[SCM] Samba Shared Repository - annotated tag samba-4.13.13 created
The annotated tag, samba-4.13.13 has been created at 8eb9ec518ab1e8fa6bd179c0cae5e82d63b6f96c (tag) tagging 88d73d0b4eeabc2544e48a8301b1caa0e9aaeccd (commit) replaces ldb-2.2.2 tagged by Jule Anger on Fri Oct 29 08:19:20 2021 +0200 - Log - samba: tag release samba-4.13.13 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmF7kmgACgkQqplEL7aA tiCQJRAAtar34+c16883CXMsuImTiQ1DO9kRyAVme1LhL5FofsJcGhdcy5JiV7Xh b6gXbPBX97iD/EISx3v7IPBQ0AgSBgp6A0uob4bzrKf4s8U1SH2/2gTB6hnQpJRf XMyLKcuI2vAC0CdtAknh3ndjMdp/7a9zR4ahiCVfZ0wfmFJICUGAb2XUdNgrx2PH QUPL/5zf0P4ZZrWGNkAP2+G9M1CKt4AoONeg1mwQs8UZB0exaABheeWbKbTcrnYR n2HqvjrhT5rRCiLD9Lq0ETxAn1k5/HphPboE+Kjwpte3bc/hp2Eb+xhQG08mDZZX MgR4XBGbs5jy2rf1RG8dvfk6UJ+n7apR84Nc2YyiUUfKIo5WpDY5aYQ/JzRzMK8L 8OtohFOiS+PIreKguCxLzkYCVMVfRGvNmvvkthPk0o54D9zVrvYrQf1ARN6sGUow XrzeX24vbBq2p92mKA3vYgNpXj5RpLLLpdr+eZ2XDxj/Cht9o/OnMdyors+Wp/x8 Py9kb4tUKWMLwtAQZRtZajsg5ZJQ4cgXZMt+/iJIkimSI5c/+gEByFfzbZBcQqNi d/y81bO/DvRUHsPnWOg35MvclSoRGcWq4aI/Np17F2VW2DK432eIkuKtVlc//9Bg GdA+X8mTOxFqEB0CDczzmUjOBGASiQ1dSaPBwl/l+n8B+w6HWNM= =b0mV -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Add release notes for Samba 4.13.13. VERSION: Disable GIT_SNAPSHOT for the 4.13.13 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 6671c88157b VERSION: Bump version up to Samba 4.13.14... via 88d73d0b4ee VERSION: Disable GIT_SNAPSHOT for the 4.13.13 release. via 665022c7590 WHATSNEW: Add release notes for Samba 4.13.13. from 74e65d7c06c ldb: Release ldb 2.2.1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 6671c88157bf29ddbcc36587a9547e292b185e85 Author: Jule Anger Date: Fri Oct 29 08:12:27 2021 +0200 VERSION: Bump version up to Samba 4.13.14... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 88d73d0b4eeabc2544e48a8301b1caa0e9aaeccd Author: Jule Anger Date: Fri Oct 29 08:11:43 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.13 release. Signed-off-by: Jule Anger commit 665022c7590a16275472c25ae47f47f1417cfe20 Author: Jule Anger Date: Fri Oct 29 08:11:05 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.13. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 101 +-- 2 files changed, 100 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c65285cf4cd..b2cca84b9c5 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=13 +SAMBA_VERSION_RELEASE=14 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 820185349ef..575ae48705f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,101 @@ + === + Release Notes for Samba 4.13.13 + October 29, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.12 +- + +o Douglas Bagnall + * BUG 14868: rodc_rwdc test flaps. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Andrew Bartlett + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with + embedded Heimdal. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Isaac Boukris + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with + embedded Heimdal. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Viktor Dukhovni + * BUG 12998: Fix transit path validation. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Luke Howard + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with + embedded Heimdal. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Stefan Metzmacher + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o David Mulder + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Andreas Schneider + * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Joseph Sutton + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with + embedded Heimdal. + * BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order + violation: brlock.tdb, share_entries.tdb. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. + * BUG 14868: rodc_rwdc test flaps. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Nicolas Williams + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with + embedded Heimdal. + * BUG 14881: Backpor
