[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self from dd998cc1633 s3:winbindd: Fix double close(fd) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e86e0da9de6a7d108348ad37f1ae9885ebb74c37 Author: Andrew Bartlett Date: Fri Jul 21 16:56:49 2023 +1200 WHATSNEW: Add TLS cert reload feature Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Jul 25 21:02:35 UTC 2023 on atb-devel-224 commit a1b1f8ffd20dac0c04959abe056ce8265f3b5d66 Author: Andrew Bartlett Date: Fri Jul 21 16:44:54 2023 +1200 doc-xml: Add entry for reload-certs for new LDAP certificate reload function Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall commit 9facc2e1d85c408b18c1551fcb32ef09b3039423 Author: Andrew Bartlett Date: Fri Jul 21 16:42:23 2023 +1200 docs-xml: Fix invalid XML in smbcontrol manpage This was picked by a mode in Emacs. Reviewed-by: Douglas Bagnall Signed-off-by: Andrew Bartlett commit 4516fee9b5265f62388f927f188634525e4f489c Author: Jule Anger Date: Mon Jun 5 15:23:11 2023 +0200 testprogs/blackbox: add test_ldap_tls_reload.sh This tests the reload (and if needed regeneration) of tls certificates. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 0c7cfb7a11516ac685c4283d080701346e0d5a70 Author: Jule Anger Date: Wed Mar 1 09:53:53 2023 + s4:ldap_server: reload tls certificates on smbcontrol reload-certs Reload certificates with the command 'smbcontrol ldap_server reload-certs'. The message is send to the master process, who forwards it to the workers processes. The master process reload and, if necessary, create the certificates first, then the workers processes reload them. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 321162c9bfc7c0385d894171cc145eb52f6f1a2a Author: Jule Anger Date: Tue Jan 31 13:50:06 2023 +0100 s4:ldap_server: remember dns_host_name in ldap_service Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit cc4995d932d4566f12735bcad9bcc4cd96bfc151 Author: Jule Anger Date: Wed Mar 1 09:53:53 2023 + s4:ldap_server: don't store task_server in ldapsrv_service We store individual pointers we need and adjust them as needed in ldapsrv_post_fork() and the newly added ldapsrv_before_loop(). This will be required for the next steps. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 7804bf55ad036336c357be117a3282d15d633a84 Author: Jule Anger Date: Tue Jan 31 15:08:31 2023 +0100 s4:tls_tstream: create tstream_tls_params_internal The following commits will implement the reloading of tls certificates. Therefore we need to overwrite the interal memory. Note we need to make sure x509_cred and dh_params from tstream_tls_params_internal stay alive for the whole lifetime of this session! See 'man gnutls_credentials_set' and 'man gnutls_certificate_set_dh_params'. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit bed915d098e27bb21249227e671146ef42f52129 Author: jule Date: Mon Feb 6 13:28:36 2023 + s3:smbcontrol: improve destination resolution using names db With this change it's possible to use 'smbcontrol ldap_server ...' instead of
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd998cc1633 s3:winbindd: Fix double close(fd) from 61c951e063e mdscli: correct handling of in-progress searches https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd998cc163358edd6c748e40900247877f91eb1f Author: Pavel Filipenský Date: Tue Jul 25 11:16:56 2023 +0200 s3:winbindd: Fix double close(fd) Reported by Red Hat internal coverity BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224 --- Summary of changes: source3/winbindd/winbindd_cm.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 23dbb9c0cb7..9f56596669b 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -708,6 +708,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, * connect to a foreign domain * without a direct outbound trust. */ + close(sockfd); return NT_STATUS_NO_TRUST_LSA_SECRET; } @@ -761,6 +762,13 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto done; } + /* +* cm_prepare_connection() is responsible that sockfd does not leak. +* Once cli_state_create() returns with success, the +* smbXcli_conn_destructor() makes sure that close(sockfd) is finally +* called. Till that, close(sockfd) must be called on every unsuccessful +* return. +*/ *cli = cli_state_create(NULL, sockfd, controller, smb_sign_client_connections, flags); if (*cli == NULL) { @@ -1749,8 +1757,6 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) { break; } - close(fd); - fd = -1; if (!retry) { break; } -- Samba Shared Repository