[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 52cb127f16a docs: fix a typo in history file from 5303f6f7fd1 s4:torture/smb2: add smb2.bench.read test https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 52cb127f16ad93a7f8e3855a338404d3c146a07f Author: Björn Baumbach Date: Thu Jun 1 11:28:00 2023 +0200 docs: fix a typo in history file Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Jun 1 12:46:04 UTC 2023 on atb-devel-224 --- Summary of changes: docs-xml/archives/history | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/archives/history b/docs-xml/archives/history index 5ba8feac631..6428d2d1802 100644 --- a/docs-xml/archives/history +++ b/docs-xml/archives/history @@ -1,6 +1,6 @@ Contributor: Andrew Tridgell and the Samba Team Date: June 27, 1997 -Satus: Always out of date! (Would not be the same without it!) +Status:Always out of date! (Would not be the same without it!) Subject: A bit of history and a bit of fun -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e3cfb99d286 net: add hint which options can be used with net ads dns register command via 529ef99d7c5 testprogs: add test for new net ads dns register --dns-ttl option via 0ea27849062 docs: documentation for new net --dns-ttl option via 36ed126f4c3 net: add new --dns-ttl option to specify the ttl of dns records via a320089a248 testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed) via 350fe63a192 testprogs/blackbox/test_special_group.sh: verify test results ($failed) via ca3fbde2c8d testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed) via 74dbfc4da6d testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK via cc3696f51d1 testprogs: remove used records in "net ads dns" tests via 8f53f32bfff testprogs: use more unique names in "net ads dns" tests via 80d58ead5e1 testprogs: remove only used dns records in "net ads dns" tests via 9fa659cc1fd testprogs: use uniqe names in "net ads dns" tests to avoid conflicts via 582621109b5 testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description via 1b2627fc705 testprogs: net ads dns tests: remove test user after usage. via 5e62d580f45 testprogs: fix some "net ads dns" tests from c28f61b6bbd Add a git-blame-ignore-revs file https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----- commit e3cfb99d2864ba288a152a2b4ff35fc9ec65fead Author: Björn Baumbach Date: Thu Feb 16 19:20:14 2023 +0100 net: add hint which options can be used with net ads dns register command Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224 commit 529ef99d7c546de5a655de83a87b6de98459cc07 Author: Björn Baumbach Date: Tue Feb 21 18:00:41 2023 +0100 testprogs: add test for new net ads dns register --dns-ttl option Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 0ea2784906241468dc5b01f0b452dd8821cd1a2f Author: Björn Baumbach Date: Thu Feb 23 17:09:22 2023 +0100 docs: documentation for new net --dns-ttl option Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 36ed126f4c3d91ba3154bd78c8becff9a15a4769 Author: Björn Baumbach Date: Thu Feb 16 18:36:37 2023 +0100 net: add new --dns-ttl option to specify the ttl of dns records Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit a320089a248fe307fb29d92436c72e24917e9f90 Author: Björn Baumbach Date: Wed Feb 22 19:29:02 2023 + testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed) Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 350fe63a192c33944a2891ebd873bbc55442ea3d Author: Björn Baumbach Date: Wed Feb 22 19:28:26 2023 + testprogs/blackbox/test_special_group.sh: verify test results ($failed) Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit ca3fbde2c8d7ab78e02776c6e196d8294278b199 Author: Björn Baumbach Date: Wed Feb 22 19:26:34 2023 + testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed) Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 74dbfc4da6d8693ea3a1b1ac174dba83151cff7a Author: Björn Baumbach Date: Wed Feb 22 19:20:51 2023 + testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit cc3696f51d10796841ffd26aea5fae7e3154b803 Author: Björn Baumbach Date: Fri Feb 24 16:52:05 2023 +0100 testprogs: remove used records in "net ads dns" tests Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 8f53f32b61c35cbd06b9e74408e680fb6abb Author: Björn Baumbach Date: Fri Feb 24 16:27:17 2023 +0100 testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 80d58ead5e1e23c95cb9da45737f1b7228854efb Author: Björn Baumbach Date: Fri Feb 24 16:35:02 2023 +0100 testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett commit 9fa659cc1fd8a4ff05ce70923317113571345e4f Author: Bj
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8fbadada8c0 lib/tsocket: fix a typo in the tsocket guide doc via 1289575af2c s3/libsmb: fix a typo in parameter description via 5a017b113ed samba-tool domain: fix a typo in samba-tool passwordsettings option description via 86fde91621b auth/creds: fix a typo in a comment from 3d3d01cda8d s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8fbadada8c00ff7df311bd7868011f01e797a4e8 Author: Björn Baumbach Date: Tue Jan 17 12:28:36 2023 +0100 lib/tsocket: fix a typo in the tsocket guide doc Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Tue Jan 17 18:23:18 UTC 2023 on sn-devel-184 commit 1289575af2c99d8abd5abfd5d1f90d1664d3e7f2 Author: Björn Baumbach Date: Tue Jan 17 12:29:28 2023 +0100 s3/libsmb: fix a typo in parameter description Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme commit 5a017b113ed902eb73f2233321d1fbe8d97c10c8 Author: Björn Baumbach Date: Tue Jan 17 12:27:01 2023 +0100 samba-tool domain: fix a typo in samba-tool passwordsettings option description Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme commit 86fde91621b9190df1a8df290441575ca284e6ed Author: Björn Baumbach Date: Tue Jan 17 12:26:10 2023 +0100 auth/creds: fix a typo in a comment Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme --- Summary of changes: auth/credentials/credentials_cmdline.c | 2 +- lib/tsocket/tsocket_guide.txt | 2 +- python/samba/netcmd/domain.py | 2 +- source3/libsmb/cliconnect.c| 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_cmdline.c b/auth/credentials/credentials_cmdline.c index 11b1ab9ecd2..c8c7c183c22 100644 --- a/auth/credentials/credentials_cmdline.c +++ b/auth/credentials/credentials_cmdline.c @@ -65,7 +65,7 @@ fail: bool cli_credentials_set_cmdline_callbacks(struct cli_credentials *cred) { /* -* The there is no tty, then we will try to read the password from +* If there is no tty, we will try to read the password from * stdin. */ return cli_credentials_set_password_callback(cred, diff --git a/lib/tsocket/tsocket_guide.txt b/lib/tsocket/tsocket_guide.txt index afd0bd37dbc..7c925d4f1db 100644 --- a/lib/tsocket/tsocket_guide.txt +++ b/lib/tsocket/tsocket_guide.txt @@ -216,7 +216,7 @@ state for this function. The tstream_readv_pdu engine will ask the next_vector function for the next iovec vector to be used. There is a tstream_readv_send/recv pair for each vector returned by the next_vector function. If the next_vector function detects -it received a full pdu, it returns an empty vector. The the callback +it received a full pdu, it returns an empty vector. The callback of the tevent_req (returned by tstream_readv_pdu_send()) is triggered. Note: the buffer allocation is completely up to