[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Mon May 27 07:47:03 MDT 2013
The branch, v4-0-test has been updated
via 07073fb dns: Add support for MX queries
via 46e82a2 More generic check for OpenBSD platform
via 9b1fac4 docs: mention AD prerequirements for using idmap_ad
via f6f3849 winbind/idmap_ad: be verbose about the user that we fail to map
via 27a3cab s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST
via 671943a s3-rpc_server: Ensure we are root when starting and usiing gensec
from c497442 VERSION: Bump version number up to 4.0.7...
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 07073fb8b4efdf14629ada83ad97adecba4de29a
Author: Kai Blin <kai at samba.org>
Date: Mon Dec 10 05:50:05 2012 +1000
dns: Add support for MX queries
Due to an oversight, the internal DNS server supports MX record updates,
but not MX record queries. Add support for MX queries and tests.
This should fix bug #9485
Signed-off-by: Kai Blin <kai at samba.org>
Reviewed-By: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Mon May 27 15:46:22 CEST 2013 on sn-devel-104
commit 46e82a275cf3216d229912485b8939705e1a920c
Author: Vadim Zhukov <persgray at gmail.com>
Date: Fri May 17 12:43:08 2013 +0400
More generic check for OpenBSD platform
OpenBSD versioning is different from many other
projects, and, say, 5.0 does not differ from 4.9 more than from 5.1. So the
right approach will be to check that platform name starts with "openbsd"
instead. This is also the thing OpenBSD developers do when patching other
software, so this patch is consistent with already existing practicies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9888
Reviewed-by: Lars Müller <lars at samba.org>
Reviewed-by: Björn Jacke <bj at sernet.de>
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Fri May 17 17:58:16 CEST 2013 on sn-devel-104
(cherry picked from commit 2fda6c47f4aa46dbb42028732207a94821881c67)
commit 9b1fac4bcb3af0688af5e26b931144c0c3e97735
Author: Björn Jacke <bj at sernet.de>
Date: Wed May 15 15:52:25 2013 +0200
docs: mention AD prerequirements for using idmap_ad
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c3057f69a274f0d8e0e66183bd5e8be7703b6750)
The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group
field.
commit f6f3849d46ae9a293e8524f14356a65246f4e3de
Author: Björn Jacke <bj at sernet.de>
Date: Tue May 14 16:51:28 2013 +0200
winbind/idmap_ad: be verbose about the user that we fail to map
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit f08205be7003f6c0a15fd5fd99d01951164ad15c)
commit 27a3caba2916dc13c006d418e0d4b7f771dd687e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 28 11:04:31 2013 +0100
s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST
/var/lock/samba is typically on tpmfs.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 821171e422133d64e7c07b4d610984c33cd23244)
Fix bug #9805 - s3:lib/server_mutex: open mutex.tdb with CLEAR_IF_FIRST.
commit 671943a7e19c91a207909c44655f28dc319b5efa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 2 16:29:21 2013 +1200
s3-rpc_server: Ensure we are root when starting and usiing gensec
This fixes bug 9465.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 10f6926aaa6a8c49b29e183d12f6f767072ecff7)
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_autoconf.py | 4 +-
docs-xml/manpages/idmap_ad.8.xml | 9 ++++--
lib/ldb/wscript | 2 +-
python/samba/tests/dns.py | 43 ++++++++++++++++++++++++++++++
source3/lib/server_mutex.c | 5 +++-
source3/rpc_server/dcesrv_auth_generic.c | 38 ++++++++++++++++++++++----
source3/winbindd/idmap_ad.c | 5 ++-
source4/dns_server/dns_query.c | 8 +++++
wscript | 2 +-
9 files changed, 100 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 65c66f3..fe110bd 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -776,9 +776,9 @@ def SETUP_CONFIGURE_CACHE(conf, enable):
def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
# we don't want any libraries or modules to rely on runtime
# resolution of symbols
- if sys.platform != "openbsd4" and sys.platform != "openbsd5":
+ if not sys.platform.startswith("openbsd"):
conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
- if sys.platform != "openbsd4" and sys.platform != "openbsd5" and conf.env.undefined_ignore_ldflags == []:
+ if not sys.platform.startswith("openbsd") and conf.env.undefined_ignore_ldflags == []:
if conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup']):
conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
index 2ae7fc8..0e33b77 100644
--- a/docs-xml/manpages/idmap_ad.8.xml
+++ b/docs-xml/manpages/idmap_ad.8.xml
@@ -22,9 +22,12 @@
id mappings from an AD server that uses RFC2307/SFU schema
extensions. This module implements only the "idmap"
API, and is READONLY. Mappings must be provided in advance
- by the administrator by adding the posixAccount/posixGroup
- classes and relative attribute/value pairs to the user and
- group objects in the AD.</para>
+ by the administrator by adding the uidNumber attributes for
+ users and gidNumber attributes for groups in the AD. Winbind
+ will only map users that have a uidNumber and whose primary
+ group have a gidNumber attribute set. It is however
+ recommended that all groups in use have gidNumber attributes
+ assigned, otherwise they are not working.</para>
<para>
Currently, the <parameter>ad</parameter> backend
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 1ae5438..983d5a2 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -64,7 +64,7 @@ def configure(conf):
