[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  ec95b3042bf tests/krb5: Add RodcPacEncryptionKey type allowing for 
RODC PAC signatures
   via  a562882b151 tests/krb5: Add methods for creating zeroed checksums 
and verifying checksums
   via  419e4061ced tests/krb5: Cache obtained tickets
   via  6193f7433b1 tests/krb5: Return encpart from get_tgt() as part of 
KerberosTicketCreds
   via  59c1043be25 tests/krb5: Move get_tgt() and get_service_ticket() to 
kdc_base_test
   via  035a8f19855 tests/krb5: Allow get_tgt() to specify expected and 
unexpected flags
   via  4ecfa82e71b tests/krb5: Allow get_tgt() to specify different 
kdc-options
   via  2d69805b1e3 tests/krb5: Allow get_tgt() to get tickets from the RODC
   via  5d3a135c232 tests/krb5: Allow get_service_ticket() to get tickets 
from the RODC
   via  7645dfa5bed tests/krb5: Set DN of created accounts to ldb.Dn type
   via  c226029655c tests/krb5: Don't manually create PAC request and 
options in fast_tests
   via  3504e99dc5b tests/krb5: Use PAC buffer type constants from 
krb5pac.idl
   via  a5e62d681d8 tests/krb5: Allow as_req() to specify different 
kdc-options
   via  6403a09d94a tests/krb5: Allow tgs_req() to send requests to the RODC
   via  1a3426da544 tests/krb5: Allow tgs_req() to specify different 
kdc-options
   via  1f0654b8fac tests/krb5: Allow tgs_req() to send additional padata
   via  2a4d53dc12a tests/krb5: Refactor tgs_req() to use 
_generic_kdc_exchange
   via  0061fa2c2a2 tests/krb5: Check correct flags element
   via  a281ae09bcf tests/krb5: Add helper method for modifying PACs
   via  b81f6f3d714 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from 
a gitlab variable)
   via  21a77173590 python/join: Check for correct msDS-KrbTgtLink attribute
   via  cde38d36b98 python: Don't leak file handles
  from  9a24d8e491f lib:cmdline: fix a comment

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ec95b3042bf2649c0600cafb12818c27242b5098
Author: Joseph Sutton 
Date:   Thu Sep 16 17:20:22 2021 +1200

tests/krb5: Add RodcPacEncryptionKey type allowing for RODC PAC signatures

Signatures created by an RODC have an RODCIdentifier appended to them
identifying the RODC's krbtgt account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Sep 21 23:55:39 UTC 2021 on sn-devel-184

commit a562882b15125902c5d89f094b8c9b1150f5d010
Author: Joseph Sutton 
Date:   Thu Sep 16 16:54:57 2021 +1200

tests/krb5: Add methods for creating zeroed checksums and verifying 
checksums

Creating a zeroed checksum is needed for signing a PAC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit 419e4061ced466ec7e5e23f815823b540ef4751c
Author: Joseph Sutton 
Date:   Tue Sep 21 11:51:20 2021 +1200

tests/krb5: Cache obtained tickets

Now tickets obtained with get_tgt() and get_service_ticket() make use of
a cache so they can be reused, unless the 'fresh' parameter is specified
as true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit 6193f7433b15579aa32b26a146287923c9d3844d
Author: Joseph Sutton 
Date:   Tue Sep 21 11:51:05 2021 +1200

tests/krb5: Return encpart from get_tgt() as part of KerberosTicketCreds

The encpart is already contained in ticket_creds, so it no longer needs
to be returned as a separate value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit 59c1043be25b92db75ab5676601cb15426ef37a3
Author: Joseph Sutton 
Date:   Thu Sep 16 13:24:46 2021 +1200

tests/krb5: Move get_tgt() and get_service_ticket() to kdc_base_test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit 035a8f198555ad1eedf8e2e6c565fbbbe4fbe7ce
Author: Joseph Sutton 
Date:   Thu Sep 16 13:14:45 2021 +1200

tests/krb5: Allow get_tgt() to specify expected and unexpected flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton 
Reviewed-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit 4ecfa82e71b0dd5b71aa97973033c5c72257a0c3
Author: Joseph Sutton 
Date:   Thu Sep 16 13:14:06 2021 +1200

tests/krb5: Allow get_tgt() to specify different kdc-options

BUG: 

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  9a24d8e491f lib:cmdline: fix a comment
  from  e50083ceb80 smbd: Update debug messages for failed sharemode release

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9a24d8e491fc5b289c3e25eb448574e035420536
Author: Michael Adam 
Date:   Mon Sep 20 13:27:59 2021 +0200

lib:cmdline: fix a comment

The default log target was changed in 
726ccf1d56b2979c827dd8586d1aeb6cb8de236c
(as a side effect), but the comment was only partially updated.

This patch fixes the comment by completing the orignal change to
correctly reflect current behavior.