the next_vector function and its private state. diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index cf8c089c13d..582a17f0fff 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -1352,7 +1352,7 @@ class cmd_domain_passwordsettings_set(Command): Option("--max-pwd-age", help="The maximum password age ( | default). Default is 43.", type=str), Option("--account-lockout-duration", - help="The length of time an account is locked out after exeeding the limit on bad password attempts ( | default). Default is 30 mins.", type=str), + help="The length of time an account is locked out after exceeding the limit on bad password attempts ( | default). Default is 30 mins.", type=str), Option("--account-lockout-threshold", help="The number of bad password attempts allowed before locking out the account ( | default). Default is 0 (never lock out).", type=str), Option("--reset-account-lockout-after", diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index edbd2477f60..b687a22e11c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2786,7 +2786,7 @@ static void cli_start_connection_done(struct tevent_req *subreq); establishes a connection to after the negprot. @param output_cli A fully initialised cli structure, non-null only on success @param dest_host The netbios name of the remote ho
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2e2426e5157 samba-tool group listmembers: always list objects which can not expire via 86f2b8dab11 test samba-tool group listmembers: test listing contacts as group members via 6fcde09f093 pyldb: fix a typo from 16d1abb63eb lib:replace: Fix possible resource leaks in test_closefrom() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2e2426e51576aae6211950b25aaacdd97815b111 Author: Björn Baumbach Date: Fri Apr 23 18:03:53 2021 +0200 samba-tool group listmembers: always list objects which can not expire Otherwise for example contacts wouldn't be listed when the --hide-expired option is used. Contacts typically do not have the accountExpires attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692 Signed-off-by: Björn Baumbach Reviewed-by: Rowland penny Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Mon Apr 26 13:21:43 UTC 2021 on sn-devel-184 commit 86f2b8dab1102974d32275282dfe69f4af5b6834 Author: Björn Baumbach Date: Fri Apr 23 18:01:33 2021 +0200 test samba-tool group listmembers: test listing contacts as group members Make sure that contacts are listed as group members, even if the --hide-expired option is used. Expect failure. Fix follows up. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692 Signed-off-by: Björn Baumbach Reviewed-by: Rowland penny commit 6fcde09f093db5d26c582a3c28531265f06b9fde Author: Björn Baumbach Date: Mon Jan 18 16:48:21 2021 +0100 pyldb: fix a typo Signed-off-by: Björn Baumbach Reviewed-by: Rowland penny --- Summary of changes: lib/ldb/pyldb.c | 2 +- python/samba/netcmd/group.py | 7 +-- source4/setup/tests/blackbox_group.sh | 9 + 3 files changed, 15 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index 7802757eb78..be01b24325b 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -4279,7 +4279,7 @@ static PyMethodDef py_ldb_global_methods[] = { "S.string_to_time(string) -> int\n\n" "Parse a LDAP time string into a UNIX timestamp." }, { "valid_attr_name", py_valid_attr_name, METH_VARARGS, - "S.valid_attr_name(name) -> bool\n\nn" + "S.valid_attr_name(name) -> bool\n\n" "Check whether the supplied name is a valid attribute name." }, { "binary_encode", py_binary_encode, METH_VARARGS, "S.binary_encode(string) -> string\n\n" diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index a958db2c42c..3c8a9054339 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -544,8 +544,11 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com filter_expires = "" if hide_expired is True: current_nttime = samdb.get_nttime() -filter_expires = \ -"(|(accountExpires=0)(accountExpires>=%u))" % (current_nttime) +filter_expires = ("(|" + "(!(accountExpires=*))" + "(accountExpires=0)" + "(accountExpires>=%u)" + ")" % (current_nttime)) filter_disabled = "" if hide_disabled is True: diff --git a/source4/setup/tests/blackbox_group.sh b/source4/setup/tests/blackbox_group.sh index ae3a9849a70..5fa622ecb25 100755 --- a/source4/setup/tests/blackbox_group.sh +++ b/source4/setup/tests/blackbox_group.sh @@ -132,6 +132,15 @@ testit_expect_failure "group addmembers contact failure" $PYTHON $samba_tool gro # test add contact with --object-types=all testit "group addmembers contact object-type all" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --object-types=all +# test listing contacts as group members +testit_grep "group listmembers contact" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg + +# test listing contacts as group members +# Make sure that the test contact is listed, because it does not have the +# accountExpires attribute and can not expire. +testit_grep "group listmembers contact hide-expired" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-expired +testit_grep "group listmembers contact hide-disabled" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-disabled + # test remove contact with --object-types=all testit "group removemembers contact object-type all" $PYTHON $samba_tool group removemembers $CONFIG dsg testcontact --object-types=all -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6686db1132b samba-tool gpo: add missing newline to admxload warning via 2d6bed495e1 samba-gpupdate: Check sysvol download paths in case-insensitive way via 554f2134a9f samba-gpupdate: Test that sysvol paths download in case-insensitive way via 6054564d4f2 samba-gpupdate: Enable the Startup Scripts Extension via 88c9c291b0b samba-tool: gpo manage sudoers handle missing and dispersed principal names via bba91c462e6 samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names from 9c682d794e6 Update status of SMB_VFS_SETXATTR https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6686db1132b3a61c5b6bbbc80b9c8107f53b994b Author: Björn Baumbach Date: Tue Mar 9 13:11:08 2021 +0100 samba-tool gpo: add missing newline to admxload warning Signed-off-by: Björn Baumbach Reviewed-by: David Mulder Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Mar 11 21:41:04 UTC 2021 on sn-devel-184 commit 2d6bed495e14349e19ba680bd72c3f110f1c397b Author: David Mulder Date: Tue Mar 9 11:13:40 2021 -0700 samba-gpupdate: Check sysvol download paths in case-insensitive way https://bugzilla.samba.org/show_bug.cgi?id=14665 Signed-off-by: David Mulder Reviewed-by: Björn Baumbach commit 554f2134a9f9638ebd8ac2500e5b6c94b74c27d5 Author: David Mulder Date: Tue Mar 9 12:30:14 2021 -0700 samba-gpupdate: Test that sysvol paths download in case-insensitive way Bug: https://bugzilla.samba.org/show_bug.cgi?id=14665 Signed-off-by: David Mulder Reviewed-by: Björn Baumbach commit 6054564d4f2fa8b14e24d72f1655c559ad1ce016 Author: David Mulder Date: Tue Mar 9 09:28:15 2021 -0700 samba-gpupdate: Enable the Startup Scripts Extension Signed-off-by: David Mulder Reviewed-by: Björn Baumbach commit 88c9c291b0b928fc404d9f19eb55c5fa62266f93 Author: David Mulder Date: Tue Mar 9 09:16:27 2021 -0700 samba-tool: gpo manage sudoers handle missing and dispersed principal names If we don't anticipate a missing principal