[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Jun 11 05:35:03 MDT 2012
The branch, master has been updated
via c2094e3 debug: Do not constantly rename logs when max log size = 0
via 61ab9a4 file_server: Use samba4 auth module for guest logins as well
via 92fd0fd lib/param: simplfy lp_find_security()
via 657af5a pyldb: Ensure that the ldb argument is really an ldb before we dereference
via 6aee802 s3-smbd: Remove unused branches in negprot since security=share was removed
via 29ff3ce s4-selftest: Test samba-tool drs replicate --local --full-sync
from ba44bd3 libcli/nbt: remove unused system/network.h from libnbt.h
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c2094e313118c29e1e7540ca8f06f9fe0bd30e16
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jun 11 13:22:42 2012 +1000
debug: Do not constantly rename logs when max log size = 0
In Samba4, the max log size parameter is not yet connected, so maxlog is 0
This means that we would, on receipt of a -HUP, have all child
processes attempt a rename.
Now we have the -HUP mean we reopen the logs unconditionally, and then
we see if the log is too large (samba3 mode) or simply proceed assuming
that someone else has renamed the logs for us.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jun 11 13:34:43 CEST 2012 on sn-devel-104
commit 61ab9a4806a4139e783fa0cf5481a7e7f9e46678
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jun 11 10:48:32 2012 +1000
file_server: Use samba4 auth module for guest logins as well
This is important for consistancy on NTLM logins, as the samba4 stack is used
for all NTLMSSP logins anyway.
Andrew Bartlett
commit 92fd0fdd790d9a0fbb1e82e5dc7acbc1a193a7ca
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jun 11 11:12:52 2012 +1000
lib/param: simplfy lp_find_security()
All the roles other than ROLE_DOMAIN_MEMBER map to SEC_USER.
Andrew Bartlett
commit 657af5a27480ac7fbcaa4fa4b67bbf496da32a35
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 10 20:30:27 2012 +1000
pyldb: Ensure that the ldb argument is really an ldb before we dereference
commit 6aee8021a14a2878f2bb7f393e2b93721925f92a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 10 16:08:12 2012 +1000
s3-smbd: Remove unused branches in negprot since security=share was removed
commit 29ff3ce56894d5ef0254c85d6ae9e68733558901
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 8 13:37:49 2012 +1000
s4-selftest: Test samba-tool drs replicate --local --full-sync
-----------------------------------------------------------------------
Summary of changes:
file_server/file_server.c | 2 +-
lib/ldb/pyldb.c | 10 ++++++++
lib/param/loadparm_server_role.c | 5 ----
lib/util/debug.c | 34 ++++++++++++++-------------
source3/smbd/negprot.c | 29 ++++++-----------------
source4/selftest/tests.py | 2 +-
source4/torture/drs/python/drs_base.py | 6 ++++-
source4/torture/drs/python/replica_sync.py | 6 +++++
8 files changed, 49 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 0e9d321..9f43ebb 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -49,7 +49,7 @@ static const char *generate_smb_conf(struct task_server *task)
}
fdprintf(fd, "# auto-generated config for fileserver\n");
- fdprintf(fd, "auth methods = guest samba4\n");
+ fdprintf(fd, "auth methods = samba4\n");
fdprintf(fd, "passdb backend = samba4\n");
fdprintf(fd, "rpc_server:default = external\n");
fdprintf(fd, "rpc_server:svcctl = embedded\n");
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index ea7b695..4554886 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -653,6 +653,11 @@ static PyObject *py_ldb_dn_new(PyTypeObject *type, PyObject *args, PyObject *kwa
&py_ldb, &str))
return NULL;
+ if (!PyLdb_Check(py_ldb)) {
+ PyErr_SetString(PyExc_TypeError, "Expected Ldb");
+ return NULL;
+ }
+
ldb_ctx = pyldb_Ldb_AsLdbContext(py_ldb);
mem_ctx = talloc_new(NULL);
@@ -2482,6 +2487,11 @@ static PyObject *py_ldb_msg_from_dict(PyTypeObject *type, PyObject *args)
return NULL;
}
+ if (!PyLdb_Check(py_ldb)) {
+ PyErr_SetString(PyExc_TypeError, "Expected Ldb");
+ return NULL;
+ }
+
/* mask only flags we are going to use */
mod_flags = LDB_FLAG_MOD_TYPE(mod_flags);
if (!mod_flags) {
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 9ff64be..5a1f498 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -117,17 +117,12 @@ int lp_find_security(int server_role, int security)
}
switch (server_role) {
- case ROLE_AUTO:
- case ROLE_STANDALONE:
- return SEC_USER;
case ROLE_DOMAIN_MEMBER:
#if (defined(HAVE_ADS) || _SAMBA_BUILD_ >= 4)
return SEC_ADS;
#else
return SEC_DOMAIN;
#endif
- case ROLE_DOMAIN_PDC:
- case ROLE_DOMAIN_BDC:
default:
return SEC_USER;
}
diff --git a/lib/util/debug.c b/lib/util/debug.c
index a990ad5..15a2452 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -688,25 +688,27 @@ void check_log_size( void )
maxlog = state.settings.max_log_size * 1024;
- if (state.schedule_reopen_logs ||
- (fstat(state.fd, &st) == 0
+ if (state.schedule_reopen_logs) {
