       via  19fc5bb6b9d python:tests/dns_base: generate a real signature in 
bad_sign_packet()
      from  8b8fef4c9c8 third_party: Update socket_wrapper to version 1.4.3

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test


- Log -----------------------------------------------------------------
commit 5b90acbef156174ea65014a298f926218a760c4e
Author: Noel Power <noel.po...@suse.com>
Date:   Fri Jun 7 19:35:47 2024 +0100

    s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
    
    This patch also removes known fail for existing test
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Tue Jun 11 19:31:40 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 788ef8f07c75d5e6eca5b8f18d93d96f31574267)
    [noel.po...@suse.com backported to Samba 4.20 minor change to use
       4.20 create_open_symlink_err fn instead of read_symlink_reparse]
    
    Autobuild-User(v4-20-test): Jule Anger <jan...@samba.org>
    Autobuild-Date(v4-20-test): Tue Jun 18 08:33:30 UTC 2024 on atb-devel-224

commit 4b4b0152fd7cce2923ffcfe04eb07de4cc8721d7
Author: Noel Power <noel.po...@suse.com>
Date:   Tue Jun 11 11:19:50 2024 +0100

    selftest: Add a python blackbox test for some misc (widelink) DFS tests
    
    On master attempting to chdir into a nested dfs link
    
    e.g. cd dfslink (works)
         cd dfslink/another_dfslink (fails)
    
    [1] Add a test for this scenario (nested chdir)
    [2] Add test for enumerating a dfs link in root of dfs share
    [3] Add a test to check case insensitive chdir into dfs link on widelink
      enabled share
    
    Add knownfails for tests 1 and 3
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
    (cherry picked from commit 7f1de90f72d6e8287aec6ab1d9f7776b7df624e5)

commit dceb2e56b63c27ebe174b58c2bd5fab1fd3e4415
Author: Andrew Bartlett <abart...@samba.org>
Date:   Thu May 30 21:13:01 2024 +1200

    script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
    
    Signed-off-by: Andrew Bartlett <abart...@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
    
    RN: We have added new options --vendor-name and --vendor-patch-revision 
arguments
    to ./configure to allow distributions and packagers to put their name in 
the Samba
    version string so that when debugging Samba the source of the binary is 
obvious.
    
    [abart...@samba.org adapted to 4.20 still having the seperate LDB build 
system
     from commit 72112d4814eb3872016c1168c477531be835a1f9]

commit 5d593a735d371774b5a8847a4e820c894ec3e25f
Author: Andrew Bartlett <abart...@samba.org>
Date:   Thu May 30 10:50:12 2024 +1200

    build: Add --vendor-name --vendor-patch-revision options to ./configure
    
    These options are for packagers and vendors to set so that when
    Samba developers are debugging an issue, we know exactly which
    package is in use, and so have an idea if any patches have been
    applied.
    
    This is included in the string that a Samba backtrace gives,
    as part of the PANIC message.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
    REF: https://lists.samba.org/archive/samba-technical/2024-May/138992.html
    
    Signed-off-by: Andrew Bartlett <abart...@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
    (cherry picked from commit 651fb94c374c7f84405d960a9e0a0fd7fcb285dd)

commit f46faceae1fb5ad81dd1c099e99e3e3cf7a0701e
Author: Günther Deschner <g...@samba.org>
Date:   Fri Jun 7 14:40:07 2024 +0530

    ctdb/docs: Include ceph rados namespace support in man page
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15665
    
    Document the new optional argument to specify the namespace to be
    associated with RADOS objects in a pool.
    
    Pair-Programmed-With: Anoop C S <anoo...@samba.org>
    Signed-off-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>
    
    Autobuild-User(master): Anoop C S <anoo...@samba.org>
    Autobuild-Date(master): Fri Jun 14 07:42:25 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 35f6c3f3d4a5521e6576fcc0dd7dd3bbcea041b2)

commit 9110627bc24c5eda24d38a296cc72b2ffae54832
Author: Günther Deschner <g...@samba.org>
Date:   Fri Jun 7 14:39:37 2024 +0530

    ctdb/ceph: Add optional namespace support for mutex helper
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15665
    
    RADOS objects within a pool can be associated to a namespace for
    logical separation. librados already provides an API to configure
    such a namespace with respect to a context. Make use of it as an
    optional argument to the helper binary.
    