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f6f4777b40 third_party: Update pam_wrapper to version 1.1.4 via 6ed71ad7e6a lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 0659069f829 torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 194faa76161 lib: add a test for null_nttime(NTTIME_THAW) via 5503bde93bd lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via e2740e4868f lib: use NTTIME_FREEZE in a null_nttime() test via d84779302cc lib: fix null_nttime() tests via f73aff502ca lib: add NTTIME_THAW from 16d43ccfddf lib:cmdline: Fix -k option which doesn't expect anything https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f6f4777b4081dbfcd875bf6dcbbab03a1fa413d Author: Andreas Schneider Date: Thu Oct 28 10:50:30 2021 +0200 third_party: Update pam_wrapper to version 1.1.4 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Oct 28 19:03:04 UTC 2021 on sn-devel-184 commit 6ed71ad7e6aa98a34cfde95d7d62c46694d58469 Author: Ralph Boehme Date: Tue Oct 5 15:10:33 2021 +0200 lib: handle NTTIME_THAW in nt_time_to_full_timespec() Preliminary handling of NTTIME_THAW to avoid NTTIME_THAW is passed as some mangled value down to the VFS set timestamps function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 RN: Avoid storing NTTIME_THAW (-2) as value on disk Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 0659069f8292996be475d407b53d161aa3f35554 Author: Ralph Boehme Date: Thu Oct 28 12:55:39 2021 +0200 torture: add a test for NTTIME_FREEZE and NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 194faa76161a12ae1eae2b471d6f159d97ef75a8 Author: Ralph Boehme Date: Thu Oct 28 10:18:54 2021 +0200 lib: add a test for null_nttime(NTTIME_THAW) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 5503bde93bddf3634b183e665773399c110251d4 Author: Ralph Boehme Date: Thu Oct 28 10:18:17 2021 +0200 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE NTTIME_FREEZE is not a nil sentinel value, instead it implies special, yet unimplemented semantics. Callers must deal with those values specifically and null_nttime() must not lie about their nature. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit e2740e4868f2a49877a86a8666d26226b5657317 Author: Ralph Boehme Date: Thu Oct 28 10:17:01 2021 +0200 lib: use NTTIME_FREEZE in a null_nttime() test No change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit d84779302cc54a7b84c05ccc458e04b27fd142f4 Author: Ralph Boehme Date: Wed Oct 27 17:02:48 2021 +0200 lib: fix null_nttime() tests The test was checking -1 twice: torture_assert(tctx, null_nttime(-1), "-1"); torture_assert(tctx, null_nttime(-1), "-1"); The first line was likely supposed to test the value "0". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit f73aff502cadabb7fe6b94a697f0a2256d1d4aca Author: Ralph Boehme Date: Tue Oct 5 15:10:10 2021 +0200 lib: add NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- Summary of changes: buildtools/wafsamba/samba_third_party.py | 2 +- lib/util/tests/time.c | 5 +- lib/util/time.c| 8 +- lib/util/time.h| 1 + source4/torture/smb2/timestamps.c | 208 + third_party/pam_wrapper/libpamtest.c | 19 ++- third_party/pam_wrapper/libpamtest.h | 30 +++-- third_party/pam_wrapper/pam_wrapper.c | 142 +++- third_party/pam_wrapper/python/pypamtest.c | 192 -- third_party/pam_wrapper/wscript| 7 +- 10 files changed, 447 insertions(+), 167 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py index 1c027cb6870..f046ebc96da 100644 --- a/buildtools/wafsamba/samba_third_party.py +++ b/buildtools/wafsamba/samba_third_party.py @@ -44,5 +44,5 @@ Build.BuildContext.CHECK_UID_WRAPPER = CHECK_UID_WRAPPER @conf def CHECK_PAM_WRAPPER(conf