name, samba-tool crashes. Also, principal names could be in dispersed listelements. Signed-off-by: David Mulder Reviewed-by: Björn Baumbach commit bba91c462e697d91496e7d7f31d85b46422db6fa Author: David Mulder Date: Tue Mar 9 14:14:24 2021 -0700 samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names Signed-off-by: David Mulder Reviewed-by: Björn Baumbach --- Summary of changes: python/samba/gpclass.py | 5 +-- python/samba/netcmd/gpo.py | 12 ++-- python/samba/tests/gpo.py| 10 ++ python/samba/tests/samba_tool/gpo.py | 59 source4/scripting/bin/samba-gpupdate | 2 ++ 5 files changed, 83 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index 51b006f7f7f..7d3841ba8da 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -393,8 +393,9 @@ def cache_gpo_dir(conn, cache, sub_dir): def check_safe_path(path): dirs = re.split('/|', path) -if 'sysvol' in path: -dirs = dirs[dirs.index('sysvol') + 1:] +if 'sysvol' in path.lower(): +ldirs = re.split('/|', path.lower()) +dirs = dirs[ldirs.index('sysvol') + 1:] if '..' not in dirs: return os.path.join(*dirs) raise OSError(path) diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index cb70367509e..1b4159c4c0c 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1674,7 +1674,7 @@ class cmd_admxload(Command): 'in the Group Policy Management Console. You will ' 'need to install these templates ' 'from https://www.microsoft.com/en-us/download/102157 ' -'to continue using Windows Administrative Templates. ') +'to continue using Windows Administrative Templates.\n') class cmd_add_sudoers(Command): """Adds a Samba Sudoers Group Policy to the sysvol @@ -1859,7 +1859,10 @@ samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9} for entry in data.findall('sudoers_entry'): command = entry.find('command').text user = entry.find('user').text -principals = entry.find('listelement').findall('principal') +listelements = entry.findall(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 84c130a6555 samba-tool group show: only shows global security groups, this patch makes it show all groups. from 130c26b43ff dbwrap: fix possible memleak and false result check. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 84c130a65557a43972e11f8fe26cfd19305c6328 Author: Rowland Penny Date: Thu Apr 2 09:29:18 2020 +0100 samba-tool group show: only shows global security groups, this patch makes it show all groups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14335 Signed-off-by: Rowland Penny Reviewed-by: Björn Baumbach Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Apr 2 15:27:53 UTC 2020 on sn-devel-184 --- Summary of changes: python/samba/netcmd/group.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 76705100960..d973c750b86 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -696,9 +696,8 @@ Example3 shows how to display a groups objectGUID and member attributes. if group_attrs: attrs = group_attrs.split(",") -filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % - (ATYPE_SECURITY_GLOBAL_GROUP, - ldb.binary_encode(groupname))) +filter = ("(&(objectCategory=group)(sAMAccountName=%s))" % + ldb.binary_encode(groupname)) domaindn = samdb.domain_dn() -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e45e0912d99 s3-libads: use dns name to open a ldap session from 4d784590a9c [s4] possible memleak in torture vfs-fruit https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e45e0912d99335f4feec7f937180ea21f7f62a72 Author: Björn Baumbach Date: Mon Feb 10 19:19:44 2020 +0100 s3-libads: use dns name to open a ldap session Required for working certificate verification. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13124 Signed-off-by: Björn Baumbach Reviewed-by: Bjoern Jacke Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Mar 5 12:29:26 UTC 2020 on sn-devel-184 --- Summary of changes: source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index a630c5a0345..01e10c1260c 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -669,7 +669,7 @@ got_connection: /* Otherwise setup the TCP LDAP session */ - ads->ldap.ld = ldap_open_with_timeout(addr, + ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, &ads->ldap.ss, ads->ldap.port, lp_ldap_timeout()); if (ads->ldap.ld == NULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f1577c2bc13 lib: Fix a shutdown crash with "clustering = yes" via 7209357f9ba lib: Introduce messaging_context->per_process_talloc_ctx via dab982d88e9 lib: Add a TALLOC_CTX to base register_msg_pool_usage() on via 8a23031b7bf lib: Simplify register_msg_pool_usage() from 4de1e3207ba ctdb-docs: Provide example commands for "ctdb event ..." https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f1577c2bc13c91ea912ae461870e470065f250c1 Author: Volker Lendecke Date: Tue Feb 11 22:10:32 2020 +0100 lib: Fix a shutdown crash with "clustering = yes" This is a bit confusing now, sorry for that: register_msg_pool_usage() in the ctdb case uses messaging_ctdb_register_tevent_context(), which talloc_reference()s the central struct messaging_ctdb_fde_ev of the messaging_ctdb_context. In messaging_reinit(), we talloc_free only one of those references and allocate a new messaging_ctdb_fde_ev. The remaining messaging_ctdb_fde_ev should have been deleted as well, but due to the second reference this does not happen. When doing the shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on the properly reinitialized fde_ev, and once much later on the leftover one which references invalid data structures. By the way, this is not a problem with talloc_reference(), this would have happened with explicit refcounting too. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184 commit 7209357f9ba5525a207d301b299931d6bdee9c2f Author: Volker Lendecke Date: Tue Feb 11 21:57:42 2020 +0100 lib: Introduce messaging_context->per_process_talloc_ctx Consolidate "msg_dgm_ref" and "msg_ctdb_ref": The only purpose of those pointers was to TALLOC_FREE() them in messaging_reinit(). We'll have a third entity to talloc_free() in the next commit, make that simpler. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Reviewed-by: Stefan Metzmacher commit dab982d88e9132cbff52db22f441c08ee59bb159 Author: Volker Lendecke Date: Tue Feb 11 21:47:39 2020 +0100 lib: Add a TALLOC_CTX to base register_msg_pool_usage() on Add a simple way to deactivate the registration Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Reviewed-by: Stefan Metzmacher commit 8a23031b7bfea4cdaa71d6815bca24dcc3685b22 Author: Volker Lendecke Date: Tue Feb 11 21:26:18 2020 +0100 lib: Simplify register_msg_pool_usage() We can do as much as we want in the filter. This gives us automatic retry, we don't have to do the messaging_filtered_read_send() over and over again Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Reviewed-by: Stefan Metzmacher --- Summary of changes: source3/include/proto.h | 3 +- source3/lib/messages.c | 87 - source3/lib/tallocmsg.c | 62 +-- 3 files changed, 81 insertions(+), 71 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index e03486f07ab..6ac70a22beb 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -266,7 +266,8 @@ bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, /* The following definitions come from lib/tallocmsg.c */ -void register_msg_pool_usage(struct messaging_context *msg_ctx); +void