    Pair-Programmed-With: Anoop C S <anoo...@samba.org>
    Signed-off-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>
    (cherry picked from commit d8c52995f68fe088dd2174562faee69ed1c95edd)

commit df54d3fdda9cf9ad526c25fa13bca2daf75df356
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu May 30 14:52:22 2024 +0200

    s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
    
    If the client does not have permissions to update the record,
    but the record already has the data the update tries to apply,
    it's a no-op that should result in success instead of failing.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
    Autobuild-Date(master): Thu Jun  6 03:18:16 UTC 2024 on atb-devel-224
    
    (cherry picked from commit ed61c57e02309b738e73fb12877a0a565b627724)

commit 89817ed2165320185d7254872a5c875cb04f12d1
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu May 30 14:39:28 2024 +0200

    s4:dns_server: correctly sign dns update responses with gss-tsig like 
Windows
    
    This means we no longer generate strange errors/warnings
    in the Windows event log nor in the nsupdate -g output.
    
    Note: this is a only difference between gss-tsig and
    the legacy gss.microsoft.com algorithms.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 76fec2668e73b9d15447abee551d5c04148aaf27)

commit fdd61d60caa96ca585f94916873a3485de1acf5b
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu May 30 14:42:53 2024 +0200

    s4:dns_server: dns_verify_tsig should return REFUSED on error
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit db350bc573b378fb0615bdd8592cc9c62f6db146)

commit f663b386156afec4a8d8bd5f99b5ffe7f365f144
Author: Stefan Metzmacher <me...@samba.org>
Date:   Thu May 30 14:41:21 2024 +0200

    s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's 
the last section
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 5906ed94f2c5c68e83c63e7c201534eeb323cfe7)

commit 3b36f447040d28bfc6494e84edbf98f947cba2a3
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:38:24 2024 +0200

    s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit ae7538af04435658d2ba6dcab109beecb6c5f13e)

commit 299818567ea8238a791942428bcf9887e9738ac8
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:38:24 2024 +0200

    s4:dns_server: use the client provided algorithm for the fake TSIG structure
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit bd0235cd515d5602ed9501bfc810a2487364ea10)

commit 7ddd758da50cc04a527061209c2f809b66b56f1f
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:38:24 2024 +0200

    s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 3467d1491490830d61d16cb6278051daf48466fc)

commit 6e395cabf38b6ad42fbdcb56e72f08940cb070f3
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:38:24 2024 +0200

    s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit fa0f23e69eaf4f475bc9dc9aa0e23c7bd5208250)

commit ed8ef00c297026350ea79e79248f2b9a0eaabe6b
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:36:40 2024 +0200

    s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit a56627b0d125ef7b456bebe307087f324f1f0422)

commit a7f3293ddf764aa370db0147e245d73b687f29e4
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 11:40:51 2024 +0200

    python:tests/dns_tkey: add test_update_tsig_record_access_denied()
    
    This demonstrates that access_denied is only generated if the client
    really generates a change in the database.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 708a6fae6978e1462e1a53f4ee08f11b51a5637a)

commit 9137bb66ab48d1220d88537c9a403a376439da28
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 11:39:56 2024 +0200

    s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 753428a3b6c488c4aacea04d2ddb9ea73244695a)

commit 5a98bc50263c03a8302587f8f5e6baf62e1234b5
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 11:39:56 2024 +0200

    python:tests/dns_base: add get_unpriv_creds() helper
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 88457da00d4110b419f7a7ccabcd542fa77e463f)

commit ff0afdd1b056d26af785fc34209eded06615c9a4
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:17:54 2024 +0200

    python:tests/dns_tkey: let test_update_tsig_windows() actually pass against 
windows 2022
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 848318338b2972f331e067bf1c8d6c7dac0748c8)

commit bda80382eb5f501eda1764c57832c8a386490427
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:17:54 2024 +0200