Signed-off-by: Michael Adam 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Sep 21 20:28:49 UTC 2021 on sn-devel-184

---

Summary of changes:
 lib/cmdline/cmdline.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 40292a6a332..5dd543f244d 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -67,8 +67,8 @@ bool samba_cmdline_init_common(TALLOC_CTX *mem_ctx)
fault_setup();
 
/*
-* Log to stdout by default.
-* This can be changed to stderr using the option: --debug-stdout
+* Log to stderr by default.
+* This can be changed to stdout using the option: --debug-stdout
 */
setup_logging(getprogname(), DEBUG_DEFAULT_STDERR);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Christof Schmitt]

The branch, master has been updated
   via  e50083ceb80 smbd: Update debug messages for failed sharemode release
   via  0a2b5011459 smbd: Remove return variable for releasing filesystem 
sharemode
   via  fa3f952f3e7 smbd: Rename return variable for requesting filesystem 
sharemode
   via  d8972d92010 smbd: Update comment for durable handles
   via  113f6964d01 VFS: Update tracking documents for renamed function
   via  041dfdfc131 vfs_catia: Rename kernel_flock to filesystem_sharemode
   via  3224eb8fcf7 vfs_default: Rename kernel_flock to filesystem_sharemode
   via  4209e42ab1b vfs_streams_xattr: Rename kernel_flock to 
filesystem_sharemode
   via  b63ee5c7391 vfs_gpfs: Rename kernel_flock to filesystem_sharemode
   via  272fce3cbd5 vfs_time_audit: Fix message for fcntl VFS call
   via  f3bd312ad97 vfs_time_audit: Rename kernel_flock to 
filesystem_sharemode
   via  0bd1df93fc3 vfs_glusterfs: Rename kernel_flock to 
filesystem_sharemode
   via  0ac9dfd2677 vfs_ceph: Rename kernel_flock to filesystem_sharemode
   via  73f04003e3e docs-xml: Update vfs_full_audit manpage for renamed 
function
   via  ad87998ab40 vfs_full_audit: Rename kernel_flock to 
filesystem_sharemode
   via  264440c983a s3: Remove definition of removed kernel_flock function
   via  0ae59ffc499 examples/VFS/skel_opaque: Rename kernel_flock to 
filesystem_sharemode
   via  a2578d9b564 examples/VFS/skel_transparent: Rename kernel_flock to 
filesystem_sharemode
   via  0a26b2386e3 VFS: Increase VFS version for renamed function
   via  c794e773814 VFS: Rename kernel_flock to filesystem_sharemode
   via  f3b5733df76 profile: Remove syscall_kernel_flock profiling
  from  af06d73a756 s3:rpc_server: Do not use the default ncalrpc endpoint 
for external services

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e50083ceb8013288d506ba9224f65deb5e3a38a5
Author: Christof Schmitt 
Date:   Mon Sep 20 15:55:32 2021 -0700

smbd: Update debug messages for failed sharemode release

Use new macros, consistent log level and remove reference to flock.

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Christof Schmitt 
Autobuild-Date(master): Tue Sep 21 19:39:10 UTC 2021 on sn-devel-184

commit 0a2b50114599ed609778eb5add9a9c18126d07a4
Author: Christof Schmitt 
Date:   Mon Sep 20 15:50:08 2021 -0700

smbd: Remove return variable for releasing filesystem sharemode

flock is no longer used, the existing "ret" variable can be used
instead.

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit fa3f952f3e7d27a0977f497ce96ef8484c2f
Author: Christof Schmitt 
Date:   Mon Sep 20 15:46:21 2021 -0700

smbd: Rename return variable for requesting filesystem sharemode

flock is no longer used, rename the variable accordingly.

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit d8972d920106043c8b0a24482174009d68f6faf8
Author: Christof Schmitt 
Date:   Mon Sep 20 15:38:59 2021 -0700

smbd: Update comment for durable handles

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit 113f6964d0168c21dc94aa594f728c175fc294df
Author: Christof Schmitt 
Date:   Mon Sep 20 15:29:22 2021 -0700

VFS: Update tracking documents for renamed function

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit 041dfdfc131e92e6947325a78180d83909e81b8e
Author: Christof Schmitt 
Date:   Mon Sep 20 15:27:07 2021 -0700

vfs_catia: Rename kernel_flock to filesystem_sharemode

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit 3224eb8fcf79b5f2554a6195aeeb313dd25c2de5
Author: Christof Schmitt 
Date:   Mon Sep 20 15:26:19 2021 -0700

vfs_default: Rename kernel_flock to filesystem_sharemode

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit 4209e42ab1b07753c6130a25b52a48bada4d90e9
Author: Christof Schmitt 
Date:   Mon Sep 20 15:25:21 2021 -0700

vfs_streams_xattr: Rename kernel_flock to filesystem_sharemode

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit b63ee5c7391ce683eed46e68a1e2dd47c2b14fd7
Author: Christof Schmitt 
Date:   Mon Sep 20 15:24:33 2021 -0700

