[SCM] Samba Shared Repository - branch master updated

2022-03-16 Thread Andrew Bartlett
The branch, master has been updated
   via  ef1dbcdc6cb torture: Allow Samba as an AD DC to use zeros for LM key
   via  cb691c51ee2 torture: Do not expect LM passwords to be accepted 
except by samba3
   via  ac79ce221f0 torture: Update rpc.samlogon to match Win19 and newer 
Samba behaviour for LM key
   via  faea2f8a6b5 selftest: Remove auth_log test for RAP password change
   via  d0b922bd51d ntlm_auth: Adapt --diagnostics mode to expect that the 
DC does not support LANMAN by default
   via  4234e9b05fa s3-ntlm_auth: Convert table of tests in --diagnostics 
to designated initialisers
   via  75c54d54ad9 dsdb: Remove LM hash parameter from 
samdb_set_password() and callers
   via  a2fa7f427aa selftest: Allow RPC-SAMR to cope with 
OemChangePasswordUser2 being un-implemented
   via  45af51fd6e1 selftest: Cope with LM hash not being stored in the 
tombstone_reanimation test
   via  f161e3f18f0 dsdb: Remove parsing of LM password hash from "dBCSPwd" 
attribute
   via  0f53bfe7230 s4-rpc_server: Do not use LM hash in password changes
   via  6aaa1245630 s4-auth: Do not supply the LM hash to the AD DC 
authentication code
   via  2dbc8b98435 s4-auth: Disable LM authenticaton in the AD DC despite 
"lanman auth = yes"
   via  09eaf7403e8 s4/dsdb: Remove LM password generation and storage from 
password_hash
   via  338492d3457 s4-rpc_server: Remove pre-check for existing NT and LM 
hash from netlogon
   via  557b1ab5f96 kdc: Remove pre-check for existing NT and LM hash from 
kpasswd
   via  0a907c2f45c dsdb: Return dsdb_password_change control name to 
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
   via  1144addec50 dsdb: No longer supply exact password hashes in a 
control to indicate password changes
   via  9cec421d4df selftest: run s4member tests less
   via  4e21be7e89c selftest: Remove duplicate run of rpc.lsa tests against 
ad_dc as "samba3"
   via  5e9cb0ad208 selftest: Remove duplicate run of rpc.samr tests 
against ad_dc as "samba3"
   via  28fc8df722b selftest: Allow samba.tests.ntlm_auth to fail rather 
than error checking --diagnostics
   via  5b41c871d9b selftest: Use more torture_assert_goto() et al in 
rpc.samlogon test
  from  def505e68be wafsamba: Fix call to sorted()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ef1dbcdc6cbf723bb98280c798484ea7de36eb96
Author: Andrew Bartlett 
Date:   Mon Feb 28 13:24:31 2022 +1300

torture: Allow Samba as an AD DC to use zeros for LM key

This is simple, explainable and secure.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184

commit cb691c51ee2e4b0a2d64234383dffddba00bb257
Author: Andrew Bartlett 
Date:   Mon Feb 28 13:19:58 2022 +1300

torture: Do not expect LM passwords to be accepted except by samba3

This allows Samba as an AD DC (compared with the fileserver/NT4-like DC 
mode) to match
windows and refuse all LM passwords, no matter what.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

commit ac79ce221f0536bf0643b25f157bac2621bef4cf
Author: Andrew Bartlett 
Date:   Mon Feb 28 10:07:35 2022 +1300

torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for 
LM key

Not all cases are covered, but this much covers the areas that Samba and 
Win19
will agree on.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

commit faea2f8a6b54714c50e0a5b15bd1775d67944e06
Author: Andrew Bartlett 
Date:   Fri Feb 18 12:55:57 2022 +1300

selftest: Remove auth_log test for RAP password change

RAP is SMB1, the password change routine requires LM hashes and so 
everything
here is going away or has now gone, so remove the test.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

commit d0b922bd51d0c75ac9d850ceac689707cd24cf92
Author: Andrew Bartlett 
Date:   Thu Feb 17 17:50:43 2022 +1300

ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support 
LANMAN by default

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

commit 4234e9b05fade4339dab99f296776d5f55bd8629
Author: Andrew Bartlett 
Date:   Thu Feb 17 10:48:54 2022 +1300

s3-ntlm_auth: Convert table of tests in --diagnostics to designated 
initialisers

This makes it easeir to set some as "LM auth".