    python:tests/dns_base: let verify_packet() work against Windows
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 8324d0739dfdd0a081c403e298a9038ee7df681f)

commit fdfd4e8adcee923909a0dc64cce5c867fb6c2a23
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 17:26:39 2024 +0200

    python:tests/dns_tkey: test bad and changing tsig algorithms
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit de4ed363d378f2065a4634f94af80ea0e3965c96)

commit 7dabac46b5ac13949c450424d54f8cf4b39733e0
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 17:18:34 2024 +0200

    python:tests/dns_tkey: add gss.microsoft.com tsig updates
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit b9b03ca503c43c7ee06df6c331839bd47f9eac8c)

commit 6438249cf1e52375c343f61dce8100cba614997e
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 14:15:45 2024 +0200

    python:tests/dns_tkey: let us have 
test_update_gss_tsig_tkey_req_{additional,answers}()
    
    Also test using the additional record in the answers section.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 3c7cb85eaf8371be55a371601cc354440dab7a94)

commit 501a25a1f07dc71699ae9610010b13d05d652573
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 16:41:12 2024 +0200

    python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and 
invalid algorithms
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 740bda87a80b97816d892e8f7aae28759f6916ec)

commit c7a936ecd2723440f46eb1423135fcb391164943
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 14:10:52 2024 +0200

    python:tests/dns_base: maintain a dict with tkey related state
    
    This will allow tests to backup the whole state
    and mix them.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit b0af60e7850e656ef98edeac657c66b853080dab)

commit da7c313740d01f85c1c2f4e0c6bdecaa5bedbbfa
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 14:14:11 2024 +0200

    python:tests/dns_base: let dns_transaction_udp() take 
allow_{remaining,truncated}=True
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 1b1e7e06cf6ebd283de73c351267d53b42663d2f)

commit 85784854629c406f23cc46f075012696b59b392c
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 16:07:53 2024 +0200

    python:tests/dns_base: pass tkey_trans(expected_rcode)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 27d92fa808c6617353c36fdb230504e880f4925b)

commit e58fe908371c46b9e0e4518e7f9614ac796a584a
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 14:08:13 2024 +0200

    python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
    
    It's possible to put the additional into the answers section,
    so we should be able to test that.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit cd747307d845f3cff723a7916aeeb31458f19202)

commit 12d4e452410f29cb23e130ddeaf44592ba98b7b2
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:17:54 2024 +0200

    python:tests/dns_base: let tkey_trans() and sign_packet() take 
algorithm_name as argument
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit f8dfa9b33bdedffbe2e3b6e229ffae4beb3c712e)

commit 9cfc2e24331139dd4f8a4d2feb3bf335bd8cb049
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:35:58 2024 +0200

    python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
    
    Failed DNS updates just echo the request flaged as response,
    all other elements are unchanged.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit 6e997f93d53ac45af79aec030bad73f51bdc5629)

commit f7f0518b46a9d5c26fc6a362105c463bc6865817
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:35:58 2024 +0200

    python:tests/dns_base: add self.assert_echoed_dns_error()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit ce591464cb12ab00a5d5752a7cea5f909c3c3f1b)

commit c00749edb35115e111739473d7db57f33bff55a3
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri May 31 08:07:24 2024 +0200

    python:tests/dns_base: let dns_transaction_tcp() handle short receives
    
    With socket_wrapper we only get 1500 byte chunks...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit c741d0f3969abe821e8ee2a10f848159eb2749fe)

commit 3bd80a2545a57b88e58cedf5f9d7281fef15b361
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:16:40 2024 +0200

    python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit c594cbad4af97031bb7b5b0eb2fb228b00acf646)

commit 19fc5bb6b9d75ddb1b031817c7ee7688d7ca587f
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed May 29 13:11:24 2024 +0200

    python:tests/dns_base: generate a real signature in bad_sign_packet()
    
    We just destroy the signature bytes but keep the header unchanged.
    
