[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0685954 pam_winbind: avoid non-literal-format warning from 1da1720 vfs_fruit: proper VFS-stackable conversion of FinderInfo https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 06859547f0b2a4cd1792599526184042d60d4fb0 Author: Uri Simchoni Date: Sun Nov 19 13:14:14 2017 + pam_winbind: avoid non-literal-format warning Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144 --- Summary of changes: nsswitch/pam_winbind.c | 24 +++- 1 file changed, 19 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 3723b17..e14fcfe 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -174,6 +174,10 @@ static inline void textdomain_init(void) /* some syslogging */ +static void _pam_log_int(const pam_handle_t *pamh, +int err, +const char *format, +va_list args) PRINTF_ATTRIBUTE(3, 0); #ifdef HAVE_PAM_VSYSLOG static void _pam_log_int(const pam_handle_t *pamh, @@ -189,21 +193,26 @@ static void _pam_log_int(const pam_handle_t *pamh, const char *format, va_list args) { - char *format2 = NULL; + char *base = NULL; + va_list args2; const char *service; int ret; + va_copy(args2, args); + pam_get_item(pamh, PAM_SERVICE, (const void **) &service); - ret = asprintf(&format2, "%s(%s): %s", MODULE_NAME, service, format); + ret = vasprintf(&base, format, args); if (ret == -1) { /* what else todo ? */ - vsyslog(err, format, args); + vsyslog(err, format, args2); + va_end(args2); return; } - vsyslog(err, format2, args); - SAFE_FREE(format2); + syslog(err, "%s(%s): %s", MODULE_NAME, service, base); + SAFE_FREE(base); + va_end(args2); } #endif /* HAVE_PAM_VSYSLOG */ @@ -714,6 +723,11 @@ static int _make_remark(struct pwb_context *ctx, static int _make_remark_v(struct pwb_context *ctx, int type, const char *format, + va_list args) PRINTF_ATTRIBUTE(3, 0); + +static int _make_remark_v(struct pwb_context *ctx, + int type, + const char *format, va_list args) { char *var; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via 3af01bd libnet_join: fix "net rpc oldjoin" via b9d0fce s3:selftest: add samba3.blackbox.net_rpc_oldjoin test from eea9b63 ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit 3af01bd9c80624889dec2bed1016fd4baa4cde4b Author: Stefan Metzmacher Date: Thu Nov 16 21:09:20 2017 + libnet_join: fix "net rpc oldjoin" We need to open the ncacn_np (smb) transport connection with anonymous credentials. In order to do netr_ServerPasswordSet*() we need to establish a 2nd netlogon connection using dcerpc schannel authentication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (similar to commit d27f38d35bf111a5c0a898a5ef8b7dd0b320da0d) Autobuild-User(v4-6-test): Karolin Seeger Autobuild-Date(v4-6-test): Wed Nov 29 12:59:34 CET 2017 on sn-devel-144 commit b9d0fce671883cabf1eb32fbc200ff31f1ad0ed4 Author: Stefan Metzmacher Date: Fri Nov 17 15:51:36 2017 +0100 s3:selftest: add samba3.blackbox.net_rpc_oldjoin test This demonstrates that "net rpc oldjoin" is currently broken. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 9466796c87cc4ca8d32da553421cd8ecef1bb8e4) --- Summary of changes: source3/libnet/libnet_join.c | 94 +--- source3/script/tests/test_net_rpc_oldjoin.sh | 32 ++ source3/selftest/tests.py| 4 ++ 3 files changed, 108 insertions(+), 22 deletions(-) create mode 100755 source3/script/tests/test_net_rpc_oldjoin.sh Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 591c177..903c93b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1044,12 +1044,23 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status, result; union lsa_PolicyInformation *info = NULL; struct dcerpc_binding_handle *b; + const char *account = r->in.admin_account; + const char *domain = r->in.admin_domain; + const char *password = r->in.admin_password; + bool use_kerberos = r->in.use_kerberos; + + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) { + account = ""; + domain = ""; + password = NULL; + use_kerberos = false; + } status = libnet_join_connect_dc_ipc(r->in.dc_name, - r->in.admin_account, - r->in.admin_domain, - r->in.admin_password, - r->in.use_kerberos, + account, + domain, + password, + use_kerberos, cli); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -1121,16 +1132,19 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, struct cli_state *cli) { TALLOC_CTX *frame = talloc_stackframe(); - struct