[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8bd7b316bd6 kdc: Canonicalize realm for enterprise principals via dceee8f heimdal_build: Do not build samba4kinit unless building embedded Heimdal via a0d75b1cce4 lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators via 2701293f48a s4:torture: Remove pre-send and post-receive callbacks from 7eb1e1cc949 s4:torture: Remove test combination with enterprise principal without canonicalize flag https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8bd7b316bd61ef35f6e0baa0b65f0ef00910112c Author: Joseph Sutton Date: Tue Dec 7 13:15:38 2021 +1300 kdc: Canonicalize realm for enterprise principals Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Dec 7 04:54:35 UTC 2021 on sn-devel-184 commit dceee8f62ace1b7a67401d502d2b3c4a1e17 Author: Andrew Bartlett Date: Tue Dec 7 11:30:10 2021 +1300 heimdal_build: Do not build samba4kinit unless building embedded Heimdal We should not attempt to build local copies of Heimdal utilities against a system krb5 library. Inspired by a WIP commit by Stefan Metzmacher in his lorikeet-heimdal import branch of patches to upgrade to a modern Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit a0d75b1cce4b97e1d6b78ba2b7adf96988d55608 Author: Andrew Bartlett Date: Tue Jul 6 12:26:44 2021 +1200 lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators This provides the defines that may be needed to use the compiler-provided atomics, rather than a fallback. Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit 2701293f48a9e4014f9ba1e925d458fe25865bfb Author: Joseph Sutton Date: Fri Dec 3 11:58:53 2021 +1300 s4:torture: Remove pre-send and post-receive callbacks The client-side testing done by these callbacks is no longer needed, and the server-side testing is covered by Python-based tests. Removing these leaves us with a more manageable test of the Kerberos API. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- Summary of changes: lib/replace/wscript |7 + selftest/knownfail.d/kdc-enterprise | 63 -- selftest/knownfail_heimdal_kdc |3 - selftest/knownfail_mit_kdc | 36 + source4/heimdal_build/wscript_build | 31 +- source4/kdc/db-glue.c| 24 +- source4/torture/krb5/kdc-canon-heimdal.c | 1069 +- 7 files changed, 71 insertions(+), 1162 deletions(-) delete mode 100644 selftest/knownfail.d/kdc-enterprise Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index 53cb5d4fa76..a928b80f2f7 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -298,6 +298,13 @@ def configure(conf): 'HAVE___SYNC_FETCH_AND_ADD', msg='Checking for __sync_fetch_and_add compiler builtin') +conf.CHECK_CODE(''' +int i; +(void)__sync_add_and_fetch(, 1); +''', +'HAVE___SYNC_ADD_AND_FETCH', +msg='Checking for __sync_add_and_fetch compiler builtin') + conf.CHECK_CODE(''' int32_t i; atomic_add_32(, 1); diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise deleted file mode 100644 index c9b6c98a2ee..000 --- a/selftest/knownfail.d/kdc-enterprise +++ /dev/null @@ -1,63 +0,0 @@ -samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( -samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( -samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( -samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( -samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7eb1e1cc949 s4:torture: Remove test combination with enterprise principal without canonicalize flag via 23ec41fd13f s4:torture: Remove AS_REQ_SELF test stage via f8b17214d06 tests/krb5: Add tests for enterprise principals with canonicalization via 860065a3c99 tests/krb5: Add tests for AS-REQ with an SPN via 31900a0a582 tests/krb5: Add more AS-REQ ENC-TIMESTAMP tests with different encryption types via ff6d325e38d tests/krb5: Check ticket cname for Heimdal via 3fc9dc2395e tests/krb5: Check logon name in PAC for canonicalization tests via 10983779bc5 tests/krb5: Only create testing accounts once per test run via 8036aa12766 waf:mitkrb5: Always define lib so we get the header include path via 238e4c86ca7 waf:mitkrb5: Fix MIT KRB5 detection if not in default system location via 61404faf767 waf:mitkrb5: Detect com_err with pkgconfig first via 61ce2899791 wafsamba: Pass lib to CHECK_DECLS() via 18788e174ed s3:waf: Fix dependendies for libads via 93619962020 s4:waf: Fix dependencies for TORTURE_UTIL via 8393adaa5ad s3:param: Only include smb_ldap.h for LDAP_* defines via 3bfdbc1e93b s3:param: Remove trailing spaces in loadparm.c via 528e5efc17d samba-tool: Test DNS record creation on member join via 5e31e8f15bf samba-tool: Create DNS entries on member join from 05c09e8cfa0 heimdal_build: Prepare for Heimdal upgrade by only building HEIMDAL_ASN1_GEN_HOSTCC when needed. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7eb1e1cc9498c761c9fcd2bd839e1e2c28a365df Author: Joseph Sutton Date: Fri Dec 3 11:58:40 2021 +1300 s4:torture: Remove test combination with enterprise principal without canonicalize flag This test combination is not needed. Removing it allows us to avoid modifying requests prior to sending them, which can cause problems with an upgraded Heimdal version. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Dec 6 22:57:54 UTC 2021 on sn-devel-184 commit 23ec41fd13f3ccae6b494682901f084d34538bec Author: Joseph Sutton Date: Fri Dec 3 11:57:49 2021 +1300 s4:torture: Remove AS_REQ_SELF test stage This behaviour is already covered by existing Python tests. This test stage also modifies the request prior to sending it, which can cause problems with an upgraded Heimdal version. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit f8b17214d06ad9f1321a1d57f6e9bfe7b8899bf6 Author: Joseph Sutton Date: Tue Nov 30 09:42:00 2021 +1300 tests/krb5: Add tests for enterprise principals with canonicalization Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 860065a3c99475e43f68330f7349cb317bc5b009 Author: Joseph Sutton Date: Thu Nov 25 16:22:58 2021 +1300 tests/krb5: Add tests for AS-REQ with an SPN Using a SPN should only be permitted if it is also a UPN, and is not an enterprise principal. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 31900a0a58283868798dcb90ed43519b39559c2c Author: Joseph Sutton Date: Fri Dec 3 13:13:29 2021 +1300 tests/krb5: Add more AS-REQ ENC-TIMESTAMP tests with different encryption types Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit ff6d325e38d83b689da47c1b059f3ed865ffa7c2 Author: Joseph Sutton Date: Thu Nov 25 16:16:52 2021 +1300 tests/krb5: Check ticket cname for Heimdal This is currently not checked in several places due to STRICT_CHECKING being set to 0. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 3fc9dc2395ebc292087ae050bd721747e851056d Author: Joseph Sutton Date: Thu Dec 2 16:51:26 2021 +1300 tests/krb5: Check logon name in PAC for canonicalization tests This allows us to ensure that the correct name makes it through to the PAC. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 10983779bc5d50cdb69b64656cbc56f0250e3f23 Author: Joseph Sutton Date: Thu Dec 2 16:50:55 2021 +1300 tests/krb5: Only create testing accounts once per test run This decreases the time that the tests take to run. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 8036aa12766840e019f28e914a30769f71444ba9 Author: Andreas Schneider Date: Mon Dec 6 18:01:40 2021 +0100 waf:mitkrb5: Always define lib so we get the header include path If you have libkrb5 in a non-standard include path, we would not check the latest version but search default paths (e.g. /usr/include) first. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 05c09e8cfa0 heimdal_build: Prepare for Heimdal upgrade by only building HEIMDAL_ASN1_GEN_HOSTCC when needed. via 98cb41cb35d build: Remove kdc_include except where needed via 209a33670fa build: Only use embedded Heimdal include paths in an embedded Heimdal build from d6380560f87 docs: fix documentation for default of "fruit:zero_file_id" https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05c09e8cfa09d22b31b7da6b461413dfb807984a Author: Andrew Bartlett Date: Thu Dec 2 13:25:07 2021 +1300 heimdal_build: Prepare for Heimdal upgrade by only building HEIMDAL_ASN1_GEN_HOSTCC when needed. This will otherwise break the system-heimdal build. This is correct regardless. Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Dec 6 21:48:30 UTC 2021 on sn-devel-184 commit 98cb41cb35dfacbd5c6acfb13a0ac555b474da08 Author: Andrew Bartlett Date: Thu Dec 2 11:47:35 2021 +1300 build: Remove kdc_include except where needed This include was being set on too many subsystems, including some MIT-related. This was a problem because it would then trigger the mixing of MIT and Heimdal krb5.h files. It is now only set on the plugins and services that use the embedded Heimdal KDC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit 209a33670fab5dd7373444ae1ce76dbb5dfa0058 Author: Andrew Bartlett Date: Thu Dec 2 11:33:02 2021 +1300 build: Only use embedded Heimdal include paths in an embedded Heimdal build BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton --- Summary of changes: buildtools/wafsamba/samba3.py | 4 ++-- source4/heimdal_build/wscript_build | 18 +- source4/kdc/wscript_build | 9 - 3 files changed, 11 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba3.py b/buildtools/wafsamba/samba3.py index ebc7fbb707f..4277c5f6f2e 100644 --- a/buildtools/wafsamba/samba3.py +++ b/buildtools/wafsamba/samba3.py @@ -35,8 +35,8 @@ def s3_fix_kwargs(bld, kwargs): # the extra_includes list is relative to the source3 directory extra_includes = [ '.', 'include', 'lib' ] -# local heimdal paths only included when USING_SYSTEM_KRB5 is not set -if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): +# local heimdal paths must only be included when using our embedded Heimdal +if bld.CONFIG_SET("USING_EMBEDDED_HEIMDAL"): extra_includes += [ '../source4/heimdal/lib/com_err', '../source4/heimdal/lib/krb5', '../source4/heimdal/lib/gssapi', diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index 079cac744f9..77519356575 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -856,21 +856,21 @@ HEIMDAL_SUBSYSTEM('HEIMDAL_VERS_HOSTCC', use_global_deps=False, use_hostcc=True) -HEIMDAL_SUBSYSTEM('HEIMDAL_ASN1_GEN_HOSTCC', - 