    This makes it easier to look at it in wireshark.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit ae23d512a724650ae2de1178ac43deff8266aa56)

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafsamba/samba_version.py             |   5 +
 ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml      |   4 +-
 ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c   |  50 +++-
 python/samba/tests/blackbox/misc_dfs_widelink.py |  86 ++++++
 python/samba/tests/dns_base.py                   | 213 ++++++++++-----
 python/samba/tests/dns_tkey.py                   | 325 ++++++++++++++++++++---
 python/samba/tests/join.py                       |   2 +-
 script/autobuild.py                              |   3 +-
 source3/smbd/files.c                             |  18 ++
 source4/dns_server/dns_crypto.c                  |  49 +++-
 source4/dns_server/dns_query.c                   |  27 +-
 source4/dns_server/dns_update.c                  |  11 +
 source4/dns_server/dnsserver_common.c            |   2 +
 source4/selftest/tests.py                        |   9 +-
 wscript                                          |  20 ++
 15 files changed, 705 insertions(+), 119 deletions(-)
 create mode 100644 python/samba/tests/blackbox/misc_dfs_widelink.py


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_version.py 
b/buildtools/wafsamba/samba_version.py
index 31103e0f8c4..576168f5723 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -253,6 +253,11 @@ def samba_version_file(version_file, path, env=None, 
is_install=True):
                 print("Failed to parse line %s from %s" % (line, version_file))
                 raise
 
+    if "SAMBA_VERSION_VENDOR_SUFFIX" in env:
+        version_dict["SAMBA_VERSION_VENDOR_SUFFIX"] = 
env.SAMBA_VERSION_VENDOR_SUFFIX
+    if "SAMBA_VERSION_VENDOR_PATCH" in env:
+        version_dict["SAMBA_VERSION_VENDOR_PATCH"] = 
str(env.SAMBA_VERSION_VENDOR_PATCH)
+
     return SambaVersion(version_dict, path, env=env, is_install=is_install)
 
 
diff --git a/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml 
b/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
index f558f873d9a..93d79cea5dc 100644
--- a/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
+++ b/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
@@ -29,12 +29,14 @@
       <manvolnum>5</manvolnum></citerefentry>:
     </para>
     <screen format="linespecific">
-cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object]
+cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object] 
[Timeout] [-n Namespace]
 
 Cluster: Ceph cluster name (e.g. ceph)
 User: Ceph cluster user name (e.g. client.admin)
 Pool: Ceph RADOS pool name
 Object: Ceph RADOS object name
+Timeout: Ceph RADOS lock duration in seconds (optional)
+Namespace: Ceph RADOS pool namespace (optional)
     </screen>
     <para>
       The Ceph cluster <parameter>Cluster</parameter> must be up and running,
diff --git a/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c 
b/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
index 7d868a38b23..46566c97a83 100644
--- a/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
+++ b/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
@@ -42,9 +42,18 @@
 
 static char *progname = NULL;
 
+static void usage(void)
+{
+       fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
+                       "<RADOS pool> <RADOS object> "
+                       "[lock duration secs] [-n RADOS namespace]\n",
+                       progname);
+}
+
 static int ctdb_mutex_rados_ctx_create(const char *ceph_cluster_name,
                                       const char *ceph_auth_name,
                                       const char *pool_name,
+                                      const char *namespace,
                                       rados_t *_ceph_cluster,
                                       rados_ioctx_t *_ioctx)
 {
@@ -87,6 +96,10 @@ static int ctdb_mutex_rados_ctx_create(const char 
*ceph_cluster_name,
                return ret;
        }
 
+       if (namespace != NULL) {
+               rados_ioctx_set_namespace(ioctx, namespace);
+       }
+
        *_ceph_cluster = ceph_cluster;
        *_ioctx = ioctx;
 
@@ -145,6 +158,7 @@ struct ctdb_mutex_rados_state {
        const char *ceph_cluster_name;
        const char *ceph_auth_name;
        const char *pool_name;
+       const char *namespace;
        const char *object;
        uint64_t lock_duration_s;
        int ppid;
@@ -295,15 +309,13 @@ static int ctdb_mutex_rados_mgr_reg(rados_t ceph_cluster)
 int main(int argc, char *argv[])
 {
        int ret;
+       int opt;
        struct ctdb_mutex_rados_state *cmr_state;
 
        progname = argv[0];
 