# we don't want any libraries or modules to rely on runtime
# resolution of symbols
- if sys.platform != "openbsd4" and sys.platform != "openbsd5":
+ if not sys.platform.startswith("openbsd"):
conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 49d699e..a29025d 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -510,6 +510,49 @@ class TestDNSUpdates(DNSTest):
response = self.dns_transaction_udp(p)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN)
+ def test_update_add_mx_record(self):
+ "test adding MX records works"
+ p = self.make_name_packet(dns.DNS_OPCODE_UPDATE)
+ updates = []
+
+ name = self.get_dns_domain()
+
+ u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+ updates.append(u)
+ self.finish_name_packet(p, updates)
+
+ updates = []
+ r = dns.res_rec()
+ r.name = "%s" % self.get_dns_domain()
+ r.rr_type = dns.DNS_QTYPE_MX
+ r.rr_class = dns.DNS_QCLASS_IN
+ r.ttl = 900
+ r.length = 0xffff
+ rdata = dns.mx_record()
+ rdata.preference = 10
+ rdata.exchange = 'mail.%s' % self.get_dns_domain()
+ r.rdata = rdata
+ updates.append(r)
+ p.nscount = len(updates)
+ p.nsrecs = updates
+
+ response = self.dns_transaction_udp(p)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ name = "%s" % self.get_dns_domain()
+ q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ response = self.dns_transaction_udp(p)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assertEqual(response.ancount, 1)
+ self.assertEqual(response.answers[0].rdata.preference, 10)
+ self.assertEqual(response.answers[0].rdata.exchange, 'mail.%s' % self.get_dns_domain())
+
class TestComplexQueries(DNSTest):
diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c
index 619fbd0..38bf2ca 100644
--- a/source3/lib/server_mutex.c
+++ b/source3/lib/server_mutex.c
@@ -69,7 +69,10 @@ struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx, const char *name,
}
result->tdb = tdb_wrap_open(result, lock_path("mutex.tdb"), 0,
- TDB_DEFAULT, O_RDWR|O_CREAT, 0600, lp_ctx);
+ TDB_DEFAULT |
+ TDB_CLEAR_IF_FIRST |
+ TDB_INCOMPATIBLE_HASH,
+ O_RDWR|O_CREAT, 0600, lp_ctx);
talloc_unlink(result, lp_ctx);
if (result->tdb == NULL) {
DEBUG(1, ("Could not open mutex.tdb: %s\n",
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index c4c08b2..77d76fc 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -24,12 +24,12 @@
#include "auth.h"
#include "auth/gensec/gensec.h"
-NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
- uint8_t auth_type, uint8_t auth_level,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
- const struct tsocket_address *remote_address,
- struct gensec_security **ctx)
+static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx)
{
struct gensec_security *gensec_security = NULL;
NTSTATUS status;
@@ -62,6 +62,27 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx)
+{
+ NTSTATUS status;
+ become_root();
+
+ /* this has to be done as root in order to create the messaging socket */
+ status = auth_generic_server_authtype_start_as_root(mem_ctx,
+ auth_type, auth_level,
+ token_in,
+ token_out,
+ remote_address,
+ ctx);
+ unbecome_root();
+ return status;
+}
+
NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in,
@@ -101,7 +122,12 @@ NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_securi
{
NTSTATUS status;
+ /* this has to be done as root in order to get to the
+ * messaging sockets for IDMAP and privilege.ldb in the AD
+ * DC */
+ become_root();
status = gensec_session_info(gensec_security, mem_ctx, session_info);
+ unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, (__location__ ": Failed to get authenticated user "
"info: %s\n", nt_errstr(status)));
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index bfe7d4b..b92e3a9 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -452,7 +452,7 @@ again:
ctx->ad_schema->posix_gidnumber_attr,
&id))
{
- DEBUG(1, ("Could not get unix ID\n"));
+ DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id));
continue;
}
@@ -649,7 +649,8 @@ again:
ctx->ad_schema->posix_gidnumber_attr,
&id))
{
- DEBUG(1, ("Could not get unix ID\n"));
+ DEBUG(1, ("Could not get unix ID for SID %s\n",
+ sid_string_dbg(map->sid)));
continue;
}
if (!idmap_unix_id_is_in_range(id, dom)) {
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 54e0c7f..75f0e9f 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -89,6 +89,14 @@ static WERROR create_response_rr(const struct dns_name_question *question,
case DNS_QTYPE_PTR:
ans[ai].rdata.ptr_record = talloc_strdup(ans, rec->data.ptr);
break;
+ case DNS_QTYPE_MX:
+ ans[ai].rdata.mx_record.preference = rec->data.mx.wPriority;
+ ans[ai].rdata.mx_record.exchange = talloc_strdup(
+ ans, rec->data.mx.nameTarget);
+ if (ans[ai].rdata.mx_record.exchange == NULL) {
+ return WERR_NOMEM;
+ }
+ break;
case DNS_QTYPE_TXT:
tmp = talloc_asprintf(ans, "\"%s\"", rec->data.txt.str[0]);
W_ERROR_HAVE_NO_MEMORY(tmp);
diff --git a/wscript b/wscript
index de518ac..645deb2 100644
--- a/wscript
+++ b/wscript
@@ -148,7 +148,7 @@ def configure(conf):
# allows us to find problems on our development hosts faster.
# It also results in faster load time.
- if sys.platform != "openbsd4":
+ if not sys.platform.startswith("openbsd"):
conf.env.asneeded_ldflags = conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
if not conf.CHECK_NEED_LC("-lc not needed"):
--
Samba Shared Repository
More information about the samba-cvs
mailing list