[SCM] Samba Shared Repository - annotated tag ldb-2.2.2 created
The annotated tag, ldb-2.2.2 has been created at 492762c29e2a199d012f1e759468380cfa602dcb (tag) tagging 74e65d7c06c5eda79105f43d87efcaec09dfbb77 (commit) replaces samba-4.13.12 tagged by Stefan Metzmacher on Thu Oct 28 17:43:38 2021 +0200 - Log - ldb: tag release ldb-2.2.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmF6xSoACgkQR5ORYRMI QCXr1ggAhB94suP/riS28w2YURdJeXgbT/RTavV8lONJElCfOQRPOPd8KgnBLKUE sBnMJg5kFhWn8EAEowAcj2eaZ/rtAHhmIFbZ4L6bT1JjMPhtA5e+5j4owe4CmfcX lsZTZmRwyx/k18WF38xZWaYRxyN/ODVqFJxkQW9b7kdH9DMqU/M5Hkhhtxd9bbXQ GOIDhFVU8wst1gTkAe6BO2NZQafMRQKFhvpXnwT4htERJw3/o7LyYLeT/HtxPVcW OfEfrjHnbf0SkK0dDxoerNfcmIicdus44J/ML5aET1aiWFJNvQiC18S9znX0W5o9 WqiCt6KgO4sh8qM/xDhYje8AAfUToA== =S2uI -END PGP SIGNATURE- Andreas Schneider (1): waf: Allow building with MIT KRB5 >= 1.20 Andrew Bartlett (9): autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule) kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for servers selftest: Remove duplicate setup of $base_dn and $ldbmodify selftest: Improve error handling and perl style when setting up users in Samba4.pm dsdb: Allow special chars like "@" in samAccountName when generating the salt lib/krb5_wrap: Fix missing error check in new salt code ldb: Release ldb 2.2.1 David Mulder (1): python: Move dsdb_Dn to samdb Douglas Bagnall (3): python/join: use the provided krbtgt link in cleanup_old_accounts pytest/rodc_rwdc: try to avoid race. pytest: dynamic tests optionally add __doc__ Isaac Boukris (4): kdc: remove KRB5SignedPath, to be replaced with PAC kdc: sign ticket using Windows PAC krb5: allow NULL parameter to krb5_pac_free() krb5: rework PAC validation loop Joseph Sutton (150): krb5pac.idl: Add ticket checksum PAC buffer type security.idl: Add well-known SIDs for FAST tests/krb5: Calculate expected salt if not given explicitly tests/krb5: Add methods to obtain the length of checksum types tests/krb5: Use signed integers to represent key version numbers in ASN.1 tests/krb5: Add KDCOptions flag for constrained delegation tests/krb5: Use more compact dict lookup tests/krb5: Replace expected_cname_private with expected_anon parameter tests/krb5: Allow specifying an OU to create accounts in tests/krb5: Allow specifying additional User Account Control flags for account tests/krb5: Keep track of account DN in credentials object tests/krb5: Move padata generation methods to base class tests/krb5: add options to kdc_exchange_dict to specify including PAC-REQUEST or PAC-OPTIONS tests/krb5: Don't create PAC request manually in as_req_tests tests/krb5: Don't create PAC request or options manually in fast_tests tests/krb5: Remove magic constants tests/krb5: Allow specifying ticket flags expected to be set or reset tests/krb5: Make time assertion less strict tests/krb5: Allow Kerberos requests to be sent to DC or RODC tests/krb5: Check for presence of 'renew-till' element tests/krb5: Check 'caddr' element tests/krb5: Check for presence of 'key-expiration' element tests/krb5: Create testing accounts in appropriate containers tests/krb5: Allow specifying status code to be checked tests/krb5: Get expected cname from TGT for TGS-REQ messages tests/krb5: Get encpart decryption key from kdc_exchange_dict tests/krb5: Add get_cached_creds() method to create persistent accounts for testing tests/krb5: Generate padata for FAST tests tests/krb5: Sign-extend kvno from 32-bit integer tests/krb5: Add method to get RODC krbtgt credentials tests/krb5: Add get_secrets() method to get the secret