rpc_pipe_client *netlogon_pipe = NULL; + struct rpc_pipe_client *authenticate_pipe = NULL; + struct rpc_pipe_client *passwordset_pipe = NULL; struct netlogon_creds_cli_context *netlogon_creds = NULL; - struct samr_Password current_nt_hash; + struct cli_credentials *cli_creds = NULL; + struct netlogon_creds_CredentialState *creds = NULL; + uint32_t netlogon_flags = 0; size_t len = 0; bool ok; DATA_BLOB new_trust_blob = data_blob_null; NTSTATUS status; status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, - &netlogon_pipe); + &authenticate_pipe); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; @@ -1148,31 +1162,67 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, } } + cli_creds = cli_credentials_init(talloc_tos()); + if (cli_creds == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_username(cli_creds, r->out.account_name, +CRED_SPECIFIED); + cli_credentials_set_domain(cl
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 00dfe4c repl_meta_data: Fix removing of backlink on deleted objects via f2c4754 repl_meta_data: Allow delete of an object with dangling backlinks via fe3ae81 selftest: Add more corruption cases for runtime and dbcheck via 09a311c selftest: add dbcheck tests for duplicate links via ece46f7 dbcheck: detect and fix duplicate links via c1860d1 dbcheck: only calculate linked attribute helper variables once in check_dn() via 7b67da4 dbcheck: remove indentation level via 27cdadf dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control via aafcb73 dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control via f0920ea s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid via 67270b3 s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated via ee05047 selftest: Additional check for a backlink pointing at a deleted object via df23dc8 selftest: Split out creation of complex (often invalid) links via 505936a selftest: Split out dbcheck runs from dangling_multi_valued test via 74688a2 selftest: add more dbcheck tests via 68bf275 dbcheck: Use the GUID as the DN to fix replPropertyMetaData via b7c9edb dbcheck: Clarify error count bumping in deleted/gone DN handling via ed4189f selftest: sort dbcheck output to avoid sort order impacting results via 45911b0 dbcheck: Allow removal of one-way links to missing objects via e90e3d7 systemd: Start processes in forground and without a process group from fe6da67 libnet_join: fix "net rpc oldjoin" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit 00dfe4cf9818abdc50da034fd931e29bc871b10c Author: Andrej Gessel Date: Thu Oct 19 17:16:37 2017 +0200 repl_meta_data: Fix removing of backlink on deleted objects USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends with error below. Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421 8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1 179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_ search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092 3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120 Signed-off-by: Andrej Gessel Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 40bd7e145a68c9a58d6bc3c5526a12fdf0027729) Autobuild-User(v4-7-test): Karolin Seeger Autobuild-Date(v4-7-test): Wed Nov 29 13:43:37 CET 2017 on sn-devel-144 commit f2c47544dc8fd42680b1f90bc962e57fe915de45 Author: Andrew Bartlett Date: Wed Nov 1 08:22:22 2017 +1300 repl_meta_data: Allow delete of an object with dangling backlinks This should not happen, but stopping all replication because of it is a pain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144 (cherry picked from commit 6cf7abbcfdad84fee57852862ebe44aa6115ca25) commit fe3ae81cd9a5cf263da9cb373d07ebad4541727b Author: Andrew Bartlett Date: Wed Nov 1 09:02:01 2017 +1300 selftest: Add more corruption cases for runtime and dbcheck These tests now confirm we can handle these issues at runtime as well as at dbcheck Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 4815efc0e3f89079e7c9b868b7514ea7c49a807c) commit 09a311caa602265b18067d8cd155e91f33918b1a Author: Stefan Metzmacher Date: Thu Oct 26 14:42:23 2017 +0200 selftest: add dbcheck tests for duplicate links BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Pair-Programmed-With: Andrew Bartlett Signed-off-by: Stefan Metzmacher Signed-off-by: Andrew Bartlett (cherry picked from commit 70bf809e0cdf84029022ca95fb83d17a0d6e36c0) commit ece46f7278ed2633167d01f483cdb44858d0dd51 Author: Stefan Metzmacher Date: Fri Oct 27 10:21:26 2017 +0200 dbcheck: detect and fix duplicate links Check with git show -w BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 239fbeb163c24b0f08e1bd9d8f7a9f73443d4b90) commit c1860d169cb60a1d4e40800ad6e87e81fa24fcac Author: Stefa