+ (void)reopen_logs_internal();
+ }
+
+ if (maxlog && (fstat(state.fd, &st) == 0
&& st.st_size > maxlog )) {
(void)reopen_logs_internal();
- if (state.fd > 0 && fstat(state.fd, &st) == 0) {
- if (st.st_size > maxlog) {
- char *name = NULL;
-
- if (asprintf(&name, "%s.old", state.debugf ) < 0) {
- return;
- }
- (void)rename(state.debugf, name);
-
- if (!reopen_logs_internal()) {
- /* We failed to reopen a log - continue using the old name. */
- (void)rename(name, state.debugf);
- }
- SAFE_FREE(name);
+ if (state.fd > 2 && (fstat(state.fd, &st) == 0
+ && st.st_size > maxlog)) {
+ char *name = NULL;
+
+ if (asprintf(&name, "%s.old", state.debugf ) < 0) {
+ return;
+ }
+ (void)rename(state.debugf, name);
+
+ if (!reopen_logs_internal()) {
+ /* We failed to reopen a log - continue using the old name. */
+ (void)rename(name, state.debugf);
}
+ SAFE_FREE(name);
}
}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 6d53333..93af42b 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -69,9 +69,7 @@ static void reply_lanman1(struct smb_request *req, uint16 choice)
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
- if (lp_security()>=SEC_USER) {
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- }
+ secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
@@ -116,9 +114,7 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
- if (lp_security()>=SEC_USER) {
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- }
+ secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
@@ -299,9 +295,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
if (lp_host_msdfs())
capabilities |= CAP_DFS;
- if (lp_security() >= SEC_USER) {
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- }
+ secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
@@ -310,18 +304,11 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
if (signing_enabled) {
- if (lp_security() >= SEC_USER) {
- secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
- /* No raw mode with smb signing. */
- capabilities &= ~CAP_RAW_MODE;
- if (signing_required) {
- secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
- }
- } else {
- DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
- if (signing_required) {
- exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
- }
+ secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+ /* No raw mode with smb signing. */
+ capabilities &= ~CAP_RAW_MODE;
+ if (signing_required) {
+ secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
}
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 9a6af52..8e868dc 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -485,7 +485,7 @@ plantestsuite("samba4.ldap.bind(dc)", "dc", [python, os.path.join(srcdir(), "aut
planoldpythontestsuite("vampire_dc", "samba.tests.blackbox.samba_tool_drs",
environ={'DC1': '$DC_SERVER', 'DC2': '$VAMPIRE_DC_SERVER'},
extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD'])
-planoldpythontestsuite("vampire_dc", "replica_sync",
+planoldpythontestsuite("vampire_dc:local", "replica_sync",
extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')],
name="samba4.drs.replica_sync.python(vampire_dc)",
environ={'DC1': '$DC_SERVER', 'DC2': '$VAMPIRE_DC_SERVER'},
diff --git a/source4/torture/drs/python/drs_base.py b/source4/torture/drs/python/drs_base.py
index 8e48b92..abfdbf5 100644
--- a/source4/torture/drs/python/drs_base.py
+++ b/source4/torture/drs/python/drs_base.py
@@ -98,13 +98,17 @@ class DrsBaseTestCase(samba.tests.BlackboxTestCase):
# bin/samba-tool drs <drs_command> <cmdline_auth>
return "%s drs %s %s" % (samba_tool_cmd, drs_command, cmdline_auth)
- def _net_drs_replicate(self, DC, fromDC, nc_dn=None, forced=True):
+ def _net_drs_replicate(self, DC, fromDC, nc_dn=None, forced=True, local=False, full_sync=False):
if nc_dn is None:
nc_dn = self.domain_dn
# make base command line
samba_tool_cmdline = self._samba_tool_cmdline("replicate")
if forced:
samba_tool_cmdline += " --sync-forced"
+ if local:
+ samba_tool_cmdline += " --local"
+ if full_sync:
+ samba_tool_cmdline += " --full-sync"
# bin/samba-tool drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context>
cmd_line = "%s %s %s %s" % (samba_tool_cmdline, DC, fromDC, nc_dn)
return self.check_output(cmd_line)
diff --git a/source4/torture/drs/python/replica_sync.py b/source4/torture/drs/python/replica_sync.py
index ddeb582..af2da4f 100644
--- a/source4/torture/drs/python/replica_sync.py
+++ b/source4/torture/drs/python/replica_sync.py
@@ -63,3 +63,9 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
"""Tests we cann't replicate when replication is disabled"""
self._disable_inbound_repl(self.dnsname_dc1)
out = self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
+
+ def test_ReplLocal(self):
+ """Tests we can replicate direct to the local db"""
+ self._enable_inbound_repl(self.dnsname_dc1)
+ self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False, local=True, full_sync=True)
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list