attributes of a DN tests/krb5: Allow replicating accounts to the RODC tests/krb5: Create RODC account for testing tests/krb5: Allow replicating accounts to the created RODC python: Don't leak file handles python/join: Check for correct msDS-KrbTgtLink attribute tests/krb5: Add helper method for modifying PACs tests/krb5: Check correct flags element tests/krb5: Refactor tgs_req() to use _generic_kdc_exchange tests/krb5: Allow tgs_req() to send additional padata tests/krb5: Allow tgs_req() to specify different kdc-options tests/krb5: Allow tgs_req() to send requests to the RODC tests/krb5: Allow as_req() to specify different kdc-options tests/krb5: Use PAC buffer type constants from krb5pac.idl tests/krb5: Don't manually create PAC request and options in fast_tests tests/krb5: Set DN of created accounts to ldb.Dn type
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 16d43ccfddf lib:cmdline: Fix -k option which doesn't expect anything via 5c6640470aa testprogs: Use new cmdline option for kerberos from 2be0a19d448 Revert "samba-tool: Pick local host if calling samba-tool from DC" https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 16d43ccfddf0e67a0ae87e3f13b3114c858d64ac Author: Andreas Schneider Date: Wed Oct 27 13:45:15 2021 +0200 lib:cmdline: Fix -k option which doesn't expect anything BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 28 13:23:34 UTC 2021 on sn-devel-184 commit 5c6640470aa845780fbf17961e67b0d9302c2fbc Author: Andreas Schneider Date: Wed Oct 27 15:30:20 2021 +0200 testprogs: Use new cmdline option for kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme --- Summary of changes: lib/cmdline/cmdline.c | 2 +- testprogs/blackbox/test_kpasswd_heimdal.sh | 6 +++--- testprogs/blackbox/test_kpasswd_mit.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 5dd543f244d..753cec27c3f 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -1251,7 +1251,7 @@ static struct poptOption popt_legacy_s3[] = { { .longName = "kerberos", .shortName = 'k', - .argInfo= POPT_ARG_STRING, + .argInfo= POPT_ARG_NONE, .val= 'k', .descrip= "DEPRECATED: Migrate to --use-kerberos", }, diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh index 1cf61e5d07d..43f38b09de2 100755 --- a/testprogs/blackbox/test_kpasswd_heimdal.sh +++ b/testprogs/blackbox/test_kpasswd_heimdal.sh @@ -71,10 +71,10 @@ testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ - "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` + "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` testit "change user password with 'samba-tool user password' (unforced)" \ - $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` + $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` TEST_PASSWORD_OLD=$TEST_PASSWORD TEST_PASSWORD=$TEST_PASSWORD_NEW @@ -84,7 +84,7 @@ testit "kinit with user password" \ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" \ - "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1` + "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` ### ### check that a short password is rejected diff --git a/testprogs/blackbox/test_kpasswd_mit.sh b/testprogs/blackbox/test_kpasswd_mit.sh index 0d1dcf2eae4..df0f53e0041 100755 --- a/testprogs/blackbox/test_kpasswd_mit.sh +++ b/testprogs/blackbox/test_kpasswd_mit.sh @@ -74,7 +74,7 @@ test_smbclient "Test login with user kerberos ccache" \ "ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1` testit "change user password with 'samba-tool user password' (unforced)" \ - $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` + $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` TEST_PASSWORD_OLD=$TEST_PASSWORD TEST_PASSWORD=$TEST_PASSWORD_NEW -- Samba Shared Repository
[SCM] pam wrapper repository - annotated tag pam_wrapper-1.1.4 created
