[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1d3e118f6f2 s3: smbspool. Remove last use of 'extern char **environ;'. via f6adfefbbb4 krb5: Fix PAC signature leak affecting KDC via 02fa69c6c73 s4:kdc: Check ticket signature via 3bdce12789a heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function via 28a5a586c8e s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows via 91e684f5dcb kdc: correctly generate PAC TGS signature via 75d1a7cd14b kdc: use ticket client name when signing PAC via db30b71f798 kdc: only set HDB_F_GET_KRBTGT when requesting TGS principal via d6a472e9535 krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails via 2773379603a krb5: rework PAC validation loop via 2d09de5c41e krb5: allow NULL parameter to krb5_pac_free() via d7b03394a90 kdc: sign ticket using Windows PAC via ccabc7f16cc kdc: remove KRB5SignedPath, to be replaced with PAC via d5002c34ce1 s4/torture: Expect ticket checksum PAC buffer via c14c61748b5 s4:kdc: Fix debugging messages via 7149eeaceb4 s4:kdc: Simplify samba_kdc_update_pac_blob() to take ldb_context as parameter via 3dede18c5a1 tests/krb5: Fix duplicate account creation via 3948701f1d0 tests/krb5: Allow bypassing cache when creating accounts via 1a08399cd81 tests/krb5: Don't include empty AD-IF-RELEVANT via 56ccdba54e0 tests/krb5: Add constrained delegation tests via d86eee2fd0f tests/krb5: Verify tickets obtained with get_service_ticket() via bf632217229 tests/krb5: Require ticket checksums if decryption key is available via ae2c57fb033 tests/krb5: Add TKT_SIG_SUPPORT environment variable via 40e5db4aabc selftest/dbcheck: Fix up RODC one-way links via ebe72978680 tests/krb5: Fix sha1 checksum type via 5233f002000 tests/krb5: Provide clearer assertion messages for test failures via dfd613661ee tests/krb5: Disable debugging output for tests via cf3ca6ac456 tests/krb5: Simplify padata checking via e7c39cc44f2 tests/krb5: Check logon name in PAC via bd22dcd9cc4 tests/krb5: Check padata types when STRICT_CHECKING=0 via 238f52bad81 tests/krb5: Add environment variable to specify KDC FAST support via 72265227e9c tests/krb5: Fix padata checking at functional level 2003 via ee2b7e2c77f tests/krb5: Clarify checksum type assertion message via 687c8f94c68 tests/krb5: Use correct principal name type via ec4b264bdf9 tests/krb5: Add compatability tests for ticket checksums via ef24fe982d7 tests/krb5: Add parameter to enforce presence of ticket checksums via 248249dc0ac tests/krb5: Supply supported account enctypes in tgs_req() via 34020766bb7 tests/krb5: Allow specifying options and expected flags when obtaining a ticket via bb58b4b58c6 tests/krb5: Save account SPN via 0e232fa1c9e tests/krb5: Check constrained delegation PAC buffer via aa2e583fdea tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1 via 8e1efd8bd3b heimdal:kdc: Only check for default salt for des-cbc-crc enctype via 7cfc225b549 tests/krb5: Add expect_claims parameter to kdc_exchange_dict via ab92dc16d20 tests/krb5: Fix checking for presence of error data via 7fba83c6c63 tests/krb5: Remove unneeded parameters from ticket cache key via 788b3a29eea tests/krb5: Fix assertElementFlags() via 8f6d369d709 tests/krb5: Make expected_sname checking more explicit via 012b6fcd197 tests/krb5: Fix status code checking via a4bc712ee02 tests/krb5: Fix handling authdata with missing PAC via dcf45a151a1 tests/krb5: Allow excluding the PAC server checksum via a927cecafdd tests/krb5: Fix checksum generation and verification via ae09219c3a1 tests/krb5: Fix method for creating invalid length zeroed checksum via 9d142dc3a45 tests/krb5: Introduce helper method for creating invalid length checksums via cda50b5c505 tests/krb5: Add assertion to make failures clearer via bba8cb8dce1 tests/krb5: Allow created accounts to use resource-based constrained delegation via 31817c383c2 tests/krb5: Rename allowed_to_delegate_to parameter for clarity via 1fd00135fa4 tests/krb5: Fix PA-PAC-OPTIONS checking via 6f1282e8d34 tests/krb5: Fix sending PA-PAC-OPTIONS and PA-PAC-REQUEST via ce433ff868d tests/krb5: Allow for missing msDS-KeyVersionNumber attribute via 8e4b2159083 tests/krb5: Remove unused parameter via d501ddca3b7 tests/krb5: Rename method parameter from a9a3555b430 debug: Optimise construction of msg_no_nl https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1d3e118f6f2274a67cdb8141dc8dade0c571c8f5 Author: Jeremy Allison
