[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger kseeger at samba.org
Mon May 27 07:47:03 MDT 2013


The branch, v4-0-test has been updated
       via  07073fb dns: Add support for MX queries
       via  46e82a2 More generic check for OpenBSD platform
       via  9b1fac4 docs: mention AD prerequirements for using idmap_ad
       via  f6f3849 winbind/idmap_ad: be verbose about the user that we fail to map
       via  27a3cab s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST
       via  671943a s3-rpc_server: Ensure we are root when starting and usiing gensec
      from  c497442 VERSION: Bump version number up to 4.0.7...

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit 07073fb8b4efdf14629ada83ad97adecba4de29a
Author: Kai Blin <kai at samba.org>
Date:   Mon Dec 10 05:50:05 2012 +1000

    dns: Add support for MX queries
    
    Due to an oversight, the internal DNS server supports MX record updates,
    but not MX record queries. Add support for MX queries and tests.
    
    This should fix bug #9485
    
    Signed-off-by: Kai Blin <kai at samba.org>
    Reviewed-By: Amitay Isaacs <amitay at gmail.com>
    
    Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-0-test): Mon May 27 15:46:22 CEST 2013 on sn-devel-104

commit 46e82a275cf3216d229912485b8939705e1a920c
Author: Vadim Zhukov <persgray at gmail.com>
Date:   Fri May 17 12:43:08 2013 +0400

    More generic check for OpenBSD platform
    
    OpenBSD versioning is different from many other
    projects, and, say, 5.0 does not differ from 4.9 more than from 5.1. So the
    right approach will be to check that platform name starts with "openbsd"
    instead. This is also the thing OpenBSD developers do when patching other
    software, so this patch is consistent with already existing practicies.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=9888
    
    Reviewed-by: Lars Müller <lars at samba.org>
    Reviewed-by: Björn Jacke <bj at sernet.de>
    
    Autobuild-User(master): Björn Jacke <bj at sernet.de>
    Autobuild-Date(master): Fri May 17 17:58:16 CEST 2013 on sn-devel-104
    (cherry picked from commit 2fda6c47f4aa46dbb42028732207a94821881c67)

commit 9b1fac4bcb3af0688af5e26b931144c0c3e97735
Author: Björn Jacke <bj at sernet.de>
Date:   Wed May 15 15:52:25 2013 +0200

    docs: mention AD prerequirements for using idmap_ad
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit c3057f69a274f0d8e0e66183bd5e8be7703b6750)
    
    The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group
    field.

commit f6f3849d46ae9a293e8524f14356a65246f4e3de
Author: Björn Jacke <bj at sernet.de>
Date:   Tue May 14 16:51:28 2013 +0200

    winbind/idmap_ad: be verbose about the user that we fail to map
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit f08205be7003f6c0a15fd5fd99d01951164ad15c)

commit 27a3caba2916dc13c006d418e0d4b7f771dd687e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 28 11:04:31 2013 +0100

    s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST
    
    /var/lock/samba is typically on tpmfs.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 821171e422133d64e7c07b4d610984c33cd23244)
    
    Fix bug #9805 - s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST.

commit 671943a7e19c91a207909c44655f28dc319b5efa
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu May 2 16:29:21 2013 +1200

    s3-rpc_server: Ensure we are root when starting and usiing gensec
    
    This fixes bug 9465.
    
    Andrew Bartlett
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 10f6926aaa6a8c49b29e183d12f6f767072ecff7)

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafsamba/samba_autoconf.py    |    4 +-
 docs-xml/manpages/idmap_ad.8.xml         |    9 ++++--
 lib/ldb/wscript                          |    2 +-
 python/samba/tests/dns.py                |   43 ++++++++++++++++++++++++++++++
 source3/lib/server_mutex.c               |    5 +++-
 source3/rpc_server/dcesrv_auth_generic.c |   38 ++++++++++++++++++++++----
 source3/winbindd/idmap_ad.c              |    5 ++-
 source4/dns_server/dns_query.c           |    8 +++++
 wscript                                  |    2 +-
 9 files changed, 100 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 65c66f3..fe110bd 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -776,9 +776,9 @@ def SETUP_CONFIGURE_CACHE(conf, enable):
 def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
     # we don't want any libraries or modules to rely on runtime
     # resolution of symbols
-    if sys.platform != "openbsd4" and sys.platform != "openbsd5":
+    if not sys.platform.startswith("openbsd"):
         conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
 