register_msg_pool_usage(TALLOC_CTX *mem_ctx, +struct messaging_context *msg_ctx); /* The following definitions come from lib/time.c */ diff --git a/source3/lib/messages.c b/source3/lib/messages.c index a6bf99578b6..63d6362e0c9 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -97,10 +97,9 @@ struct messaging_context { struct tevent_req **waiters; size_t num_waiters; - void *msg_dgm_ref; - void *msg_ctdb_ref; - struct server_id_db *names_db; + + TALLOC_CTX *per_process_talloc_ctx; }; static struct messaging_rec *messaging_rec_dup(TALLOC_CTX *mem_ctx, @@ -484,6 +483,7 @@ static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx, int ret; const char *lck_path; const char *priv_path; + void *ref;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via de768710e16 tests/DNS: add MX/SRV record tests with multiple spaces via af7a0e3371e samba-tool: fix adding of dns SRV/MX/SOA records via 89ed960b1da tests/DNS: .COM shouldn't be a valid DNS record from b07eff31de4 net_ads_gpo: remove old '#if 0' blocks https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit de768710e1677c591bf1b360a5de1321ad3a4d91 Author: Björn Jacke Date: Mon Jan 13 13:02:29 2020 +0100 tests/DNS: add MX/SRV record tests with multiple spaces BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788 Signed-off-by: Bjoern Jacke Reviewed-by: Björn Baumbach Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Tue Jan 14 11:58:20 UTC 2020 on sn-devel-184 commit af7a0e3371e1ae219239a91cb665097abbd50f3e Author: Björn Jacke Date: Mon Jan 13 00:21:41 2020 +0100 samba-tool: fix adding of dns SRV/MX/SOA records Thanks to Denis Cardon for finding BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788 Signed-off-by: Bjoern Jacke Reviewed-by: Andreas Schneider Reviewed-by: Björn Baumbach commit 89ed960b1da48ddcc459514871963b87503fd9ad Author: Björn Jacke Date: Mon Jan 13 12:49:42 2020 +0100 tests/DNS: \n.COM shouldn't be a valid DNS record BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788 Signed-off-by: Bjoern Jacke Reviewed-by: Björn Baumbach --- Summary of changes: python/samba/netcmd/dns.py | 6 +++--- python/samba/tests/samba_tool/dnscmd.py | 9 + 2 files changed, 8 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py index d9fda0b93cd..6cf8d40b2aa 100644 --- a/python/samba/netcmd/dns.py +++ b/python/samba/netcmd/dns.py @@ -417,14 +417,14 @@ def data_to_dns_record(record_type, data): elif record_type == dnsp.DNS_TYPE_NS: rec = NSRecord(data) elif record_type == dnsp.DNS_TYPE_MX: -tmp = data.split(' ') +tmp = data.split() if len(tmp) != 2: raise CommandError('Data requires 2 elements - mail_server, preference') mail_server = tmp[0] preference = int(tmp[1]) rec = MXRecord(mail_server, preference) elif record_type == dnsp.DNS_TYPE_SRV: -tmp = data.split(' ') +tmp = data.split() if len(tmp) != 4: raise CommandError('Data requires 4 elements - server, port, priority, weight') server = tmp[0] @@ -433,7 +433,7 @@ def data_to_dns_record(record_type, data): weight = int(tmp[3]) rec = SRVRecord(server, port, priority=priority, weight=weight) elif record_type == dnsp.DNS_TYPE_SOA: -tmp = data.split(' ') +tmp = data.split() if len(tmp) != 7: raise CommandError('Data requires 7 elements - nameserver, email, serial, ' 'refresh, retry, expire, minimumttl') diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py index e1459fee9ac..356b2c46d05 100644 --- a/python/samba/tests/samba_tool/dnscmd.py +++ b/python/samba/tests/samba_tool/dnscmd.py @@ -47,7 +47,6 @@ class DnsCmdTestCase(SambaToolCmdTest): "1.EXAMPLE.COM", "%sEXAMPLE.COM" % ("1." * 100), "EXAMPLE", -"\n.COM", "!@#$%^&*()_", "HIGH\xFFBYTE", "@.EXAMPLE.COM", @@ -58,14 +57,16 @@ class DnsCmdTestCase(SambaToolCmdTest): "", "SAMDOM..EXAMPLE.COM"] -good_mx = ["SAMDOM.EXAMPLE.COM 65530"] +good_mx = ["SAMDOM.EXAMPLE.COM 65530", + "SAMDOM.EXAMPLE.COM 0"] bad_mx = ["SAMDOM.EXAMPLE.COM -1", "SAMDOM.EXAMPLE.COM", " ", "SAMDOM.EXAMPLE.COM 1 1", "SAMDOM.EXAMPLE.COM SAMDOM.EXAMPLE.COM"] -good_srv = ["SAMDOM.EXAMPLE.COM 65530 65530 65530"] +good_srv = ["SAMDOM.EXAMPLE.COM 65530 65530 65530", +"SAMDOM.EXAMPLE.COM 1 1 1"] bad_srv = ["SAMDOM.EXAMPLE.COM 0 65536 0", "SAMDOM.EXAMPLE.COM 0 0 65536", "SAMDOM.EXAMPLE.COM 65536 0 0"] @@ -450,7 +451,7 @@ class DnsCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(r
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5fd65edc91b samba_kcc: avoid ValueError when local connections are less than 2 via f8f3b33ea58 lib/replace: prefer over from ad9a81c6a93 librpc: Move winstation.idl to the top level and exclude from fuzzing https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5fd65edc91b0f56e044428a32676b079aec9377d Author: Björn Baumbach Date: Tue Aug 13 13:15:58 2019 +0200 samba_kcc: avoid ValueError when local connections are less than 2 Signed-off-by: Björn Baumbach Reviewed-by: Douglas Bagnall Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Wed Dec 18 11:37:53 UTC 2019 on sn-devel-184 commit f8f3b33ea58a03dc3c17b03256530b6990ce9191 Author: Ralph Boehme Date: Sat Dec 14 18:35:51 2019 +0100 lib/replace: prefer over This prevents the following compile error that may happens if "system/filesys.h" is included before "system/capability.h" on Ubuntu 16.04: [1802/4407] Compiling source3/lib/system.c In file included from ../../lib/replace/system/filesys.h:112:0, from ../../source3/include/vfs.h:29, from ../../source3/include/smb.h:150, from ../../source3/include/includes.h:284, from ../../source3/lib/system.c:23: /usr/include/x86_64-linux-gnu/sys/xattr.h:32:3: error: expected identifier before numeric constant XATTR_CREATE = 1, /* set value, fail if attr already exists. */ ^ The above error is from compiling a source tree which includes a change that adds an include "system/filesys.h" to the top of "source3/include/vfs.h". "source3/lib/system.c" has the following includes: #include "includes.h" #include "system/syslog.h" #include "system/capability.h" #include "system/passwd.h" #include "system/filesys.h" #include "../lib/util/setid.h" The first include of "includes.h" pulls in "vfs.h" which will pull in "system/filesys.h" with the mentioned change. "system/filesys.h" pulls in which has this define #define XATTR_CREATE 0x1 Later in "source3/lib/system.c" "system/capability.h" is included which includes on Ubuntu 16.04 (not in later versions of glibc). This defines the XATTR_* values as an enum: enum { XATTR_CREATE = 1, /* set value, fail if attr already exists. */ XATTR_REPLACE = 2 /* set value, fail if attr does not exist. */ }; The previous define of XATTR_CREATE as 1 makes this enum { 1 = 1, /* set value, fail if attr already exists. */ 2 = 2 /* set value, fail if attr does not exist. */ }; which is invalid C. The compiler error diagnostic is a bit confusing, as it prints the original enum from the include file. See also: <https://bugs.freedesktop.org/show_bug.cgi?id=78741> <https://bugs.launchpad.net/ubuntu/+source/attr/+bug/1288091> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756097> Signed-off-by: Ralph Boehme Reviewed-by: Björn Baumbach --- Summary of changes: lib/replace/system/filesys.h | 6 +++--- python/samba/kcc/__init__.py | 5 + 2 files changed, 8 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h index afde4eacb39..976b2aeec5e 100644 --- a/lib/replace/system/filesys.h +++ b/lib/replace/system/filesys.h @@ -108,10 +108,10 @@ #endif /* mutually exclusive (SuSE 8.2) */ -#if defined(HAVE_ATTR_XATTR_H) -#include -#elif defined(HAVE_SYS_XATTR_H) +#if defined(HAVE_SYS_XATTR_H) #include +#elif defined(HAVE_ATTR_XATTR_H) +#include #elif defined(HAVE_SYS_ATTRIBUTES_H) #include #elif defined(HAVE_ATTR_ATTRIBUTES_H) diff --git a/python/samba/kcc/__init__.py b/python/samba/kcc/__init__.py index 6c6c202fa2c..734c7641883 100644 --- a/python/samba/kcc/__init__.py +++ b/python/samba/kcc/__init__.py @@ -499,6 +499,11 @@ class KCC(object): local_connections.append((cn_conn, s_dnstr, packed_guid, removable)) +# Avoid "ValueError: r cannot be bigger than the iterable" in +# for a, b in itertools.permutations(local_connections, 2): +if (len(local_connections) < 2): +return + for a, b in itertools.permutations(local_connections, 2): cn_conn, s_dnstr, packed_guid, removable = a cn_conn2, s_dnstr2, packed_guid2, removable2 = b -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6e8c3ae6e9b samba-tool: py3 compatiblity in 'user syncpasswords --daemon' from 263bec1b8d0 replace: Only link libnsl and libsocket if requrired https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6e8c3ae6e9be38fdd1d1693b93c8629391799b19 Author: Heinz Hoelzl Date: Thu Oct 10 10:14:15 2019 +1300 samba-tool: py3 compatiblity in 'user syncpasswords --daemon' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14154 Signed-off-by: Heinz Hölzl Reviewed-by: Douglas Bagnall Reviewed-by: Björn Baumbach Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Wed Oct 23 15:54:43 UTC 2019 on sn-devel-184 --- Summary of changes: python/samba/netcmd/user.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index affbbf067c1..cadd80fd991 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -1958,7 +1958,8 @@ samba-tool user syncpasswords --terminate \\ assert res is None input = "%s" % (ldif) -reply = sync_command_p.communicate(input)[0] +reply = sync_command_p.communicate( +input.encode('utf-8'))[0].decode('utf-8') log_msg("%s\n" % (reply)) res = sync_command_p.poll() if res is None: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f70e216fcd docs: fix typo in "ntlm auth" doc in smb.conf man page via 83859668d5f docs: add documentation for the samba-tool ntacl changedomsid command from 6aa5d1f684f CVE-2019-12436 dsdb/paged_results: ignore successful results without messages https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f70e216fcda2ebfbdf952471931f9f3739a6e8e Author: Björn Baumbach Date: Wed Jun 19 22:35:43 2019 +0200 docs: fix typo in "ntlm auth" doc in smb.conf man page Thanks to Amit Kumar BUG: https://bugzilla.samba.org/show_bug.cgi?id=13784 Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Jun 20 17:14:50 UTC 2019 on sn-devel-184 commit 83859668d5f8695134dc6739ef8dec2edc3542ff Author: Björn Baumbach Date: Wed Jun 19 12:22:01 2019 +0200 docs: add documentation for the samba-tool ntacl changedomsid command Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke --- Summary of changes: docs-xml/manpages/samba-tool.8.xml| 71 +++ docs-xml/smbdotconf/security/ntlmauth.xml | 2 +- 2 files changed, 72 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index f94864b07c9..7f8f02d619a 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -664,6 +664,77 @@ Manage NT ACLs. + + ntacl changedomsid original-domain-SID new-domain-SID file [options] + Change the domain SID for ACLs. + Can be used to change all entries in acl_xattr when the machine's SID + has accidentially changed or the data set has been copied + to another machine either via backup/restore or rsync. + + + + --use-ntvfs + + Set the ACLs directly to the TDB or xattr. The POSIX permissions will + NOT be changed, only the NT ACL will be stored. + + + + + --service=SERVICE + + Specify the name of the smb.conf service to use. This option is + required in combination with the --use-s3fs option. + + + + + --use-s3fs + + Set the ACLs for use with the default s3fs file server via the VFS + layer. This option requires a smb.conf service, specified by the + --service=SERVICE option. + + + + + --xattr-backend=[native|tdb] + + Specify the xattr backend type (native fs or tdb). + + + + + --eadb-file=EADB_FILE + + Name of the tdb file where attributes are stored. + + + + + --recursive + + Set the ACLs for directories and their contents recursively. + + + + + --follow-symlinks + + Follow symlinks when --recursive is specified. + + + + + --verbose + + Verbosely list files and ACLs which are being processed. + + + + + + ntacl get file [options] Get ACLs on a file. diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml index dd5dbaea117..d22f0644fb2 100644 --- a/docs-xml/smbdotconf/security/ntlmauth.xml +++ b/docs-xml/smbdotconf/security/ntlmauth.xml @@ -60,7 +60,7 @@ The default changed from yes to -no with Samba 4.5. The default chagned again +no with Samba 4.5. The default changed again to ntlmv2-only with Samba 4.7, however the behaviour is unchanged. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d4b72821dc3 selftest: add tests for samba-tool ntacl changedomsid via 6554cfa87e0 samba-tool: add ntacl changedomsid command via 0eee621cf17 samba-tool ntacl: consolidate code for getting the local domain sid via 670a12df52d python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via 1b0184a9562 selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb from 80f648b1695 smbd: Deprecate "blocking locks" parameter https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d4b72821dc3484d29f459c954061e737cb1f5b5e Author: Björn Baumbach Date: Wed Jun 12 21:02:43 2019 +0200 selftest: add tests for samba-tool ntacl changedomsid Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Tue Jun 18 16:54:22 UTC 2019 on sn-devel-184 commit 6554cfa87e01bc606cb6ff9566e7e96808d02e91 Author: Björn Baumbach Date: Tue Jun 11 15:11:20 2019 +0200 samba-tool: add ntacl changedomsid command This tool is meant to locally change all entries in acl_xattr when the machine's SID has accidentially changed or the data set has been copied to another box either via backup/restore or rsync. Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 0eee621cf1781e9c5ec68fd1a7c7cf5eab4e74b6 Author: Björn Baumbach Date: Mon Jun 17 14:20:56 2019 +0200 samba-tool ntacl: consolidate code for getting the local domain sid Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 670a12df52df63a067b638d37bec71341bf18bdd Author: Björn Baumbach Date: Wed Jun 12 21:16:25 2019 +0200 python/ntacls: use correct "state directory" smb.conf option instead of "state dir" samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs Fixes: Unknown parameter encountered: "state dir" Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher commit 1b0184a9562689a658e75a0cfc69bdd23277cff6 Author: Björn Baumbach Date: Wed Jun 12 21:00:01 2019 +0200 selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher --- Summary of changes: python/samba/netcmd/ntacl.py| 249 ++-- python/samba/ntacls.py | 4 +- python/samba/tests/samba_tool/ntacl.py | 87 ++ source4/selftest/tests.py | 2 +- testprogs/blackbox/test_samba-tool_ntacl.sh | 66 5 files changed, 353 insertions(+), 55 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py index b5dbc1fcf54..4cc7737ae77 