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

commit 75c54d54ad9fdff7098c1b4f11252528f35ea658
Author: Andrew Bartlett 
Date:   Thu Feb 17 07:35:54 2022 +1300

dsdb: Remove LM hash parameter from samdb_set_password() and callers

This fixes the rpc.samr test because we no longer specify an LM hash
to the DSDB layer only to have it r

[SCM] Samba Shared Repository - branch master updated

2022-03-16 Thread Andrew Bartlett
The branch, master has been updated
   via  def505e68be wafsamba: Fix call to sorted()
   via  005866b1092 s4-smbtorture: Fix typo in assertion message
   via  27dd0afb62d python/ntacls.py: Fix ACE type comparison
   via  52afaa0ceb5 s4:policy: Fix ACE type comparison
   via  95abdbcbb8c dsdb audit tests: Use assert_in_range() for comparing 
timestamps
   via  591db0ccc09 dsdb audit tests: Fix flapping test
   via  2a8ae72bc01 samba-tool: Fix typo
   via  c4ecb66715c s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin
   via  1a28d97fefe s4:kdc: Remove trailing whitespace in wdc-samba4.c
   via  2380c7eab4d s4:kdc: Remove ks_is_tgs_principal()
   via  c78f5b724be s4:kdc: Use samba_kdc_update_pac() in 
mit_samba_update_pac()
   via  b59c55e0528 s4:kdc: Use samba_kdc_update_pac() in 
mit_samba_reget_pac()
   via  0828cbd4bfe s4:kdc: Implement common samba_kdc_update_pac()
   via  27554581c1d s4:kdc: Make pac parameter of 
samba_client_requested_pac() const
   via  95cdbe1724f s4:kdc: Cleanup include files in pac-glue.c
   via  a84cabf4711 lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()
   via  1f24724b24e auth: Add required headers to auth_sam_reply.h
   via  27dd3d9fca0 s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
   via  70b4660c208 s4:kdc: Make sure ret is set if we goto bad_option
   via  94e9b338338 s4:kdc: Fix return code in mit_samba_update_pac()
   via  18dbdf6aace python:tests: Fix type error in raw_testcase.py
   via  5294dc80090 s4:kdc: tunnel the check_client_access status to 
hdb_samba4_audit()
   via  b01388da8a7 s4-kdc: Handle previously unhandled auth event types
  from  70b9977a46e s3:libsmb: Fix errno for failed authentication in 
SMBC_server_internal()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit def505e68be66e0179a345d3f7e2bd930712e150
Author: Joseph Sutton 
Date:   Tue Feb 15 20:05:55 2022 +1300

wafsamba: Fix call to sorted()

In Python 3, sorted() does not take a 'cmp' parameter, so we need to use
the 'key' parameter instead.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar 17 01:36:59 UTC 2022 on sn-devel-184

commit 005866b10922c8dd59d334f1a77712be33213986
Author: Joseph Sutton 
Date:   Tue Feb 15 09:25:38 2022 +1300

s4-smbtorture: Fix typo in assertion message

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 27dd0afb62d4f7427c966e984c7c8b01bc4d93b5
Author: Joseph Sutton 
Date:   Fri Mar 4 16:11:42 2022 +1300

python/ntacls.py: Fix ACE type comparison

SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the one in
gp_create_gpt_security_descriptor().

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 52afaa0ceb5f2a372c075f64c5ae445621263b36
Author: Joseph Sutton 
Date:   Wed Mar 2 17:14:42 2022 +1300

s4:policy: Fix ACE type comparison

SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the comment.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 95abdbcbb8c96bb58aa1fe08ddc5c8280e9e6a30
Author: Joseph Sutton 
Date:   Thu Mar 17 11:20:45 2022 +1300

dsdb audit tests: Use assert_in_range() for comparing timestamps

This can make the code clearer. assert_in_range() takes only integer
parameters, but POSIX allows us to assume that time_t is an integer.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 591db0ccc090f49c74dff8dab6a7240432d03024
Author: Joseph Sutton 
Date:   Tue Sep 28 20:42:36 2021 +1300

dsdb audit tests: Fix flapping test

Use gettimeofday() to obtain the current time for comparison, to be
consistent with audit_logging.c. On Linux, time() may occasionally
return a smaller value than gettimeofday(), despite being called later.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 2a8ae72bc0125e22b2637b961ca3b03a16774dcb
Author: Joseph Sutton 
Date:   Thu Mar 18 19:22:52 2021 +1300