vfs_gpfs: Rename kernel_flock to filesystem_sharemode

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit 272fce3cbd5114c190570e4565f8e2f7b16ea3d4
Author: Christof Schmitt 
Date:   Mon Sep 20 15:22:50 2021 -0700

vfs_time_audit: Fix message for fcntl VFS call

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

commit f3bd312ad97521df5f78d784a6abf7b82bc37a90
Author: Christof Schmitt 
Date:   Mon Sep 20 15:22:06 2021 -0700

vfs_time_audit: Rename kernel_flock to 

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  af06d73a756 s3:rpc_server: Do not use the default ncalrpc endpoint 
for external services
   via  9c8521848bb librpc:core: Add a function to register an interface 
passing the binding handle
   via  99bf0c1b264 pidl:NDR/ServerCompat.pm: Do not register disabled 
services
  from  b09efc8b8b9 lib: Move closefrom_except*() to a separate file

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit af06d73a7563f6a7dec7653b7de1748de099b051
Author: Samuel Cabrero 
Date:   Mon Aug 23 14:27:49 2021 +0200

s3:rpc_server: Do not use the default ncalrpc endpoint for external services

In samba3 it is possible to run some services externally, for example:

rpc_daemon:lsasd = fork
rpc_server:netlogon = disabled
rpc_server:samr = external
rpc_server:lsarpc = external

The external services running in separate processes have to use its own
dedicated ncalrpc endpoint, otherwise will race with main smbd serving the
embedded services to accept connections on ncalrpc default socket. If the
connection ends in an external process and the client tries to bind to an
interface not registered there (like winreg for example) the bind will fail.

Signed-off-by: Samuel Cabrero 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Tue Sep 21 11:00:01 UTC 2021 on sn-devel-184

commit 9c8521848bb5fedb3501d03e564a759d8709f418
Author: Samuel Cabrero 
Date:   Thu Aug 19 12:52:04 2021 +0200

librpc:core: Add a function to register an interface passing the binding 
handle

Signed-off-by: Samuel Cabrero 
Reviewed-by: Volker Lendecke 

commit 99bf0c1b2649f74a3199c59bbc16c6e604ff4e79
Author: Samuel Cabrero 
Date:   Mon Aug 23 14:23:58 2021 +0200

pidl:NDR/ServerCompat.pm: Do not register disabled services

In samba3 it is possible to disable RPC services, for exapmle:

rpc_server:netlogon = disabled

If a service is disabled do not register the interface neither create its
endpoint.

Signed-off-by: Samuel Cabrero 
Reviewed-by: Volker Lendecke 

---

Summary of changes:
 librpc/rpc/dcesrv_core.c   | 80 +-
 librpc/rpc/dcesrv_core.h   |  5 ++
 pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 62 +++-
 selftest/knownfail | 19 +-
 source3/rpc_server/rpc_ncacn_np.c  | 24 +++-
 source3/winbindd/winbindd_dual_ndr.c   | 10 
 6 files changed, 169 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index b75336d0a85..6a2e0c25e7f 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -176,11 +176,47 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct 
dcesrv_context *dce_ctx,
   const char *ncacn_np_secondary_endpoint,
   const struct dcesrv_interface *iface,
   const struct security_descriptor *sd)
+{
+   struct dcerpc_binding *binding = NULL;
+   struct dcerpc_binding *binding2 = NULL;
+   NTSTATUS ret;
+
+   ret = dcerpc_parse_binding(dce_ctx, ep_name, );
+   if (NT_STATUS_IS_ERR(ret)) {
+   DBG_ERR("Trouble parsing binding string '%s'\n", ep_name);
+   goto out;
+   }
+
+   if (ncacn_np_secondary_endpoint != NULL) {
+   ret = dcerpc_parse_binding(dce_ctx,
+  ncacn_np_secondary_endpoint,
+  );
+   if (NT_STATUS_IS_ERR(ret)) {
+   DBG_ERR("Trouble parsing 2nd binding string '%s'\n",
+   ncacn_np_secondary_endpoint);
+   goto out;
+   }
+   }
+
+   ret = dcesrv_interface_register_b(dce_ctx,
+ binding,
+ binding2,
+ iface,
+ sd);
+out:
+   TALLOC_FREE(binding);
+   TALLOC_FREE(binding2);
+   return ret;
+}
+
+_PUBLIC_ NTSTATUS dcesrv_interface_register_b(struct dcesrv_context *dce_ctx,
+   struct dcerpc_binding *binding,
+   struct dcerpc_binding *binding2,
+   const struct dcesrv_interface *iface,
+   const struct security_descriptor *sd)
 {
struct dcesrv_endpoint *ep;
struct dcesrv_if_list *ifl;
-   struct dcerpc_binding *binding;
-   struct dcerpc_binding *binding2 =