-       if ((argc != 5) && (argc != 6)) {
-               fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
-                               "<RADOS pool> <RADOS object> "
-                               "[lock duration secs]\n",
-                       progname);
+       if (argc < 5) {
+               usage();
                ret = -EINVAL;
                goto err_out;
        }
@@ -325,15 +337,36 @@ int main(int argc, char *argv[])
        cmr_state->ceph_auth_name = argv[2];
        cmr_state->pool_name = argv[3];
        cmr_state->object = argv[4];
-       if (argc == 6) {
+
+       optind = 5;
+       while ((opt = getopt(argc, argv, "n:")) != -1) {
+               switch(opt) {
+               case 'n':
+                       cmr_state->namespace = optarg;
+                       break;
+               default:
+                       usage();
+                       ret = -EINVAL;
+                       goto err_ctx_cleanup;
+               }
+       }
+
+       if (argv[optind] != NULL) {
                /* optional lock duration provided */
                char *endptr = NULL;
-               cmr_state->lock_duration_s = strtoull(argv[5], &endptr, 0);
-               if ((endptr == argv[5]) || (*endptr != '\0')) {
+               cmr_state->lock_duration_s = strtoull(argv[optind], &endptr, 0);
+               if ((endptr == argv[optind]) || (*endptr != '\0')) {
                        fprintf(stdout, CTDB_MUTEX_STATUS_ERROR);
                        ret = -EINVAL;
                        goto err_ctx_cleanup;
                }
+               if (argv[++optind] != NULL) {
+                       /* incorrect count or format for optional arguments */
+                       usage();
+                       ret = -EINVAL;
+                       goto err_ctx_cleanup;
+               }
+
        } else {
                cmr_state->lock_duration_s
                        = CTDB_MUTEX_CEPH_LOCK_DURATION_SECS_DEFAULT;
@@ -398,6 +431,7 @@ int main(int argc, char *argv[])
        ret = ctdb_mutex_rados_ctx_create(cmr_state->ceph_cluster_name,
                                          cmr_state->ceph_auth_name,
                                          cmr_state->pool_name,
+                                         cmr_state->namespace,
                                          &cmr_state->ceph_cluster,
                                          &cmr_state->ioctx);
        if (ret < 0) {
diff --git a/python/samba/tests/blackbox/misc_dfs_widelink.py 
b/python/samba/tests/blackbox/misc_dfs_widelink.py
new file mode 100644
index 00000000000..7948590d710
--- /dev/null
+++ b/python/samba/tests/blackbox/misc_dfs_widelink.py
@@ -0,0 +1,86 @@
+# Blackbox tests for DFS (widelink)
+#
+# Copyright (C) Noel Power noel.po...@suse.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+from samba.tests import BlackboxTestCase, BlackboxProcessError
+from samba.samba3 import param as s3param
+
+from samba.credentials import Credentials
+
+import os
+
+class DfsWidelinkBlockboxTestBase(BlackboxTestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.lp = s3param.get_context()
+        self.server = os.environ["SERVER"]
+        self.user = os.environ["USER"]
+        self.passwd = os.environ["PASSWORD"]
+        self.creds = Credentials()
+        self.creds.guess(self.lp)
+        self.creds.set_username(self.user)
+        self.creds.set_password(self.passwd)
+        self.testdir = os.getenv("TESTDIR", "msdfs-share-wl")
+        self.share = os.getenv("SHARE", "msdfs-share-wl")
+        self.dirpath = os.path.join(os.environ["LOCAL_PATH"],self.testdir)
+        # allow a custom teardown function to be defined
+        self.cleanup = None
+        self.cleanup_args = []
+
+    def tearDown(self):
+        try:
+            if (self.cleanup):
+                self.cleanup(self.cleanup_args)
+        except Exception as e:
+            print("remote remove failed: %s" % str(e))
+
+    def build_test_cmd(self, cmd, args):
+        cmd = [cmd, "-U%s%%%s" % (self.user, self.passwd)]
+        cmd.extend(args)
+        return cmd
+
+    def test_ci_chdir(self):
+        parent_dir = "msdfs-src1"
+        dirs = [parent_dir, parent_dir.upper()]
+        # try as named dir first then try upper-cased version
+        for adir in dirs:
+            smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % 
(self.server, self.share), "-c", "cd %s" % (adir)])
+            try:
+                out_str = self.check_output(smbclient_args)
+            except BlackboxProcessError as e:
+                print(str(e))
+                self.fail(str(e))
+
+    def test_nested_chdir(self):
+        parent_dir = "dfshop1"
+        child_dir = "dfshop2"
+        smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % 
(self.server, self.share), "-c", "cd %s/%s" % (parent_dir,child_dir)])
+        try:
+            out_str = self.check_output(smbclient_args)
+        except BlackboxProcessError as e:
+            print(str(e))
+            self.fail(str(e))
+
+    def test_enumerate_dfs_link(self):
+        smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % 
(self.server, self.share), "-c", "dir"])
+        try:
+            out_str = self.check_output(smbclient_args)
+        except BlackboxProcessError as e:
+            print(str(e))
+            self.fail(str(e))
+        out_str = out_str.decode()
+        self.assertIn("msdfs-src1", out_str)
diff --git a/python/samba/tests/dns_base.py b/python/samba/tests/dns_base.py
index d320a0e9183..43a62b1ac57 100644
--- a/python/samba/tests/dns_base.py
+++ b/python/samba/tests/dns_base.py
@@ -20,6 +20,7 @@ from samba.tests import TestCaseInTempDir
 from samba.dcerpc import dns, dnsp
 from samba import gensec, tests
 from samba import credentials
+from samba import NTSTATUSError
 import struct
 import samba.ndr as ndr
 import random
@@ -76,6 +77,24 @@ class DNSTest(TestCaseInTempDir):
         self.assertEqual(p_opcode, opcode, "Expected OPCODE %s, got %s" %
                           (opcode, p_opcode))
 