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3e43f80 Replace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanumeric sort order. via 8034b88 Add vfs_zfsacl manpage to the list of manpages if we have this module enabled. via e9e4cd4 Fix typo in the "wide links" description for the getwd cache. from 0685954 pam_winbind: avoid non-literal-format warning https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3e43f80ad1f0ce2f0a807da64d1f5e8bd6512526 Author: Timur I. Bakeyev Date: Wed Nov 29 06:40:10 2017 +0100 Replace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanumeric sort order. Signed-off-by: Timur I. Bakeyev Reviewed-by: Volker Lendecke Reviewed-by: Uri Simchoni Autobuild-User(master): Uri Simchoni Autobuild-Date(master): Wed Nov 29 16:58:32 CET 2017 on sn-devel-144 commit 8034b88d4e771663c4b7b581fb6b1992c33d5d96 Author: Timur I. Bakeyev Date: Wed Nov 29 06:35:37 2017 +0100 Add vfs_zfsacl manpage to the list of manpages if we have this module enabled. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934 Signed-off-by: Timur I. Bakeyev Reviewed-by: Volker Lendecke Reviewed-by: Uri Simchoni commit e9e4cd4d2b6ae376cba90fdb56b9c9684f2dc492 Author: Timur I. Bakeyev Date: Wed Nov 29 05:48:52 2017 +0100 Fix typo in the "wide links" description for the getwd cache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934 Signed-off-by: Timur I. Bakeyev Reviewed-by: Volker Lendecke Reviewed-by: Uri Simchoni --- Summary of changes: docs-xml/smbdotconf/tuning/getwdcache.xml | 2 +- docs-xml/wscript_build| 23 +-- 2 files changed, 14 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/tuning/getwdcache.xml b/docs-xml/smbdotconf/tuning/getwdcache.xml index 93f7a90..ec4d9ed 100644 --- a/docs-xml/smbdotconf/tuning/getwdcache.xml +++ b/docs-xml/smbdotconf/tuning/getwdcache.xml @@ -6,7 +6,7 @@ This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially -when the parameter is set to no. +when the parameter is set to no. yes diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build index 0bd08d1..f586208 100644 --- a/docs-xml/wscript_build +++ b/docs-xml/wscript_build @@ -6,9 +6,6 @@ manpages=''' manpages/dbwrap_tool.1 manpages/eventlogadm.8 manpages/findsmb.1 - manpages/libsmbclient.7 - manpages/lmhosts.5 - manpages/log2pcap.1 manpages/idmap_ad.8 manpages/idmap_autorid.8 manpages/idmap_hash.8 @@ -19,6 +16,9 @@ manpages=''' manpages/idmap_script.8 manpages/idmap_tdb.8 manpages/idmap_tdb2.8 + manpages/libsmbclient.7 + manpages/lmhosts.5 + manpages/log2pcap.1 manpages/mvxattr.1 manpages/net.8 manpages/nmbd.8 @@ -27,10 +27,10 @@ manpages=''' manpages/pdbedit.8 manpages/profiles.1 manpages/rpcclient.1 + manpages/samba-regedit.8 + manpages/samba-tool.8 manpages/samba.7 manpages/samba.8 - manpages/samba-tool.8 - manpages/samba-regedit.8 manpages/sharesec.1 manpages/smbcacls.1 manpages/smbclient.1 @@ -41,20 +41,20 @@ manpages=''' manpages/smbgetrc.5 manpages/smbpasswd.5 manpages/smbpasswd.8 - manpages/smbspool.8 manpages/smbspool_krb5_wrapper.8 + manpages/smbspool.8 manpages/smbstatus.1 manpages/smbtar.1 manpages/smbtree.1 manpages/testparm.1 - manpages/traffic_replay.7 manpages/traffic_learner.7 + manpages/traffic_replay.7 manpages/vfs_acl_tdb.8 manpages/vfs_acl_xattr.8 manpages/vfs_aio_fork.8 manpages/vfs_aio_pthread.8 manpages/vfs_audit.8 -manpages/vfs_btrfs.8 + manpages/vfs_btrfs.8 manpages/vfs_cacheprime.8 manpages/vfs_cap.8 manpages/vfs_catia.8 @@ -82,8 +82,8 @@ manpages=''' manpages/vfs_recycle.8 manpages/vfs_shadow_copy.8 manpages/vfs_shadow_copy2.8 -manpages/vfs_shell_snap.8 -manpages/vfs_snapper.8 + manpages/vfs_shell_snap.8 + manpages/vfs_snapper.8 manpages/vfs_streams_depot.8 manpages/vfs_streams_xattr.8 manpages/vfs_syncops.8 @@ -160,3 +160,6 @@ if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']): if bld.CONFIG_SET('