The annotated tag, pam_wrapper-1.1.4 has been created at be57e84778893d9933a9e02deaf94c5fcc79bee7 (tag) tagging d938a84d88c5882a08babfb5e10f03a9135237a3 (commit) replaces pam_wrapper-1.1.3 tagged by Andreas Schneider on Thu Oct 28 10:37:52 2021 +0200 - Log - pam_wrapper-1.1.4 * NOTE: pam_wrapper stopped working with the latest OpenPAM on FreeBSD 12. Help is needed to add back support. * Added support to retrieve the PAM environment from a python's PAMTEST_GETENVLIST * Added a new keyword parameter to reuse the PAM handle in libpamtest * Fixed pid range * Fixed constructor/destructor on AIX -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmF6YXkACgkQfuD8TcwB Tj1XRBAApF8syv6/V4xJbLacvGGLc3A8K9I/UaCDGscE1G9ADkqgXCKTlAdtmMnS rOlkvpCoLmePfkqrNcXB7XtIupWGXQex1S1TBloAuEvl+Q0N/xdzKYo/jRIIFv+t +K7skBGBI5oxzHegXtlEUbJ4pdW+8dRnFtiRcouerqCDot8pI1x12NRXtWDuEcHp qGneHOGkfyqKsP9kuNlbn7PFSuuP0Rmpt/HX0axAnBw3PN1f9fr4uypIHAi326kt bujSgn4wjCmQwrjr7t5CZrg/n4fyDTy6Qt6pnkcxOry8hMenNzyfXypa9BnB8J95 2x0ZtlbKh4XEzrR7zOhO8vkMHKOsTtQ/hcGUdsZvnXax+FMg5QOeDfsJl2RegAIg 57JH/1G7JZ/WQizOITRCrMoF7mUfDVVGhtTDNYnbnbf5cbZGnLV4E1VDHvLA6fEb zeq9aWJYcT0qFmlEibbOsGSAADtG8sGj+aFnFjaD/tGepNyk+KI9Ip0Jl99dY9Hk a+i2xzv1aIlFJmNHetPLbAOPpWC91C5/07ZmZkToG7BQE+ifNXa8zgUZTfaAH+5/ ncqyCcFehAdqXKOdKTr+24VNrIbohqGlDvztWW9rB9823MnJlQUefNJRQmSyXvZ/ jDNqsulneLs6wAYVsvQVDjq1tl+pNpSU9CeTYGX3HTUwFM7zYlM= =h9Hh -END PGP SIGNATURE- Andreas Schneider (7): tests: Correctly implement free_vlist() Revert "pwrap: Add back pso_copy for openSUSE Tumbleweed" cmake: Remove configure check for pam_modutil_search_key cmake: Check for -Wno-bad-function-cast tests: Allow to filter tests gitlab-ci: Allow freebsd to fail Bump version to 1.1.4 Björn Jacke (2): configure: check for pragma init/fini for constructors/destructors pam_wrapper.c: fall back to pragma init/fini for constructor/destructor if possible Jakub Jelen (1): Accept whole range of supported pids Samuel Cabrero (6): python: Store the pam env in the python test object python: Store the pam handle in the python test object libpamtest: Add a new keyword parameter to reuse the PAM handle python: Export pam_setcred flags, to be used in python testcase objects cmake: Silence warning with gcc version >= 8 libpamtest: Fix missing pam_handle argument in run_pamtest_conv macro Valentin Vidic (2): libpamtest: include stddef.h in libpamtest.h libpamtest: fix comments for pamtest_conv_data --- -- pam wrapper repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 74e65d7c06c ldb: Release ldb 2.2.1 via c532b425e73 pyldb: Make ldb.Message containment testing consistent with indexing via 64c41d30986 pyldb: Add tests for ldb.Message containment testing via 65f3e987675 pyldb: Raise TypeError for an invalid ldb.Message index via 4ff0a23a04b pyldb: Add test for an invalid ldb.Message index type via f45e89e4326 s4/torture/drs/python: Fix attribute existence check via 4d1c5cc73b0 pyldb: Fix deleting an ldb.Control critical flag via 5e9441d55f6 pytest:segfault: Add test for deleting an ldb.Control critical flag via a2e0682d928 pyldb: Fix deleting an ldb.Message dn via d2189833c7e pytest:segfault: Add test for deleting an ldb.Message dn via c7c10298973 Fix Python docstrings via 0c36416e319 pyldb: Avoid use-after-free in msg_diff() via 400d04533ab ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL via f47f0f9f459 pytest:segfault: Add test for ldb.msg_diff() from 0cea7f53c01 lib/krb5_wrap: Fix missing error check in new salt code https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 74e65d7c06c5eda79105f43d87efcaec09dfbb77 Author: Andrew Bartlett Date: Mon Oct 4 21:57:25 2021 +1300 ldb: Release ldb 2.2.1 * Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message (bug 14845) * Fix memory handling in ldb.msg_diff (bug 14836) * Corrected python docstrings BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 Signed-off-by: Andrew Bartlett Autobuild-User(v4-14-test): Stefan Metzmacher Autobuild-Date(v4-14-test): Tue Oct 26 13:03:37 UTC 2021 on sn-devel-184 Autobuild-User(v4-13-test): Stefan Metzmacher Autobuild-Date(v4-13-test): Thu Oct 28 09:49:45 UTC 2021 on sn-devel-184 commit c532b425e739a5a6860e37fd616dc5293cea0f37 Author: Joseph Sutton Date: Sat Sep 25 14:39:59 2021 +1200 pyldb: Make ldb.Message containment testing consistent with indexing Previously, containment testing using the 'in' operator was handled by performing an equality comparison between the chosen object and each of the message's keys in turn. This behaviour was prone to errors due to not considering differences in case between otherwise equal elements, as the indexing operations do. Containment testing should now be more consistent with the indexing operations and with the get() method of ldb.Message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 860d8902a9c502d4be83396598cf4a53c80fea69) commit 64c41d30986a34b3311bc03ffce9a8856c7f4f18 Author: Joseph Sutton Date: Sat Sep 25 13:48:57 2021 +1200 pyldb: Add tests for ldb.Message containment testing These tests verify that the 'in' operator on ldb.Message is consistent with indexing and the get() method. This means that the 'dn' element should always be present, lookups should be case-insensitive, and use of an invalid type should result in a TypeError. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 865fe238599a732360b77e06e592cb85d459acf8) commit 65f3e987675d378afd7df4445d04c86d83cde853 Author: Joseph Sutton Date: Sat Sep 25 13:39:56 2021 +1200 pyldb: Raise TypeError for an invalid ldb.Message index Previously, a TypeError was raised and subsequently overridden by a KeyError. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 22353767ca75af9d9e8fa1e7da372dcb5eddfcb7) commit 4ff0a23a04b230bab3454cf88d317304df2cb5cb Author: Joseph Sutton Date: Sat Sep 25 13:22:05 2021 +1200 pyldb: Add test for an invalid ldb.Message index type BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit b018e51d2725a23b2fedd3058644b8021f6a6a06) commit f45e89e432644b5c569808f29d27a537e07f Author: Joseph Sutton Date: Sat Sep 25 19:18:39 2021 +1200 s4/torture/drs/python: Fix attribute existence check BUG: https://bugzilla.samba.org/show_bug.cg
[SCM] pam wrapper repository - branch master updated
The branch, master has been updated via d938a84 Bump version to 1.1.4 via 42f9d4d gitlab-ci: Allow freebsd to fail via 6df5d14 tests: Allow to filter tests via de959bc cmake: Check for -Wno-bad-function-cast from 4efe631 cmake: Remove configure check for pam_modutil_search_key https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master - Log - commit d938a84d88c5882a08babfb5e10f03a9135237a3 Author: Andreas Schneider Date: Fri Jun 25 10:12:07 2021 +0200 Bump version to 1.1.4 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme commit 42f9d4dee0c46174f305e65f87d82b2bcb12fe58 Author: Andreas Schneider Date: Tue Oct 5 09:31:12 2021 +0200 gitlab-ci: Allow freebsd to fail Reviewed-by: Ralph Boehme commit 6df5d14e49edc586b5000d552a26e0629b1f3b41 Author: Andreas Schneider Date: Fri Jun 25 13:45:31 2021 +0200 tests: Allow to filter tests Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme commit de959bc431c9f87eb25b9e006b3a783a66048bd0 Author: Andreas Schneider Date: Fri Jun 25 10:52:14 2021 +0200 cmake: Check for -Wno-bad-function-cast Fixes the build on freebsd. Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme --- Summary of changes: .gitlab-ci.yml| 3 +++ CHANGELOG | 9 + CMakeLists.txt| 8 CompilerChecks.cmake | 3 +++ src/python/CMakeLists.txt | 8 +--- tests/test_pam_wrapper.c | 7 ++- 6 files changed, 30 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 839c834..1439b2c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -132,6 +132,9 @@ freebsd/x86_64: when: on_failure paths: - obj/ + # pam_wrapper stopped to work with the latest OpenPAM version, this is a + # bigger effort to investigate. + allow_failure: true tumbleweed/x86_64/gcc: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD diff --git a/CHANGELOG b/CHANGELOG index 39772b3..608f45b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,15 @@ ChangeLog == +version 1.1.4 (released 2020-10-28) + * NOTE: pam_wrapper stopped working with the latest OpenPAM on FreeBSD 12. +Help is needed to add back support. + * Added support to retrieve the PAM environment from a python's +PAMTEST_GETENVLIST + * Added a new keyword parameter to reuse the PAM handle in libpamtest + * Fixed pid range + * Fixed constructor/destructor on AIX + version 1.1.3 (released 2020-03-26) * Fixed paths in pkgconfig and cmake config files diff --git a/CMakeLists.txt b/CMakeLists.txt index b453ec3..37dff75 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -11,7 +11,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules") include(DefineCMakeDefaults) include(DefineCompilerFlags) -project(pam_wrapper VERSION 1.1.3 LANGUAGES C) +project(pam_wrapper VERSION 1.1.4 LANGUAGES C) # global needed variables set(APPLICATION_NAME ${PROJECT_NAME}) @@ -25,13 +25,13 @@ set(APPLICATION_NAME ${PROJECT_NAME}) # Increment PATCH. set(LIBRARY_VERSION_MAJOR 0) set(LIBRARY_VERSION_MINOR 0) -set(LIBRARY_VERSION_PATCH 6) +set(LIBRARY_VERSION_PATCH 7) set(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR}) -set(PAMTEST_LIBRARY_VERSION_MAJOR 0) +set(PAMTEST_LIBRARY_VERSION_MAJOR 1) set(PAMTEST_LIBRARY_VERSION_MINOR 0) -set(PAMTEST_LIBRARY_VERSION_PATCH 5) +set(PAMTEST_LIBRARY_VERSION_PATCH 0) set(PAMTEST_LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") set(PAMTEST_LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR}) diff --git a/CompilerChecks.cmake b/CompilerChecks.cmake index 4fa1a83..6c74b0b 100644 --- a/CompilerChecks.cmake +++ b/CompilerChecks.cmake @@ -95,6 +95,9 @@ if (UNIX) add_c_compiler_flag("-Wno-error=tautological-compare" SUPPORTED_COMPILER_FLAGS) endif() +# Needed by src/python/CMakeLists.txt +check_c_compiler_flag("-Wno-cast-function-type" WITH_WNO_CAST_FUNCTION_TYPE) + # Unset CMAKE_REQUIRED_FLAGS unset(CMAKE_REQUIRED_FLAGS) endif() diff --git a/src/python/CMakeLists.txt b/src/python/CMakeLists.txt index e8730d9..faaf569 100644 --- a/src/python/CMakeLists.txt +++ b/src/python/CMakeLists.txt @@ -3,6 +3,8 @@ project(pypamtest C) add_subdirectory(python2) add_subdirectory(python3) -set_source_files_properties(pypamtest.c -DIRECTORY python2 python3 -PROPERTIES COMPILE_OPTIONS "-Wno-cast-function-type") +if (WITH_WNO_CAST_FUNCTION_TYPE) +set_source_files_properties(pypamtest.c +DIRECTORY python2 python3 +
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 0cea7f53c01 lib/krb5_wrap: Fix missing error check in new salt code via 274f16103f6 dsdb: Allow special chars like "@" in samAccountName when generating the salt via ae6d74c9ef8 tests/krb5: Add tests for account salt calculation via d3b491c3116 tests/krb5: Fix account salt calculation to match Windows via a742af325f9 tests/krb5: Allow specifying the UPN for test accounts via 3f376eeaa88 tests/krb5: Allow creating machine accounts without a trailing dollar via a2a173d70ad tests/krb5: Allow specifying prefix or suffix for test account names via 4056198f4c9 tests/krb5: Decrease length of test account prefix via 89b9cb8b786 selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline") via 88f824aeb3f selftest/Samba3: remove unused close(USERMAP); calls via c9e54bbe242 waf: Allow building with MIT KRB5 >= 1.20 via f01e4e19cf6 selftest: Improve error handling and perl style when setting up users in Samba4.pm via 2bf0e4224f8 selftest: Remove duplicate setup of $base_dn and $ldbmodify via 38ebe186f42 selftest: krb5 account creation: clarify account type as an enum via 18bce6fc477 pytest: dynamic tests optionally add __doc__ via a64c25ff097 selftest: Increase account lockout windows to make test more realiable via a203de48197 pytest/rodc_rwdc: try to avoid race. via f7d6826afea HEIMDAL:kdc: Fix transit path validation CVE-2017-6594 via e9b12d2def9 tests/krb5: Add tests for constrained delegation to NO_AUTH_DATA_REQUIRED service via 999208d3afa tests/krb5: Ensure PAC is not present if expect_pac is false via 3eb78cd43b6 kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for servers via 106dc4a0492 kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals via fa32948c1d1 tests/krb5: Add tests for requesting a service ticket without a PAC via 473278c1301 tests/krb5: Add method to get the PAC from a ticket via 033249c56e1 tests/krb5: Allow specifying whether to expect a PAC with _test_as_exchange() via 33537398392 tests/krb5: Allow get_tgt() to request including or omitting a PAC via 543478fe985 heimdal:kdc: Fix ticket signing without a PAC via 4ff8af7d54d selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule) via cb044703b29 krb5: Fix PAC signature leak affecting KDC via 5919475dc90 s4:kdc: Check ticket signature via 9d3419c3068 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function via 6fbde548803 s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows via e5ca4a51c80 kdc: correctly generate PAC TGS signature via 61fb0ba82c6 kdc: use ticket client name when signing PAC via 58bc0a4b7f1 kdc: only set HDB_F_GET_KRBTGT when requesting TGS principal via 49bcbcbb4d6 krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails via c73825d0b01 krb5: rework PAC validation loop via c17bfba3001 krb5: allow NULL parameter to krb5_pac_free() via 4114e57a371 kdc: sign ticket using Windows PAC via ff31503bd41 kdc: remove KRB5SignedPath, to be replaced with PAC via 6afc41b262e s4/torture: Expect ticket checksum PAC buffer via 1486a8a04b0 s4:kdc: Fix debugging messages via 8b363a630e5 s4:kdc: Simplify samba_kdc_update_pac_blob() to take ldb_context as parameter via 0e53c4353a2 tests/krb5: Fix duplicate account creation via f3c36a06998 tests/krb5: Allow bypassing cache when creating accounts via 8b947965d4f tests/krb5: Don't include empty AD-IF-RELEVANT via 2373c1ac1ef tests/krb5: Add constrained delegation tests via 61ec92dc096 tests/krb5: Verify tickets obtained with get_service_ticket() via 6a1549a4955 tests/krb5: Require ticket checksums if decryption key is available via 91faad4ef6b tests/krb5: Add TKT_SIG_SUPPORT environment variable via 518e990f496 selftest/dbcheck: Fix up RODC one-way links via 1ca795a0cb9 tests/krb5: Fix sha1 checksum type via 2c6b918ab92 tests/krb5: Provide clearer assertion messages for test failures via d46f0d1793b tests/krb5: Disable debugging output for tests via 90d58c72bd7 tests/krb5: Simplify padata checking via b08fd85bcb2 tests/krb5: Check logon name in PAC via 07ace448a5c tests/krb5: Check padata types when STRICT_CHECKING=0 via 54fb144fe9a tests/krb5: Add environment variable to specify KDC FAST support via 8ee28d96b29 tests/krb5: Fix padata checking at functional level 2003 via d82e7716f48 tests/krb5: Clarify checksum type assertion message via 07e242da411 tests/krb5: Use correct principal name type via 5f72fd098f0 tests/krb5: Add compatability tests fo