+    def assert_dns_flags_equals(self, packet, flags):
+        "Helper function to check opcode"
+        p_flags = packet.operation & (~(dns.DNS_OPCODE|dns.DNS_RCODE))
+        self.assertEqual(p_flags, flags, "Expected FLAGS %02x, got %02x" %
+                          (flags, p_flags))
+
+    def assert_echoed_dns_error(self, request, response, response_p, rcode):
+
+        request_p = ndr.ndr_pack(request)
+
+        self.assertEqual(response.id, request.id)
+        self.assert_dns_rcode_equals(response, rcode)
+        self.assert_dns_opcode_equals(response, request.operation & 
dns.DNS_OPCODE)
+        self.assert_dns_flags_equals(response,
+            (request.operation | dns.DNS_FLAG_REPLY) & 
(~(dns.DNS_OPCODE|dns.DNS_RCODE)))
+        self.assertEqual(len(response_p), len(request_p))
+        self.assertEqual(response_p[4:], request_p[4:])
+
     def make_name_packet(self, opcode, qid=None):
         "Helper creating a dns.name_packet"
         p = dns.name_packet()
@@ -112,6 +131,8 @@ class DNSTest(TestCaseInTempDir):
         return self.creds.get_realm().lower()
 
     def dns_transaction_udp(self, packet, host,
+                            allow_remaining=False,
+                            allow_truncated=False,
                             dump=False, timeout=None):
         "send a DNS query and read the reply"
         s = None
@@ -128,8 +149,22 @@ class DNSTest(TestCaseInTempDir):
             recv_packet = s.recv(2048, 0)
             if dump:
                 print(self.hexdump(recv_packet))
-            response = ndr.ndr_unpack(dns.name_packet, recv_packet)
+            if allow_truncated:
+                # with allow_remaining
+                # we add some zero bytes
+                # in order to also parse truncated
+                # responses
+                recv_packet_p = recv_packet + 32*b"\x00"
+                allow_remaining = True
+            else:
+                recv_packet_p = recv_packet
+            response = ndr.ndr_unpack(dns.name_packet, recv_packet_p,
+                                      allow_remaining=allow_remaining)
             return (response, recv_packet)
+        except RuntimeError as re:
+            if s is not None:
+                s.close()
+            raise AssertionError(re)
         finally:
             if s is not None:
                 s.close()
@@ -151,11 +186,26 @@ class DNSTest(TestCaseInTempDir):
             tcp_packet += send_packet
             s.sendall(tcp_packet)
 