samba-tool: Fix typo

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit c4ecb66715caec7cb900f6bdf6b7ad749c4ef037
Author: Andreas Schneider 
Date:   Mon Mar 7 10:41:41 2022 +0100

s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin

Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Joseph Sutton 

commit 1a28d97fefed6391e4d4e9c37b51baac598a66cc
Author: Andreas Schneider 
Date:   Mon Mar 7 13:15:08 2022 +0100

s4:kdc: Remove trailing whitespace in wdc-samba4.c

Signed-off-by: Andreas Schneider 
Reviewed-by

[SCM] Samba Shared Repository - branch master updated

2022-03-16 Thread Jeremy Allison
The branch, master has been updated
   via  70b9977a46e s3:libsmb: Fix errno for failed authentication in 
SMBC_server_internal()
   via  fb13c7c94f1 vfs: Getting exact attribute value during gpfs_stat_x 
calls
  from  68d181ee676 s3:libads: Fix creating local krb5.conf

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 70b9977a46e5242174b4461a7f49d5f640c1db62
Author: Elia Geretto 
Date:   Fri Mar 11 19:32:30 2022 +0100

s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()

In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.

This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983

Signed-off-by: Elia Geretto 
Reviewed-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184

commit fb13c7c94f17283615953ce3bf690722c6918e9f
Author: Archana 
Date:   Mon Mar 14 15:16:17 2022 +0530

vfs: Getting exact attribute value during gpfs_stat_x calls

To properly update the filesize on all cluster nodes simultaneously

Signed-off-by: Archana Chidirala 
Reviewed-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

---

Summary of changes:
 source3/libsmb/libsmb_server.c | 2 +-
 source3/modules/vfs_gpfs.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index b92477c88fe..09d27868c0e 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -572,7 +572,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
!NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
 
 cli_shutdown(c);
-errno = EPERM;
+   errno = map_errno_from_nt_status(status);
 return NULL;
 }
}
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 1444d44bbb9..004c74cd43a 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1482,7 +1482,7 @@ static NTSTATUS vfs_gpfs_fget_dos_attributes(struct 
vfs_handle_struct *handle,
char buf[PATH_MAX];
const char *p = NULL;
struct gpfs_iattr64 iattr = { };
-   unsigned int litemask;
+   unsigned int litemask = GPFS_SLITE_EXACT_BITS;
struct timespec ts;
uint64_t file_id;
NTSTATUS status;
@@ -1988,7 +1988,7 @@ static int vfs_gpfs_check_pathref_fstat_x(struct 
gpfs_config_data *config,
  struct connection_struct *conn)
 {
struct gpfs_iattr64 iattr = {0};
-   unsigned int litemask;
+   unsigned int litemask = GPFS_SLITE_EXACT_BITS;
int saved_errno;
int fd;
int ret;


-- 
Samba Shared Repository



[SCM] Samba Shared Repository - branch v4-14-test updated

2022-03-16 Thread Jule Anger
The branch, v4-14-test has been updated
   via  2a9a5185553 s4:auth: let authenticate_ldap_simple_bind() pass down 
the mapped nt4names
   via  65498505cbf auth: let auth logging prefer 
user_info->orig_client.{account,domain}_name if available
   via  f4179deb273 s4:auth: rename user_info->mapped_state to 
user_info->cracknames_called
   via  8fa656cdeed winbindd: don't set mapped_state in 
winbindd_dual_auth_passdb()
   via  9b631f4efeb nsswitch: let test_wbinfo.sh also test wbinfo -a 
$USERNAME@$DOMAIN
   via  57401a170aa s3:auth: make_user_info_map() should not set 
mapped_state
   via  311a4cc141a s4:auth: fix confusing DEBUG message in 
authsam_want_check()
   via  8bdf62eb2d3 s4:auth: check for user_info->mapped.account_name if it 
needs to be filled
   via  9981c6731d0 s4:rpc_server/samr: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  e0222e2fd8b s4:kdc: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  7ef4c442c63 s4:dsdb: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  1d8369c9232 s4:smb_server: don't set mapped_state explicitly in 
auth_usersupplied_info
   via  9d4b98aa568 auth/ntlmssp: don't set mapped_state explicitly in 
auth_usersupplied_info
   via  1ead3a4d0dd s4:auth: encrypt_user_info() should set password_state 
instead of mapped_state
   via  dd91493ed62 s4:auth: a simple bind uses the DCs name as workstation
   via  e7a0e1db90d s3:rpc_client: let rpccli_netlogon_network_logon() 
fallback to workstation = lp_netbios_name()
   via  c331fc104e7 rodc: Add tests for simple BIND alongside NTLMSSP binds
   via  1a0d92a9bef s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as 
inducation for an interactive logon
   via  f0891c0a891 s3:auth: let make_user_info_netlogon_interactive() set 
USER_INFO_INTERACTIVE_LOGON
   via  2472d44f9c9 dsdb/tests: add test_login_basics_simple()
   via  50954766056 dsdb/tests: prepare BasePasswordTestCase for simple 
bind tests
   via  275f57f3796 dsdb/tests: introduce assertLoginSuccess
   via  845d3674286 dsdb/tests: make use of assertLoginFailure helper
   via  6e43d4ca919 dsdb/tests: let all BasePasswordTestCase tests provide 
self.host_url[_ldaps]
   via  657c7c9a34b dsdb/tests: passwords.py don't need to import 
BasePasswordTestCase
   via  5ca48372032 python:tests: let insta_creds() also copy the bind_dn 
from the template
  from  0e793fe124b s3: smbd: Fix our leases code to return the correct 
error in the non-dynamic share case.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test