'lib/asn1/gen.c', - includes='../heimdal/lib/asn1', - group='hostcc_build_main', - cflags=bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS, - deps='ROKEN_HOSTCC', - use_global_deps=False, - use_hostcc=True) - HEIMDAL_SUBSYSTEM('HEIMDAL_VERS', 'lib/vers/print_version.c ../heimdal_build/version.c', deps='roken replace') if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'): +HEIMDAL_SUBSYSTEM('HEIMDAL_ASN1_GEN_HOSTCC', + 'lib/asn1/gen.c', + includes='../heimdal/lib/asn1', + group='hostcc_build_main', + cflags=bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS, + deps='ROKEN_HOSTCC', + use_global_deps=False, + use_hostcc=True) + # here is the asn1 compiler build rule HEIMDAL_BINARY('asn1_compile', 'lib/asn1/gen_copy.c ' diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build index 0edca94e75f..c7f28a72342 100644 --- a/source4/kdc/wscript_build +++ b/source4/kdc/wscript_build @@ -58,7 +58,6 @@ bld.SAMBA_LIBRARY('HDB_SAMBA4', bld.SAMBA_LIBRARY('HDB_SAMBA4_PLUGIN', source='hdb-samba4-plugin.c', deps='hdb HDB_SAMBA4 samba-util samba-hostconfig ', - includes=kdc_include, link_name='modules/hdb/hdb_samba4.so', realname='hdb_samba4.so',
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d6380560f87 docs: fix documentation for default of "fruit:zero_file_id" from dab828f63c0 pytest/source_char: check for mixed direction text https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d6380560f871a0097366b26382d2ac22b60bc48e Author: Ralph Boehme Date: Mon Dec 6 15:16:36 2021 +0100 docs: fix documentation for default of "fruit:zero_file_id" This got changed by 6e65c283120e3e627f0d8570601263f904529996 without updating the manpage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14926 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Dec 6 18:24:24 UTC 2021 on sn-devel-184 --- Summary of changes: docs-xml/manpages/vfs_fruit.8.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index a87bf401cbd..bfaf8e42919 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -402,7 +402,7 @@ attributes"/> is enabled. Returning a file identifier of zero causes the Mac client to stop using and trusting the file id returned from the server. - The default is yes. + The default is no. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 6f7e39b0611 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO via c22480e2640 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share via f57b3e1 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via 2306c9e7d18 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids via a68e2904eae smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via 2c4c3867933 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL via 9e182796362 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via 2209a095dda smb2_server: decouple IOCTL check from signing/encryption states via 4c8c39a7b55 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 685250e6298 s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via eba52e21acb libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* from dc59b392111 s3:winbind: Fix possible NULL pointer dereference https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 6f7e39b061134ac2387c1d1ebfbe61c1c1a34422 Author: Stefan Metzmacher Date: Wed Sep 15 19:29:40 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184 (cherry picked from commit f4d0bb164f028da46eab766135bb38175c117deb) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Dec 6 11:36:01 UTC 2021 on sn-devel-184 commit c22480e2640ffc20fb01749f5f6a9ef272d855c8 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO only because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 629d161b8f579bc24acfaf3fe02612a5237345b4) commit f57b3e1478bdf743956e7fef222e4891d508 Author: Stefan Metzmacher Date: Wed Sep 15 20:27:12 2021 +0200 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids smbd_smb2_request_process_ioctl() already detailed checks for file_ids, which not reached before. .allow_invalid_fileid = true was only used for SMB2_OP_IOCTL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 1744dd8c5bc342a74e397951506468636275fe45) commit 2306c9e7d18fe9080a20c2989144a35d43ef2a1d Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER instead of FILE_CLOSED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit fb33f145ff598b03a08098b7f12f3c53491f6c04) commit a68e2904eaee1d7185bfe6981193a4bdeae7a2db Author: Stefan Metzmacher Date: Wed Sep 15 20:26:58 2021 +0200 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() We should not send more data than the client requested. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit aab540503434817cc6b2de1d9c507f9d0b3ad980) commit 2c4c38679338ed62fe309379ee3069605a31bb22 Author: Stefan Metzmacher Date: Mon Nov 29 19:44:12 2021 +0100 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL It seems that we currently don't have BUFFER_TOO_SMALL handling for FSCTL/IOCTL calls. FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example to demonstrate it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit b3212b359edb78d4c60fed377fa18478c8e75d9a) commit 9e182796362b2ac690556ad28d8a086f4044db8d Author: Stefan Metzmacher Date: Mon Aug 16