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 926b8be winbindd: Name<->SID cache is not sequence number based anymore via 8050613 winbindd: Move name<->sid cache to gencache via 650f29e winbindd: Factor out winbindd_domain_init_backend from get_cache() via 9789dbd torture3: Test namemap_cache via 19afcd0 net: Parse namemap_cache in "net cache list" via 3e556bf lib: Add namemap_cache via 089cb9e lib: Pass blob instead of &blob to gencache_set_data_blob via 71e255f lib: Allow parsing a strv from a non-talloc const buf via 8e824ad lib: Only call strlen if necessary in strv via 805ae8a lib: Pass in "strv_len" to strv_valid_entry via 2f8055f dbwrap_watch: Remove the "prec" parameter from watch_recv via 4e86c32 smbd: Avoid using dbwrap_watched_watch_recv's prec argument via 1ce165a winbindd: let normalize_name_map() call find_domain_from_name_noinit() via 96b44e9 s3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon() via a8e0bdc winbindd: restore SEC_CHAN_NULL fallback in cm_connect_netlogon_transport from 3e43f80 Replace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanumeric sort order. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 926b8be2cdee06cd25d567403d9fdd07b67ac5b5 Author: Volker Lendecke Date: Tue Aug 8 14:24:27 2017 +0200 winbindd: Name<->SID cache is not sequence number based anymore Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 29 20:57:25 CET 2017 on sn-devel-144 commit 80506136cc41b81ff166a108d087e9aede4e5d97 Author: Volker Lendecke Date: Sun Aug 6 18:13:10 2017 +0200 winbindd: Move name<->sid cache to gencache The mapping from name to sid and vice versa has nothing to do with a specific domain. It is publically available. Thus put it into gencache without referring to the domain this was retrieved from Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 650f29e2f35bdfa5f96cf13462528e933e8ecf35 Author: Volker Lendecke Date: Sun Aug 6 18:11:02 2017 +0200 winbindd: Factor out winbindd_domain_init_backend from get_cache() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 9789dbd75c874b404a74c51fd0d82d5623a0f869 Author: Volker Lendecke Date: Thu Aug 3 16:26:25 2017 +0200 torture3: Test namemap_cache Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 19afcd0e816f096fd17cf624f21d2d6f9c5f8d05 Author: Volker Lendecke Date: Thu Aug 3 16:26:04 2017 +0200 net: Parse namemap_cache in "net cache list" namemap_cache.c saves these as strv lists: An array of 0-terminated strings. "net cache list" only printfs the values, so they would be cut off. We might want to do this with other gencache values too in the future. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 3e556bf3703504625f0707f7f87a478c41bafede Author: Volker Lendecke Date: Wed Aug 2 18:11:49 2017 +0200 lib: Add namemap_cache A few functions to maintain lookupname and lookupsid cache in gencache. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 089cb9e24c47ccff492865bae9f7b895b78c5d02 Author: Volker Lendecke Date: Wed Aug 2 17:52:40 2017 +0200 lib: Pass blob instead of &blob to gencache_set_data_blob Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller does not have to create a separate variable. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 71e255fd3d2beb0a2fcb2ff39014a668dd724c13 Author: Volker Lendecke Date: Wed Aug 2 17:34:25 2017 +0200 lib: Allow parsing a strv from a non-talloc const buf This will allow parsing a tdb record without having to talloc_memdup it Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 8e824ad69700412cedeb758029fdad4d1b5c6bbe Author: Volker Lendecke Date: Wed Aug 2 17:32:50 2017 +0200 lib: Only call strlen if necessary in strv Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 805ae8a4f1fe61cb44000c2967f61e3bffa08eca Author: Volker Lendecke Date: Wed Aug 2 17:22:34 2017 +0200 lib: Pass in "strv_len" to strv_valid_entry Preparation for a later commit Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 2f8055f676a52b01a609611bbc3361442bb81a9b Author: Volker Lendecke Date: Sat Jul 1 08:27:57 2017 +0200 dbwrap_watch: Remove the "prec" parameter from watch_recv The initial idea was to have some "atomicity" in this API. Every caller interested in a record would have to do something with it