100644 --- a/python/samba/netcmd/ntacl.py +++ b/python/samba/netcmd/ntacl.py @@ -25,6 +25,7 @@ from samba.ndr import ndr_unpack, ndr_print from samba.samdb import SamDB from samba.samba3 import param as s3param, passdb, smbd from samba import provision +import os from samba.auth import ( system_session, @@ -46,6 +47,36 @@ def system_session_unix(): return session_info_unix +def get_local_domain_sid(lp): +is_ad_dc = False +server_role = lp.server_role() +if server_role == "ROLE_ACTIVE_DIRECTORY_DC": +is_ad_dc = True + +s3conf = s3param.get_context() +s3conf.load(lp.configfile) + +if is_ad_dc: +try: +samdb = SamDB(session_info=system_session(), + lp=lp) +except Exception as e: +raise CommandError("Unable to open samdb:", e) +# ensure we are using the right samba_dsdb passdb backend, no +# matter what +s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + +try: +if is_ad_dc: +domain_sid = security.dom_sid(samdb.domain_sid) +else: +domain_sid = passdb.get_domain_sid() +except: +raise CommandError("Unable to read domain SID from configuration " + "files") +return domain_sid + + class cmd_ntacl_set(Command): """Set ACLs on a file.""" @@ -75,39 +106,13 @@ class cmd_ntacl_set(Command): service=None): logger = self.get_logger() lp = sambaopts.get_loadparm() - -is_ad_dc = False -server_role = lp.server_role() -if server_role == "ROLE_ACTIVE_DIRECTORY_DC": -is_ad_dc = True +domain_sid = get_local_domain_sid(lp) if not use_ntvfs and not
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 77117a14b91 docs: Add another dns forwarder in the example. from 5dfbb0d24dc s3:lib: Move up NULL check https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 77117a14b91b3111d0f7892b34d4919987438a41 Author: Karolin Seeger Date: Tue May 21 10:41:22 2019 +0200 docs: Add another dns forwarder in the example. Clarify how to list several dns forwarders. Signed-off-by: Karolin Seeger Reviewed-by: Björn Baumbach Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Fri May 24 11:02:18 UTC 2019 on sn-devel-184 --- Summary of changes: docs-xml/smbdotconf/domain/dnsforwarder.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/domain/dnsforwarder.xml b/docs-xml/smbdotconf/domain/dnsforwarder.xml index d3c8b768495..f65740a7a24 100644 --- a/docs-xml/smbdotconf/domain/dnsforwarder.xml +++ b/docs-xml/smbdotconf/domain/dnsforwarder.xml @@ -13,5 +13,5 @@ -192.168.0.1 +192.168.0.1 192.168.0.2 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ff3e2fa vfs_full_audit: ntimes: log a-, m-, c- and creation-time via b773be3 dns update: add missing newline in error debug message via e578627 selftest: test samba-tool ntacl get/set on AD member server via e54d4ff samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role via 01ff09a s3/py_passdb: add get_domain_sid() to get domain sid from secrets database via 38fe315 samba-tool ntacl: pass system session to get/set-ntacl functions via bc8d0d5 pysmbd: handle file not found error via ab558fa pysmbd: add option to pass a session info to set_nt_acl() function via 6f08cb6 s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix() via f3b7ba1 s4-auth: allow to create unix token from system session info via 29e757a s4-auth: fetch possible out of memory error via 29af2df s4-auth: use TALLOC_FREE() shortcut via 9a44be6 s4-auth: fix a typo in a comment via ea38be4 python: Add samba.auth.copy_session_info() via 96b5bf1 auth: move copy_session_info() from source3 into the global auth context from 31daab8 vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ff3e2fa84f1c083d4eaa057c8f0ba518ff1fe086 Author: Björn Baumbach Date: Thu Sep 27 10:32:37 2018 +0200 vfs_full_audit: ntimes: log a-, m-, c- and creation-time Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Oct 11 13:40:27 CEST 2018 on sn-devel-144 commit b773be3371ef9014511b58951986f92f59bd6975 Author: Björn Baumbach Date: Fri Aug 31 16:12:34 2018 +0200 dns update: add missing newline in error debug message Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit e57862760ea71792856222b6754d3b251ff44581 Author: Björn Baumbach Date: Wed Sep 19 16:36:45 2018 +0200 selftest: test samba-tool ntacl get/set on AD member server Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f Author: Björn Baumbach Date: Tue Sep 4 16:32:50 2018 +0200 samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role Can be used to get and apply NT-ACLs on Samba member servers. Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit 01ff09adccc88367e807bbf5d5e8cd2eae6a38b0 Author: Björn Baumbach Date: Tue Sep 4 16:30:53 2018 +0200 s3/py_passdb: add get_domain_sid() to get domain sid from secrets database Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit 38fe315bcf7c20ae00f2b1ad5e497a8d1046850d Author: Björn Baumbach Date: Tue Sep 4 16:20:49 2018 +0200 samba-tool ntacl: pass system session to get/set-ntacl functions The filled session is needed in different vfs modules. Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit bc8d0d51602831976d426aee53e9ab83a6813497 Author: Björn Baumbach Date: Wed Sep 19 16:52:54 2018 +0200 pysmbd: handle file not found error Avoid PANIC: internal error Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit ab558fa14c296b90f182ea4f53b2fb410d851837 Author: Björn Baumbach Date: Tue Sep 4 15:29:58 2018 +0200 pysmbd: add option to pass a session info to set_nt_acl() function A filled session info is needed by some vfs modules, e.g. full_audit. Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit 6f08cb6693b744bfd8cbf66415957baabd07ec3a Author: Björn Baumbach Date: Tue Sep 25 13:16:15 2018 +0200 s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix() With this patch the auth_session_info_fill_unix() uses the "unix_name" from the session_info->unix_info if no original_user_name was specified. This is used to process a system session info where no original_user_name is given. Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit f3b7ba1746a33d058901dd8274953e6c5379e2b1 Author: Björn Baumbach Date: Tue Sep 25 13:11:09 2018 +0200 s4-auth: allow to create unix token from system session info Without this patch security_token_to_unix_token() fails with NT_STATUS_ACCESS_DENIED, because the system session does only have one SID. For a typical token are at least two or more SIDs expected. Signed-off-by: Björn Baumbach Reviewed-by: Volker Lendecke commit 29e757aca23933c52f9420d2cffbe5be17cf585d Author: Björn Baumbach Date: Tue Sep 4 14:46:03 2018 +0200 s4-auth: fetch possible out of memory error Signed-off-by: B