- Log -
commit 2a9a5185553ba7b4abc6e65680f881ee936842a1
Author: Stefan Metzmacher 
Date:   Thu Mar 3 11:10:00 2022 +0100

s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names

authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.

Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.

Currently this only applies to an RODC that forwards
the request to an RWDC.

But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184

(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)

Autobuild-User(v4-14-test): Jule Anger 
Autobuild-Date(v4-14-test): Wed Mar 16 15:37:02 UTC 2022 on sn-devel-184

commit 65498505cbfab81471e77fd1eedad4c7374be32d
Author: Stefan Metzmacher 
Date:   Thu Mar 3 11:10:00 2022 +0100

auth: let auth logging prefer user_info->orig_client.{account,domain}_name 
if available

The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.

[SCM] Samba Shared Repository - branch v4-16-test updated

2022-03-16 Thread Jule Anger
The branch, v4-16-test has been updated
   via  bf8f8c592b0 s4:auth: let authenticate_ldap_simple_bind() pass down 
the mapped nt4names
   via  7bb17ee5134 auth: let auth logging prefer 
user_info->orig_client.{account,domain}_name if available
   via  f4e39095450 s4:auth: rename user_info->mapped_state to 
user_info->cracknames_called
   via  1e617128adb winbindd: don't set mapped_state in 
winbindd_dual_auth_passdb()
   via  cd29a661e0f nsswitch: let test_wbinfo.sh also test wbinfo -a 
$USERNAME@$DOMAIN
   via  c46c341016d s3:auth: make_user_info_map() should not set 
mapped_state
   via  a219a81ff89 s4:auth: fix confusing DEBUG message in 
authsam_want_check()
   via  e691165b4de s4:auth: check for user_info->mapped.account_name if it 
needs to be filled
   via  03996701fb5 s4:rpc_server/samr: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  b353567acf0 s4:kdc: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  20be02ecfde s4:dsdb: don't set mapped_state in 
auth_usersupplied_info for audit logging
   via  7b31dcbd704 s4:smb_server: don't set mapped_state explicitly in 
auth_usersupplied_info
   via  27a8698ced5 auth/ntlmssp: don't set mapped_state explicitly in 
auth_usersupplied_info
   via  6841fdef65b s4:auth: encrypt_user_info() should set password_state 
instead of mapped_state
   via  9898afd747f s4:auth: a simple bind uses the DCs name as workstation
   via  80f35f7ab6a s3:rpc_client: let rpccli_netlogon_network_logon() 
fallback to workstation = lp_netbios_name()
   via  fcec3b21d9a rodc: Add tests for simple BIND alongside NTLMSSP binds
   via  64b2075c119 s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as 
inducation for an interactive logon
   via  cafbb3e7307 s3:auth: let make_user_info_netlogon_interactive() set 
USER_INFO_INTERACTIVE_LOGON
   via  d92b46a4c04 dsdb/tests: add test_login_basics_simple()
   via  54bb3569e5d dsdb/tests: prepare BasePasswordTestCase for simple 
bind tests
   via  4b245891416 dsdb/tests: introduce assertLoginSuccess
   via  c35de738dad dsdb/tests: make use of assertLoginFailure helper
   via  ff7ffbdf612 dsdb/tests: let all BasePasswordTestCase tests provide 
self.host_url[_ldaps]
   via  43c4dc75e21 dsdb/tests: passwords.py don't need to import 
BasePasswordTestCase
   via  528ed90d03a python:tests: let insta_creds() also copy the bind_dn 
from the template
  from  1fcb5ed30f9 s4-kdc: Fix memory leak in FAST cookie handling

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -
commit bf8f8c592b0395562a7bd296505c24ec09f65e4b
Author: Stefan Metzmacher 
Date:   Thu Mar 3 11:10:00 2022 +0100

s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names

authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.

Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.

Currently this only applies to an RODC that forwards
the request to an RWDC.

But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184

(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)

Autobuild-User(v4-16-test): Jule Anger 
Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184

commit 7bb17ee5134fa8cbcc2278da142defa4834bd2b3
Author: Stefan Metzmacher 
Date:   Thu Mar 3 11:10:00 2022 +0100

auth: let auth logging prefer user_info->orig_client.{account,domain}_name 
if available

The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.

This will be important for the ne

[SCM] Samba Shared Repository - branch master updated

2022-03-16 Thread Günther Deschner
The branch, master has been updated
   via  68d181ee676 s3:libads: Fix creating local krb5.conf
   via  12c843ad0a9 s3:libads: Check print_canonical_sockaddr_with_port() 
for NULL in get_kdc_ip_string()
   via  cca189d0934 s3:libads: Remove obsolete free's of kdc_str
   via  652c8ce1672 s3:libads: Allocate all memory on the talloc stackframe
   via  812032833aa s3:libads: Use talloc_asprintf_append() in 
get_kdc_ip_string()
   via  7f721dc2eee s3:libads: Improve debug messages for 
get_kdc_ip_string()
   via  313f03c7848 s3:libads: Leave early on error in get_kdc_ip_string()
   via  567b1996796 s3:libads: Remove trailing spaces in kerberos.c
   via  d2ac90cdd56 testprogs: Add test that local krb5.conf has been 
created
  from  d8e966da1c8 smbd: Remove a few vfs_stat() calls

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c
Author: Andreas Schneider 
Date:   Tue Mar 15 13:10:06 2022 +0100

s3:libads: Fix creating local krb5.conf

We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184

commit 12c843ad0a97fcbaaea738b82941533e5d2aec99
Author: Andreas Schneider 
Date:   Tue Mar 15 13:02:05 2022 +0100

s3:libads: Check print_canonical_sockaddr_with_port() for NULL in 
get_kdc_ip_string()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit cca189d0934790418e27d9d01282370b1e6a057f
Author: Andreas Schneider 
Date:   Tue Mar 15 12:57:18 2022 +0100

s3:libads: Remove obsolete free's of kdc_str

This is allocated on the stackframe now!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit 652c8ce1672dfead00c7af6af22e3bb3927764ec
Author: Andreas Schneider 
Date:   Tue Mar 15 12:56:58 2022 +0100

s3:libads: Allocate all memory on the talloc stackframe

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit 812032833aa65729dbbfd4313a6e3fe072c88530
Author: Andreas Schneider 
Date:   Tue Mar 15 12:48:23 2022 +0100

s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26
Author: Andreas Schneider 
Date:   Tue Mar 15 12:10:47 2022 +0100

s3:libads: Improve debug messages for get_kdc_ip_string()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit 313f03c78487ae49747b8143220ecbfe8ad9310a
Author: Andreas Schneider 
Date:   Tue Mar 15 12:04:34 2022 +0100

s3:libads: Leave early on error in get_kdc_ip_string()

This avoids useless allocations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit 567b1996796e5d3cf572653f38817d832fa135ca
Author: Andreas Schneider 
Date:   Tue Mar 15 12:03:40 2022 +0100

s3:libads: Remove trailing spaces in kerberos.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f
Author: Andreas Schneider 
Date:   Tue Mar 15 16:53:02 2022 +0100

testprogs: Add test that local krb5.conf has been created

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

---

Summary of changes:
 source3/libads/kerberos.c  | 80 +-
 testprogs/blackbox/test_net_ads.sh |  6 +++
 2 files changed, 50 insertions(+), 36 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 75beeef4a44..3fd86e87064 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -1,4 +1,4 @@
-/* 
+/*
Unix SMB/CIFS implementation.
kerberos utility library
Copyright (C) Andrew Tridgell 2001
@@ -37,11 +37,11 @@
 #define LIBADS_CCACHE_NAME "MEMORY:libads"
 
 /*
-  we use a prompter to avoid a crash bug in the kerberos libs when 
+  we use a prompter to avoid a crash bug in the kerberos libs when
   dealing with empty passwords