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9f9c5d3 testprogs: Fix a typo in the net ads test via 4be05c8 testprogs: Test net ads keytab list via 3048ae3 s3:libads: net ads keytab list fails with "Key table name malformed" from 926b8be winbindd: Name<->SID cache is not sequence number based anymore https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9f9c5d33c434b192d38a9758067fb0513041c0f0 Author: Noel Power Date: Wed Nov 29 13:52:32 2017 +0100 testprogs: Fix a typo in the net ads test Signed-off-by: Noel Power Reviewed-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Nov 30 01:47:24 CET 2017 on sn-devel-144 commit 4be05c835e9d8b8f13856d592aaf42b40ce397c2 Author: Noel Power Date: Fri Nov 24 07:06:27 2017 + testprogs: Test net ads keytab list Test that correct keytab is picked up. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166 Signed-off-by: Noel Power Reviewed-by: Andreas Schneider Reviewed-by: Ralph Boehme commit 3048ae318fc8b4d1b7663826972306372430a463 Author: Noel Power Date: Thu Nov 23 15:55:21 2017 + s3:libads: net ads keytab list fails with "Key table name malformed" When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open instead, this function will determine the correct keytab to use. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166 Signed-off-by: Noel Power Reviewed-by: Andreas Schneider Reviewed-by: Ralph Boehme --- Summary of changes: source3/libads/kerberos_keytab.c | 6 +- testprogs/blackbox/test_net_ads.sh | 15 ++- 2 files changed, 19 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index ff12ec0..ffd100c 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -639,7 +639,11 @@ int ads_keytab_list(const char *keytab_name) return ret; } - ret = smb_krb5_kt_open(context, keytab_name, False, &keytab); + if (keytab_name == NULL) { + ret = ads_keytab_open(context, &keytab); + } else { + ret = smb_krb5_kt_open(context, keytab_name, False, &keytab); + } if (ret) { DEBUG(1, ("smb_krb5_kt_open failed (%s)\n", error_message(ret))); diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh index bbd99b6..16f77f5 100755 --- a/testprogs/blackbox/test_net_ads.sh +++ b/testprogs/blackbox/test_net_ads.sh @@ -39,13 +39,26 @@ testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || fail # Test with kerberos method = secrets and keytab dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab" -testit "join (decicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` +testit "join (dedicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1` testit "changetrustpw (dedicated keytab)" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1` testit "leave (dedicated keytab)" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` + +# if there is no keytab, try and create it +if [ ! -f $dedicated_keytab_file ]; then + if [ $(command -v ktutil) >/dev/null ]; then +printf "addent -password -p $DC_USERNAME@$REALM -k 1 -e rc4-hmac\n$DC_PASSWORD\nwkt $dedicated_keytab_file\n" | ktutil + fi +fi + +if [ -f $dedicated_keytab_file ]; then + testit "keytab list (dedicated keytab)" $VALGRIND $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` + testit "keytab list keytab specified on cmdline" $VALGRIND $net_tool ads keytab list $dedicated_keytab_file || failed=`expr $failed + 1` +fi + rm -f $dedicated_keytab_file testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1` -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5c8032b s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(). from 9f9c5d3 testprogs: Fix a typo in the net ads test https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787 Author: Jeremy Allison Date: Wed Nov 29 09:21:30 2017 -0800 s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(). cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which frees req, then uses the state pointer which was owned by req. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144 --- Summary of changes: source3/libsmb/cli_smb2_fnum.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index 628b17b..78f61fb 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req) { struct cli_smb2_close_fnum_state *state = tevent_req_data( req, struct cli_smb2_close_fnum_state); - NTSTATUS status = tevent_req_simple_recv_ntstatus(req); - state->cli->raw_status = status; + NTSTATUS status = NT_STATUS_OK; + + if (tevent_req_is_nterror(req, &status)) { + state->cli->raw_status = status; + } + tevent_req_received(req); return status; } -- Samba Shared Repository