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cc30805 samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed from 3903f6c ctdb-build: Fix version handling when building tarball https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc30805e5c57a4440dc318a6a25c8c80cde0cef7 Author: Björn Baumbach Date: Wed Sep 5 16:54:01 2018 +0200 samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed Since scavenging is implemented the samba_dnsupdate command always updates all dns records required by the dc. This is not needed if dns zone scavenging is not enabled. This avoids the repeating TSIG error messages: # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq -c 29 ; TSIG error with server: tsig verify failure 1 Failed update of 29 entries # echo ${PIPESTATUS[0]} 29 # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c # echo ${PIPESTATUS[0]} 0 Note that this results in about 60 lines in the log file, which triggered every 10 minutes ("dnsupdate:name interval=600" is the default). This restores the behavior before 8ef42d4dab4dfaf5ad225b33f7748914f14dcd8c, if "dns zone scavenging" is not switched on (which is still the default). Avoiding the message from happening at all is subject for more debugging, most likely they are caused by bugs in 'nsupdate -g' (from the bind package). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605 Pair-programmed-with: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Wed Sep 12 18:03:10 CEST 2018 on sn-devel-144 --- Summary of changes: selftest/knownfail.d/dns | 2 -- source4/scripting/bin/samba_dnsupdate | 15 ++- 2 files changed, 14 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns index d23f5eb..ca18b43 100644 --- a/selftest/knownfail.d/dns +++ b/selftest/knownfail.d/dns @@ -70,5 +70,3 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) # The SOA override should not pass against the RODC, it must not overstamp samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) -.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_set_ip -.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_no_change diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 071cebe..fda3beb 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -102,6 +102,8 @@ else: nsupdate_cmd = lp.get('nsupdate command') +dns_zone_scavenging = lp.get("dns zone scavenging") + if len(IPs) == 0: print "No IP interfaces - skipping DNS updates" sys.exit(0) @@ -847,7 +849,18 @@ for d in dns_list: rebuild_cache = True if opts.verbose: print "need cache add: %s" % d -update_list.append(d) +if dns_zone_scavenging: +update_list.append(d) +if opts.verbose: +print "scavenging requires update: %s" % d +elif opts.all_names: +update_list.append(d) +if opts.verbose: +print "force update: %s" % d +elif not check_dns_name(d): +update_list.append(d) +if opts.verbose: +print "need update: %s" % d for c in cache_list: found = False -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 396f123 README.Coding: Fix link to Python coding style guide (PEP 8) from 975b751 tests/ntacls: fix pep8 warnings https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 396f123121ddb290f4a5536a2224aa4a651c072f Author: Björn Baumbach Date: Wed Jun 27 14:20:40 2018 +0200 README.Coding: Fix link to Python coding style guide (PEP 8) Signed-off-by: Björn Baumbach Reviewed-by: David Mulder Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Jun 28 15:04:44 CEST 2018 on sn-devel-144 --- Summary of changes: README.Coding | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/README.Coding b/README.Coding index 3d4c5a5..ffba857 100644 --- a/README.Coding +++ b/README.Coding @@ -22,8 +22,8 @@ what most Samba developers use already anyways, with a few exceptions as mentioned below. The coding style for Python code is documented in PEP8, -http://www.python.org/pep/pep8. New Python code should be compatible with -Python 2.6, 2.7, and Python 3.4 onwards. This means using Python 3 syntax +https://www.python.org/dev/peps/pep-0008/. New Python code should be compatible +with Python 2.6, 2.7, and Python 3.4 onwards. This means using Python 3 syntax with the appropriate 'from __future__' imports. But to save you the trouble of reading the Linux kernel style guide, here -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via defc1ce heimdal: remove include/includedir directives for krb5.conf from a261a2a python/samba/netcmd: Fix NameError exception https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit defc1ced3928e074d7a229bffc168933c513553f Author: Björn Baumbach Date: Tue Jun 19 16:32:10 2018 +0200 heimdal: remove include/includedir directives for krb5.conf The original heimdal code introduces a segmentation fault, due to an uninitialized pointer. This code does not seem to be tested very well. Revert "heimdal: Add include/includedir directives for krb5.conf" This reverts commit 0a6e9b6c0e15fa6fe46acdd357d76b8df447317f. Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Wed Jun 20 17:48:16 CEST 2018 on sn-devel-144 --- Summary of changes: source4/heimdal/lib/krb5/config_file.c | 100 + source4/heimdal/lib/krb5/krb5_locl.h | 1 - 2 files changed, 3 insertions(+), 98 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 05f97eb..a505b63 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -41,7 +41,6 @@ /* Gaah! I want a portable funopen */ struct fileptr { -krb5_context context; const char *s; FILE *f; }; @@ -364,7 +363,7 @@ krb5_config_parse_debug (struct fileptr *f, ++p; if (*p == '#' || *p == ';') continue; -if (*p == '[') { + if (*p == '[') { ret = parse_section(p, &s, res, err_message); if (ret) return ret; @@ -372,22 +371,6 @@ krb5_config_parse_debug (struct fileptr *f, } else if (*p == '}') { *err_message = "unmatched }"; return KRB5_CONFIG_BADFORMAT; -} else if (strncmp(p, "include", sizeof("include") - 1) == 0 && -isspace(p[sizeof("include") - 1])) { -p += sizeof("include"); -while (isspace(*p)) -p++; -ret = krb5_config_parse_file_multi(f->context, p, res); - if (ret) - return ret; -} else if (strncmp(p, "includedir", sizeof("includedir") - 1) == 0 && -isspace(p[sizeof("includedir") - 1])) { -p += sizeof("includedir"); -while (isspace(*p)) -p++; -ret = krb5_config_parse_dir_multi(f->context, p, res); - if (ret) - return ret; } else if(*p != '\0') { if (s == NULL) { *err_message = "binding before section"; @@ -414,64 +397,6 @@ is_plist_file(const char *fname) } /** - * Parse configuration files in the given directory and add the result - * into res. Only files whose names consist only of alphanumeric - * characters, hyphen, and underscore, will be parsed, though files - * ending in ".conf" will also be parsed. - * - * This interface can be used to parse several configuration directories - * into one resulting krb5_config_section by calling it repeatably. - * - * @param context a Kerberos 5 context. - * @param dname a directory name to a Kerberos configuration file - * @param res the returned result, must be free with krb5_free_config_files(). - * @return Return an error code or 0, see krb5_get_error_message(). - * - * @ingroup krb5_support - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -krb5_config_parse_dir_multi(krb5_context context, -const char *dname, -krb5_config_section **res) -{ -struct dirent *entry; -krb5_error_code ret; -DIR *d; - -if ((d = opendir(dname)) == NULL) -return errno; - -while ((entry = readdir(d)) != NULL) { -char *p = entry->d_name; -char *path; -int is_valid = 1; - -while (*p) { -if (!isalpha(*p) && *p != '_' && *p != '-' && -strcmp(p, ".conf") != 0) { -is_valid = 0; -break; -} -p++; -} -if (!is_valid) -continue; - -if (asprintf(&path, "%s/%s", dname, entry->d_name) == -1 || -path == NULL) -return krb5_enomem(context); -ret = krb5_config_parse_file_multi(context, path, res); -free(path); -if (ret == ENOMEM) -return krb5_enomem(contex