-    if sys.platform != "openbsd4" and sys.platform != "openbsd5" and conf.env.undefined_ignore_ldflags == []:
+    if not sys.platform.startswith("openbsd") and conf.env.undefined_ignore_ldflags == []:
         if conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup']):
             conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
index 2ae7fc8..0e33b77 100644
--- a/docs-xml/manpages/idmap_ad.8.xml
+++ b/docs-xml/manpages/idmap_ad.8.xml
@@ -22,9 +22,12 @@
 	id mappings from an AD server that uses RFC2307/SFU schema
 	extensions. This module implements only the "idmap"
 	API, and is READONLY. Mappings must be provided in advance
-	by the administrator by adding the posixAccount/posixGroup
-	classes and relative attribute/value pairs to the user and
-	group objects in the AD.</para>
+	by the administrator by adding the uidNumber attributes for
+	users and gidNumber attributes for groups in the AD. Winbind
+	will only map users that have a uidNumber and whose primary
+	group have a gidNumber attribute set. It is however
+	recommended that all groups in use have gidNumber attributes
+	assigned, otherwise they are not working.</para>
 
 	<para>
 	Currently, the <parameter>ad</parameter> backend
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 1ae5438..983d5a2 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -64,7 +64,7 @@ def configure(conf):
 
         # we don't want any libraries or modules to rely on runtime
         # resolution of symbols
-        if sys.platform != "openbsd4" and sys.platform != "openbsd5":
+        if not sys.platform.startswith("openbsd"):
             conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
 
     conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 49d699e..a29025d 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -510,6 +510,49 @@ class TestDNSUpdates(DNSTest):
         response = self.dns_transaction_udp(p)
         self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN)
 
+    def test_update_add_mx_record(self):
+        "test adding MX records works"
+        p = self.make_name_packet(dns.DNS_OPCODE_UPDATE)
+        updates = []
+
+        name = self.get_dns_domain()
+
+        u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+        updates.append(u)
+        self.finish_name_packet(p, updates)
+
+        updates = []
+        r = dns.res_rec()
+        r.name = "%s" % self.get_dns_domain()
+        r.rr_type = dns.DNS_QTYPE_MX
+        r.rr_class = dns.DNS_QCLASS_IN
+        r.ttl = 900
+        r.length = 0xffff
+        rdata = dns.mx_record()
+        rdata.preference = 10
+        rdata.exchange = 'mail.%s' % self.get_dns_domain()
+        r.rdata = rdata
+        updates.append(r)
+        p.nscount = len(updates)
+        p.nsrecs = updates
+
+        response = self.dns_transaction_udp(p)
+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+
+        p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+        questions = []
+
+        name = "%s" % self.get_dns_domain()
+        q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN)
+        questions.append(q)
+
+        self.finish_name_packet(p, questions)
+        response = self.dns_transaction_udp(p)
+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+        self.assertEqual(response.ancount, 1)
+        self.assertEqual(response.answers[0].rdata.preference, 10)
+        self.assertEqual(response.answers[0].rdata.exchange, 'mail.%s' % self.get_dns_domain())
+
 
 class TestComplexQueries(DNSTest):
 
diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c
index 619fbd0..38bf2ca 100644
--- a/source3/lib/server_mutex.c
+++ b/source3/lib/server_mutex.c
@@ -69,7 +69,10 @@ struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx, const char *name,
 	}
 
 	result->tdb = tdb_wrap_open(result, lock_path("mutex.tdb"), 0,
-				    TDB_DEFAULT, O_RDWR|O_CREAT, 0600, lp_ctx);
+				    TDB_DEFAULT |
+				    TDB_CLEAR_IF_FIRST |
+				    TDB_INCOMPATIBLE_HASH,
+				    O_RDWR|O_CREAT, 0600, lp_ctx);
 	talloc_unlink(result, lp_ctx);
 	if (result->tdb == NULL) {
 		DEBUG(1, ("Could not open mutex.tdb: %s\n",
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index c4c08b2..77d76fc 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -24,12 +24,12 @@
 #include "auth.h"
 #include "auth/gensec/gensec.h"
 
-NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
-					    uint8_t auth_type, uint8_t auth_level,
-					    DATA_BLOB *token_in,
-					    DATA_BLOB *token_out,
-					    const struct tsocket_address *remote_address,
-					    struct gensec_security **ctx)
+static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx,
+							   uint8_t auth_type, uint8_t auth_level,
+							   DATA_BLOB *token_in,
+							   DATA_BLOB *token_out,
+							   const struct tsocket_address *remote_address,
+							   struct gensec_security **ctx)
 {
 	struct gensec_security *gensec_security = NULL;
 	NTSTATUS status;
@@ -62,6 +62,27 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+					    uint8_t auth_type, uint8_t auth_level,
+					    DATA_BLOB *token_in,
+					    DATA_BLOB *token_out,
+					    const struct tsocket_address *remote_address,
+					    struct gensec_security **ctx)
+{
+	NTSTATUS status;
+	become_root();
+
+	/* this has to be done as root in order to create the messaging socket */
+	status = auth_generic_server_authtype_start_as_root(mem_ctx,
+							    auth_type, auth_level,
+							    token_in,
+							    token_out,
+							    remote_address,
+							    ctx);
+	unbecome_root();
+	return status;
+}
+
 NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security,
 			     TALLOC_CTX *mem_ctx,
 			     DATA_BLOB *token_in,
@@ -101,7 +122,12 @@ NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_securi
 {
 	NTSTATUS status;
 
+	/* this has to be done as root in order to get to the
+	 * messaging sockets for IDMAP and privilege.ldb in the AD
+	 * DC */
+	become_root();
 	status = gensec_session_info(gensec_security, mem_ctx, session_info);
+	unbecome_root();
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, (__location__ ": Failed to get authenticated user "
 			  "info: %s\n", nt_errstr(status)));
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index bfe7d4b..b92e3a9 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -452,7 +452,7 @@ again:
 				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
-			DEBUG(1, ("Could not get unix ID\n"));
+			DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id));
 			continue;
 		}
 
@@ -649,7 +649,8 @@ again:
 				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
-			DEBUG(1, ("Could not get unix ID\n"));
+			DEBUG(1, ("Could not get unix ID for SID %s\n",
+				sid_string_dbg(map->sid)));
 			continue;
 		}
 		if (!idmap_unix_id_is_in_range(id, dom)) {
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 54e0c7f..75f0e9f 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -89,6 +89,14 @@ static WERROR create_response_rr(const struct dns_name_question *question,
 	case DNS_QTYPE_PTR:
 		ans[ai].rdata.ptr_record = talloc_strdup(ans, rec->data.ptr);
 		break;
+	case DNS_QTYPE_MX:
+		ans[ai].rdata.mx_record.preference = rec->data.mx.wPriority;
+		ans[ai].rdata.mx_record.exchange = talloc_strdup(
+			ans, rec->data.mx.nameTarget);
+		if (ans[ai].rdata.mx_record.exchange == NULL) {
+			return WERR_NOMEM;
+		}
+		break;
 	case DNS_QTYPE_TXT:
 		tmp = talloc_asprintf(ans, "\"%s\"", rec->data.txt.str[0]);
 		W_ERROR_HAVE_NO_MEMORY(tmp);
diff --git a/wscript b/wscript
index de518ac..645deb2 100644
--- a/wscript
+++ b/wscript
@@ -148,7 +148,7 @@ def configure(conf):
     # allows us to find problems on our development hosts faster.
     # It also results in faster load time.
 
-    if sys.platform != "openbsd4":
+    if not sys.platform.startswith("openbsd"):
         conf.env.asneeded_ldflags = conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
 
     if not conf.CHECK_NEED_LC("-lc not needed"):


-- 
Samba Shared Repository


More information about the samba-cvs mailing list