date:20230725

[SCM] Samba Shared Repository - branch master updated

2023-07-25 Thread Andrew Bartlett

The branch, master has been updated
   via  e86e0da9de6 WHATSNEW: Add TLS cert reload feature
   via  a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP 
certificate reload function
   via  9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage
   via  4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh
   via  0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol 
reload-certs
   via  321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service
   via  cc4995d932d s4:ldap_server: don't store task_server in 
ldapsrv_service
   via  7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal
   via  bed915d098e s3:smbcontrol: improve destination resolution using 
names db
   via  1472e4c9dbf s4:process_prefork: create new messaging context for 
the master process
   via  3af6ad6eea7 s4:process: add method called before entering the 
tevent_loop_wait
   via  c8ee3d45252 s4:process_prefork: avoid memory leaks caused by 
messaging_post_self
  from  dd998cc1633 s3:winbindd: Fix double close(fd)

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e86e0da9de6a7d108348ad37f1ae9885ebb74c37
Author: Andrew Bartlett 
Date:   Fri Jul 21 16:56:49 2023 +1200

WHATSNEW: Add TLS cert reload feature

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Jul 25 21:02:35 UTC 2023 on atb-devel-224

commit a1b1f8ffd20dac0c04959abe056ce8265f3b5d66
Author: Andrew Bartlett 
Date:   Fri Jul 21 16:44:54 2023 +1200

doc-xml: Add entry for reload-certs for new LDAP certificate reload function

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

commit 9facc2e1d85c408b18c1551fcb32ef09b3039423
Author: Andrew Bartlett 
Date:   Fri Jul 21 16:42:23 2023 +1200

docs-xml: Fix invalid XML in smbcontrol manpage

This was picked by a mode in Emacs.

Reviewed-by: Douglas Bagnall 
Signed-off-by: Andrew Bartlett 

commit 4516fee9b5265f62388f927f188634525e4f489c
Author: Jule Anger 
Date:   Mon Jun 5 15:23:11 2023 +0200

testprogs/blackbox: add test_ldap_tls_reload.sh

This tests the reload (and if needed regeneration) of
tls certificates.

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Jule Anger 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit 0c7cfb7a11516ac685c4283d080701346e0d5a70
Author: Jule Anger 
Date:   Wed Mar 1 09:53:53 2023 +

s4:ldap_server: reload tls certificates on smbcontrol reload-certs

Reload certificates with the command 'smbcontrol ldap_server reload-certs'.
The message is send to the master process, who forwards it to the workers
processes.
The master process reload and, if necessary, create the certificates first,
then the workers processes reload them.

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Jule Anger 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit 321162c9bfc7c0385d894171cc145eb52f6f1a2a
Author: Jule Anger 
Date:   Tue Jan 31 13:50:06 2023 +0100

s4:ldap_server: remember dns_host_name in ldap_service

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Jule Anger 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit cc4995d932d4566f12735bcad9bcc4cd96bfc151
Author: Jule Anger 
Date:   Wed Mar 1 09:53:53 2023 +

s4:ldap_server: don't store task_server in ldapsrv_service

We store individual pointers we need and adjust them
as needed in ldapsrv_post_fork() and the newly added
ldapsrv_before_loop().

This will be required for the next steps.

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Jule Anger 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit 7804bf55ad036336c357be117a3282d15d633a84
Author: Jule Anger 
Date:   Tue Jan 31 15:08:31 2023 +0100

s4:tls_tstream: create tstream_tls_params_internal

The following commits will implement the reloading of tls certificates.
Therefore we need to overwrite the interal memory.

Note we need to make sure x509_cred and dh_params from
tstream_tls_params_internal stay alive for the whole lifetime
of this session!

See 'man gnutls_credentials_set' and
'man gnutls_certificate_set_dh_params'.

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Jule Anger 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit bed915d098e27bb21249227e671146ef42f52129
Author: jule 
Date:   Mon Feb 6 13:28:36 2023 +

s3:smbcontrol: improve destination resolution using names db

With this change it's possible to use 'smbcontrol ldap_server ...'
instead of

[SCM] Samba Shared Repository - branch master updated

2023-07-25 Thread Pavel Filipensky

The branch, master has been updated
   via  dd998cc1633 s3:winbindd: Fix double close(fd)
  from  61c951e063e mdscli: correct handling of in-progress searches

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit dd998cc163358edd6c748e40900247877f91eb1f
Author: Pavel Filipenský 
Date:   Tue Jul 25 11:16:56 2023 +0200

s3:winbindd: Fix double close(fd)

Reported by Red Hat internal coverity

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433

Signed-off-by: Pavel Filipenský 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Pavel Filipensky 
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224

---

Summary of changes:
 source3/winbindd/winbindd_cm.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 23dbb9c0cb7..9f56596669b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -708,6 +708,7 @@ static NTSTATUS cm_prepare_connection(struct 
winbindd_domain *domain,
 * connect to a foreign domain
 * without a direct outbound trust.
 */
+   close(sockfd);
return NT_STATUS_NO_TRUST_LSA_SECRET;
}
 
@@ -761,6 +762,13 @@ static NTSTATUS cm_prepare_connection(struct 
winbindd_domain *domain,
goto done;
}
 
+   /*
+* cm_prepare_connection() is responsible that sockfd does not leak.
+* Once cli_state_create() returns with success, the
+* smbXcli_conn_destructor() makes sure that close(sockfd) is finally
+* called. Till that, close(sockfd) must be called on every unsuccessful
+* return.
+*/
*cli = cli_state_create(NULL, sockfd, controller,
smb_sign_client_connections, flags);
if (*cli == NULL) {
@@ -1749,8 +1757,6 @@ static NTSTATUS cm_open_connection(struct winbindd_domain 
*domain,
if (NT_STATUS_IS_OK(result)) {
break;
}
-   close(fd);
-   fd = -1;
if (!retry) {
break;
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

2 matches

Site Navigation

Mail list logo

Footer information