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a9a3555b430 debug: Optimise construction of msg_no_nl via 62fd771aea4 debug: Move msg_no_nl to state via cb70eea0536 debug: Optimise early return when header string buffer is full via c5061ebe214 debug: Optimise to avoid walking the header string via ee17f5306c3 debug: Optimise construction of header_str_no_nl via 8cdd20c70a1 debug: Rename variable for consistency via 24dc8c5d2b8 debug: Push message length argument down to backend log functions via 3085a7d317d debug: Add length argument to Debug1() via 9f8be709c49 debug: Avoid debug header being separated from debug text via 10f68148a97 debug: Factor out function copy_no_nl() via 0e59375ac5b debug: Add a level of indirection to ring buffer logging via fb29a8ebcd0 debug: Move header_str and hs_len to state from 71cef2fa1dd docs: document new Spotlight Elasticsearch options https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a9a3555b43075c46e2051e6c1ef80762a0a19120 Author: Martin Schwenke Date: Thu Oct 14 11:08:38 2021 +1100 debug: Optimise construction of msg_no_nl If it isn't used then it isn't copied. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Oct 14 11:10:40 UTC 2021 on sn-devel-184 commit 62fd771aea4bfb9f3042c80207e9800b74a43f75 Author: Martin Schwenke Date: Thu Oct 14 11:00:20 2021 +1100 debug: Move msg_no_nl to state This enables an optimisation. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit cb70eea0536a33583cd57e8dd416bfc2e37fe9d2 Author: Martin Schwenke Date: Wed Oct 13 20:40:34 2021 +1100 debug: Optimise early return when header string buffer is full The existing check is for truncation, not whether the buffer is full. However, if the buffer is full (i.e. hs_len == sizeof(header_str) - 1) then there's no use trying subsequent snprintf() calls because there will be one byte available that already contains the NUL-terminator. A subsequent call will just do a no-op truncation. Check for full buffer instead. This might be confusing because it isn't the standard check that is done after snprintf() calls. Is it worth it for a rare corner case? Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit c5061ebe2146b6e8257205a4ad9ba69d1caa4c7d Author: Martin Schwenke Date: Wed Oct 13 12:06:13 2021 +1100 debug: Optimise to avoid walking the header string strlcat() needs to walk to the end of its first argument. However, but the length of state.header_str is already known, so optimise by manually appending the extra characters if they will fit. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit ee17f5306c3db1b6d950a9ea7d1787cac96a6d9d Author: Martin Schwenke Date: Thu Sep 23 18:13:30 2021 +1000 debug: Optimise construction of header_str_no_nl If it isn't used then it isn't copied. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit 8cdd20c70a17e6ee8e7ca41e4c38763f41d158b4 Author: Martin Schwenke Date: Wed Oct 6 23:02:10 2021 +1100 debug: Rename variable for consistency Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit 24dc8c5d2b809fefcb27abcb0aba7a1de5a55630 Author: Martin Schwenke Date: Fri Dec 2 16:37:47 2016 +1100 debug: Push message length argument down to backend log functions Optimise because length is now available. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit 3085a7d317dd4ce338a5265312c57ed389391786 Author: Martin Schwenke Date: Fri Dec 2 16:29:56 2016 +1100 debug: Add length argument to Debug1() This the first step in avoiding potentially repeated length calculations in the backends. The length is known at call time for most usual callers, so pass it down. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke commit 9f8be709c4951f2af8797f17c6b861ea6fa4 Author: Martin Schwenke Date: Sat Dec 3 12:27:47 2016 +1100 debug: Avoid debug header being separated from debug text Currently the file backend can produce something like: HEADER1 HEADER2 TEXT2 TEXT1 when different processes try to log at the same time. Avoid this by writing the header and text at the same time using writev(). This means that the header always has to be written by the backend, so update all backends to do this. The non-file backends should behave as before when they were invoked separately to render the header. It might be possible to optimise some of them (e.g. via