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0a6e9b6 heimdal: Add include/includedir directives for krb5.conf via 88cac23 heimdal: small code adaption to cherry-pick heimdal commit via f05a155 heimdal: lib/krb5: do not fail set_config_files due to parse error from 721fbbf smbd: remove unused smbd_server_connection->ev_ctx https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0a6e9b6c0e15fa6fe46acdd357d76b8df447317f Author: Nicolas Williams Date: Fri Jun 15 14:45:38 2018 +0200 heimdal: Add include/includedir directives for krb5.conf Cherry-pick of Heimdal commit fe43be85587f834266623adb0ecf2793d212a7ca Removed tests and documentation from original commit by Björn Baumbach , since we do not ship them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573 Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Mon Jun 18 15:52:26 CEST 2018 on sn-devel-144 commit 88cac23e2b767175d94561aaea13ba6200c331df Author: Björn Baumbach Date: Fri Jun 15 14:33:40 2018 +0200 heimdal: small code adaption to cherry-pick heimdal commit Check asprintf() return value. Make use of krb5_enomem(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573 Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy commit f05a1554b770c6a2c905170347bfb41157f4aa78 Author: Jeffrey Altman Date: Thu Jun 16 16:25:41 2016 -0400 heimdal: lib/krb5: do not fail set_config_files due to parse error Follow Apple's lead and do not fail krb5_set_config_files() simply because one of the files in the profile list fails to parse correctly. Doing so can lead to hard to find failures and could lead to an end user shooting themselves in the foot and no longer be able to login to their system to fix it. Parse as many of the files as we can. Only fail krb5_set_config_files() if init_context_from_config_file() fails. Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8 Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573 Signed-off-by: Björn Baumbach Reviewed-by: Alexander Bokovoy --- Summary of changes: source4/heimdal/lib/krb5/config_file.c | 119 - source4/heimdal/lib/krb5/context.c | 3 +- source4/heimdal/lib/krb5/krb5_locl.h | 1 + 3 files changed, 107 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 2748f48..05f97eb 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -41,6 +41,7 @@ /* Gaah! I want a portable funopen */ struct fileptr { +krb5_context context; const char *s; FILE *f; }; @@ -363,18 +364,34 @@ krb5_config_parse_debug (struct fileptr *f, ++p; if (*p == '#' || *p == ';') continue; - if (*p == '[') { +if (*p == '[') { ret = parse_section(p, &s, res, err_message); if (ret) return ret; b = NULL; } else if (*p == '}') { *err_message = "unmatched }"; - return EINVAL; /* XXX */ + return KRB5_CONFIG_BADFORMAT; +} else if (strncmp(p, "include", sizeof("include") - 1) == 0 && +isspace(p[sizeof("include") - 1])) { +p += sizeof("include"); +while (isspace(*p)) +p++; +ret = krb5_config_parse_file_multi(f->context, p, res); + if (ret) + return ret; +} else if (strncmp(p, "includedir", sizeof("includedir") - 1) == 0 && +isspace(p[sizeof("includedir") - 1])) { +p += sizeof("includedir"); +while (isspace(*p)) +p++; +ret = krb5_config_parse_dir_multi(f->context, p, res); + if (ret) + return ret; } else if(*p != '\0') { if (s == NULL) { *err_message = "binding before section"; - return EINVAL; + return KRB5_CONFIG_BADFORMAT; } ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message); if (ret) @@ -397,6 +414,64 @@ is_plist_file(const char *fname) } /** + * Parse configuration files in the given directory and add the result + * into res. Only files whose names consist only of alphan
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 171750e s3/wscript: remove test, that we do in lib/replace via 9be8ef1 docs-xml:samba-tool.8: fix wrong default computer container name via e45b504 samba-tool computer: fix wrong computer container in help message from d444221 traffic: improve add_short_packet by avoiding dict.get https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 171750e966e040493c8631fcdd65478ab35e6f2e Author: Björn Jacke Date: Mon Mar 12 19:13:04 2018 +0100 s3/wscript: remove test, that we do in lib/replace Signed-off-by: Bjoern Jacke Reviewed-by: Björn Baumbach Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Mon May 14 21:15:21 CEST 2018 on sn-devel-144 commit 9be8ef19553069593c3766177f065d3b9ce06bba Author: Björn Baumbach Date: Tue May 8 10:21:10 2018 +0200 docs-xml:samba-tool.8: fix wrong default computer container name CN=Users --> CN=Computers Signed-off-by: Björn Baumbach Reviewed-by: Björn Jacke commit e45b5047b94c3f0c812fe7d4931610bcf45bd437 Author: Björn Baumbach Date: Mon May 7 15:00:17 2018 +0200 samba-tool computer: fix wrong computer container in help message CN=Users --> CN=Computers Signed-off-by: Björn Baumbach Reviewed-by: Björn Jacke --- Summary of changes: docs-xml/manpages/samba-tool.8.xml | 2 +- python/samba/netcmd/computer.py| 4 ++-- source3/wscript| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 3cde4c5..3173083 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -121,7 +121,7 @@ --computerou=COMPUTEROU DN of alternative location (with or without domainDN counterpart) to - default CN=Users in which new computer object will be created. + default CN=Computers in which new computer object will be created. E.g. 'OU=OUname'. diff --git a/python/samba/netcmd/computer.py b/python/samba/netcmd/computer.py index 9ca8904..7a913b4 100644 --- a/python/samba/netcmd/computer.py +++ b/python/samba/netcmd/computer.py @@ -208,8 +208,8 @@ Example3 shows how to create a new computer in the OrgUnit organizational unit. type=str, metavar="URL", dest="H"), Option("--computerou", help=("DN of alternative location (with or without domainDN " - "counterpart) to default CN=Users in which new computer " - "object will be created. E. g. 'OU='"), + "counterpart) to default CN=Computers in which new " + "computer object will be created. E.g. 'OU='"), type=str), Option("--description", help="Computers's description", type=str), Option("--prepare-oldjoin", diff --git a/source3/wscript b/source3/wscript index ab64e80..e6d9936 100644 --- a/source3/wscript +++ b/source3/wscript @@ -386,7 +386,7 @@ DNSServiceRegister _dup __dup _dup2 __dup2 endmntent execl _facl __facl _fchdir __fchdir fchmod fchown _fcntl __fcntl fcvt fcvtl fdatasync _fork __fork fseeko -fsetxattr _fstat __fstat fsync +_fstat __fstat fsync futimens futimes __fxstat getauthuid getcwd _getcwd __getcwd getdents __getdents getdirentries getgrent getgrnam getgrouplist getgrset getmntent getpagesize -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 57d9969 build: fix build without JSON audit support from a18b510 s3/security.c undefined value https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 57d9969f5cd681cd02017c0b41fcbb12fe10fb08 Author: Björn Baumbach Date: Fri Apr 20 13:04:41 2018 +0200 build: fix build without JSON audit support Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Fri Apr 20 21:12:33 CEST 2018 on sn-devel-144 --- Summary of changes: auth/wscript | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/auth/wscript b/auth/wscript index 6b769c5..b81804e 100644 --- a/auth/wscript +++ b/auth/wscript @@ -12,7 +12,7 @@ def set_options(opt): return def configure(conf): -conf.SET_TARGET_TYPE('json-audit', 'EMPTY') +conf.SET_TARGET_TYPE('jansson', 'EMPTY') if Options.options.with_json_audit != False: if conf.CHECK_CFG(package='jansson', args='--cflags --libs', -- Samba Shared Repository