-            recv_packet = s.recv(0xffff + 2, 0)
+            recv_packet = b''
+            length = None
+            for i in range(0, 2 + 0xffff):
+                if len(recv_packet) >= 2:
+                    length, = struct.unpack('!H', recv_packet[0:2])
+                    remaining = 2 + length
+                else:
+                    remaining = 2 + 12
+                remaining -= len(recv_packet)
+                if remaining == 0:
+                    break
+                recv_packet += s.recv(remaining, 0)
             if dump:
                 print(self.hexdump(recv_packet))
             response = ndr.ndr_unpack(dns.name_packet, recv_packet[2:])
 
+        except RuntimeError as re:
+            if s is not None:
+                s.close()
+            raise AssertionError(re)
         finally:
             if s is not None:
                 s.close()
@@ -217,18 +267,41 @@ class DNSTKeyTest(DNSTest):
         self.creds.set_username(tests.env_get_var_value('USERNAME'))
         self.creds.set_password(tests.env_get_var_value('PASSWORD'))
         self.creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
+
+        self.unpriv_creds = None
+
         self.newrecname = "tkeytsig.%s" % self.get_dns_domain()
 
-    def tkey_trans(self, creds=None):
+    def get_unpriv_creds(self):
+        if self.unpriv_creds is not None:
+            return self.unpriv_creds
+
+        self.unpriv_creds = credentials.Credentials()
+        self.unpriv_creds.guess(self.lp_ctx)
+        
self.unpriv_creds.set_username(tests.env_get_var_value('USERNAME_UNPRIV'))
+        
self.unpriv_creds.set_password(tests.env_get_var_value('PASSWORD_UNPRIV'))
+        self.unpriv_creds.set_kerberos_state(credentials.MUST_USE_KERBEROS)
+
+        return self.unpriv_creds
+
+    def tkey_trans(self, creds=None, algorithm_name="gss-tsig",
+                   tkey_req_in_answers=False,
+                   expected_rcode=dns.DNS_RCODE_OK):
         "Do a TKEY transaction and establish a gensec context"
 
         if creds is None:
             creds = self.creds
 
-        self.key_name = "%s.%s" % (uuid.uuid4(), self.get_dns_domain())
+        mech = 'spnego'
+
+        tkey = {}
+        tkey['name'] = "%s.%s" % (uuid.uuid4(), self.get_dns_domain())
+        tkey['creds'] = creds
+        tkey['mech'] = mech
+        tkey['algorithm'] = algorithm_name
 
         p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
-        q = self.make_name_question(self.key_name,
+        q = self.make_name_question(tkey['name'],
                                     dns.DNS_QTYPE_TKEY,
                                     dns.DNS_QCLASS_IN)
         questions = []
@@ -236,30 +309,30 @@ class DNSTKeyTest(DNSTest):
         self.finish_name_packet(p, questions)
 
         r = dns.res_rec()
-        r.name = self.key_name
+        r.name = tkey['name']
         r.rr_type = dns.DNS_QTYPE_TKEY
         r.rr_class = dns.DNS_QCLASS_IN
         r.ttl = 0
         r.length = 0xffff
         rdata = dns.tkey_record()
-        rdata.algorithm = "gss-tsig"
+        rdata.algorithm = algorithm_name
         rdata.inception = int(time.time())
         rdata.expiration = int(time.time()) + 60 * 60
         rdata.mode = dns.DNS_TKEY_MODE_GSSAPI
         rdata.error = 0
         rdata.other_size = 0
 