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 71cef2fa1dd docs: document new Spotlight Elasticsearch options via 8e3372eceab mdssvc: add options to allow ignoring attribute and type mapping errors via c6743237891 mdssvc: prepare for ignore attribute and type mapping errors via 232146775bb selftest: add a test ignored spotlight/elasticsearch mapping failures from 8ab0238abd1 .gitlab-ci: Avoid duplicate CI on all merge requests https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 71cef2fa1ddbe05d29e7ce571a35888ef4663b22 Author: Ralph Boehme Date: Wed Oct 13 19:16:10 2021 +0200 docs: document new Spotlight Elasticsearch options elasticsearch:ignore unknown attribute = yes | no (default: no) elasticsearch:ignore unknown type = yes | no (default: no) Signed-off-by: Ralph Boehme Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Thu Oct 14 10:20:27 UTC 2021 on sn-devel-184 commit 8e3372eceab1bc7ad8ac813b12d654c979e20769 Author: Ralph Boehme Date: Sat Oct 9 18:51:14 2021 +0200 mdssvc: add options to allow ignoring attribute and type mapping errors This adds two options that are used by the Spotlight query parser to optionally ignore unknown attributes or types in a query. elasticsearch:ignore unknown attribute = yes | no (default: no) elasticsearch:ignore unknown type = yes | no (default: no) Example Spotlight query with unknown attributes and type: kMDItemContentType=="public.calendar-event"||kMDItemSubject=="Kalender*"cdw|| kMDItemTitle=="Kalender*"cdw||kMDItemTopic=="Kalender*"cdw|| kMDItemTextContent=="Kalender*"cd||*=="Kalender*"cdw|| kMDItemTextContent=="Kalender*"cdw The unknown attributes are "kMDItemTopic" and "kMDItemSubject". The unkown type is "public.calendar-event". Currently the parser will outright fail to parse the query and the search will enter an error state. To give users some control over the mapping the above options can be used to tell the parser to simply ignore such unknown attributes and types. (meta.title:Kalender* OR content:Kalender* OR Kalender* OR content:Kalender*) Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit c67432378910691456f1deec3d5a8a73a6080887 Author: Ralph Boehme Date: Sat Oct 9 18:50:02 2021 +0200 mdssvc: prepare for ignore attribute and type mapping errors Lower the debug levels to debug from error. No change in behaviour. Signed-off-by: Ralph Boehme Reviewed-by: Noel Power commit 232146775bb00769a3c208441ad0fa28bfe7f42f Author: Ralph Boehme Date: Sat Oct 9 16:44:25 2021 +0200 selftest: add a test ignored spotlight/elasticsearch mapping failures Signed-off-by: Ralph Boehme Reviewed-by: Noel Power --- Summary of changes: .../misc/elasticsearchignoreunknownattribute.xml | 19 .../misc/elasticsearchignoreunknowntype.xml| 19 selftest/tests.py | 6 ++ source3/rpc_server/mdssvc/es_mapping.c | 2 +- source3/rpc_server/mdssvc/es_parser.y | 102 - source3/rpc_server/mdssvc/test_mdsparser_es.c | 54 +++ 6 files changed, 180 insertions(+), 22 deletions(-) create mode 100644 docs-xml/smbdotconf/misc/elasticsearchignoreunknownattribute.xml create mode 100644 docs-xml/smbdotconf/misc/elasticsearchignoreunknowntype.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/misc/elasticsearchignoreunknownattribute.xml b/docs-xml/smbdotconf/misc/elasticsearchignoreunknownattribute.xml new file mode 100644 index 000..86368d30e58 --- /dev/null +++ b/docs-xml/smbdotconf/misc/elasticsearchignoreunknownattribute.xml @@ -0,0 +1,19 @@ +http://www.samba.org/samba/DTD/samba-doc;> + + + Ignore unknown Spotlight attributes in search queries. An example query + using the unsupported attribute + kMDItemTopic would be + kMDItemTopic==hotstuff. By + default any query using such a type would completely fail. By enabling + this option, if the type match is a subexpression of a larger expression, + then this subexpression is just ignored. + + + + no + yes + diff --git a/docs-xml/smbdotconf/misc/elasticsearchignoreunknowntype.xml b/docs-xml/smbdotconf/misc/elasticsearchignoreunknowntype.xml new file mode 100644 index 000..ca1f873adac --- /dev/null +++ b/docs-xml/smbdotconf/misc/elasticsearchignoreunknowntype.xml @@ -0,0 +1,19 @@ +http://www.samba.org/samba/DTD/samba-doc;> + + + Ignore unknown Spotlight types in search queries. An example query using + the unsupported type public.calendar-event