-        self.g = gensec.Security.start_client(self.settings)
-        self.g.set_credentials(creds)
-        self.g.set_target_service("dns")
-        self.g.set_target_hostname(self.server)
-        self.g.want_feature(gensec.FEATURE_SIGN)
-        self.g.start_mech_by_name("spnego")
+        tkey['gensec'] = gensec.Security.start_client(self.settings)
+        tkey['gensec'].set_credentials(creds)
+        tkey['gensec'].set_target_service("dns")
+        tkey['gensec'].set_target_hostname(self.server)
+        tkey['gensec'].want_feature(gensec.FEATURE_SIGN)
+        tkey['gensec'].start_mech_by_name(tkey['mech'])
 
         finished = False
         client_to_server = b""
 
-        (finished, server_to_client) = self.g.update(client_to_server)
+        (finished, server_to_client) = tkey['gensec'].update(client_to_server)
         self.assertFalse(finished)
 
         data = [x if isinstance(x, int) else ord(x) for x in 
list(server_to_client)]
@@ -268,56 +341,76 @@ class DNSTKeyTest(DNSTest):
         r.rdata = rdata
 
         additional = [r]
-        p.arcount = 1
-        p.additional = additional
+        if tkey_req_in_answers:
+            p.ancount = 1
+            p.answers = additional
+        else:
+            p.arcount = 1
+            p.additional = additional
 
         (response, response_packet) =\
             self.dns_transaction_tcp(p, self.server_ip)
+        if expected_rcode != dns.DNS_RCODE_OK:
+            self.assert_echoed_dns_error(p, response, response_packet, 
expected_rcode)
+            return
         self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
 
         tkey_record = response.answers[0].rdata
         server_to_client = bytes(tkey_record.key_data)
-        (finished, client_to_server) = self.g.update(server_to_client)
+        (finished, client_to_server) = tkey['gensec'].update(server_to_client)
         self.assertTrue(finished)
 
+        self.tkey = tkey
+
         self.verify_packet(response, response_packet)
 
     def verify_packet(self, response, response_packet, request_mac=b""):
+        self.assertEqual(response.arcount, 1)
         self.assertEqual(response.additional[0].rr_type, dns.DNS_QTYPE_TSIG)
 
+        if self.tkey['algorithm'] == "gss-tsig":
+            gss_tsig = True
+        else:
+            gss_tsig = False
+
+        request_mac_len = b""
+        if len(request_mac) > 0 and gss_tsig:
+            request_mac_len = struct.pack('!H', len(request_mac))
+
         tsig_record = response.additional[0].rdata
         mac = bytes(tsig_record.mac)
 
+        self.assertEqual(tsig_record.original_id, response.id)
+        self.assertEqual(tsig_record.mac_size, len(mac))
+
         # Cut off tsig record from dns response packet for MAC verification
         # and reset additional record count.
-        key_name_len = len(self.key_name) + 2
-        tsig_record_len = len(ndr.ndr_pack(tsig_record)) + key_name_len + 10
-
-        # convert str/bytes to a list (of string char or int)
-        # so it can be modified
-        response_packet_list = [x if isinstance(x, int) else ord(x) for x in 
response_packet]
-        del response_packet_list[-tsig_record_len:]
-        response_packet_list[11] = 0
-
-        # convert modified list (of string char or int) to str/bytes
-        response_packet_wo_tsig = bytes(response_packet_list)
+        response_copy = ndr.ndr_deepcopy(response)
+        response_copy.arcount = 0
+        response_packet_wo_tsig = ndr.ndr_pack(response_copy)
 
         fake_tsig = dns.fake_tsig_rec()
-        fake_tsig.name = self.key_name
+        fake_tsig.name = self.tkey['name']
         fake_tsig.rr_class = dns.DNS_QCLASS_ANY
         fake_tsig.ttl = 0
         fake_tsig.time_prefix = tsig_record.time_prefix
         fake_tsig.time = tsig_record.time
         fake_tsig.algorithm_name = tsig_record.algorithm_name
         fake_tsig.fudge = tsig_record.fudge
-        fake_tsig.error = 0
-        fake_tsig.other_size = 0
+        fake_tsig.error = tsig_record.error
+        fake_tsig.other_size = tsig_record.other_size
+        fake_tsig.other_data = tsig_record.other_data


-- 
Samba Shared Repository


Reply via email to