[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Fri Jul 21 21:30:03 UTC 2017
The branch, master has been updated
via 13f9192 s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
via 5c1e2f5 winbindd: avoid refreshing sequence number when domain is offline
via c819c7d winbindd: queryuser - only get group name if needed
via e3a151e winbindd: cache name-to-sid from PAC based on lookup domain
from 1dcacff vfs_ceph: fix cephwrap_chdir()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 13f91927e0f642e58c70d7b0b2f68df861ac661c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 20 11:56:21 2017 +0200
s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6.
Sadly we can't have automated tests for this as we only implement
the client side for this protocol.
I've tested with using:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
commit 5c1e2f564ba75212be9fc48f8a6788a017060420
Author: Uri Simchoni <uri at samba.org>
Date: Wed Jun 7 20:34:33 2017 +0300
winbindd: avoid refreshing sequence number when domain is offline
When there's no connectivity to the domain, avoid attempt to
refresh sequence number. Before the change, this was avoided
only if winbind offline logon was enabled. However, being
able to operate based on cached data is desired even when
offline logons are disabled (offline logons are about caching
credentials for PAM authentication, a user may not want this
and still want service from the SMB server during short
AD disconnects).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c819c7d58f05692628eb9673dfdca5dc1d212d43
Author: Uri Simchoni <uri at samba.org>
Date: Wed Jun 7 20:33:57 2017 +0300
winbindd: queryuser - only get group name if needed
When calculating the user entry for a user, the
primary group id *name* might be needed if it is
part of a home dir / shell template (%g or %G).
Only resolve primary group SID to primary group name
if it is needed, thereby saving a round-trip to the DC
(and better handling situations where it is disconnected).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e3a151e2472d97891c97cc898f27f3ccf712bf35
Author: Uri Simchoni <uri at samba.org>
Date: Wed Jun 7 20:33:24 2017 +0300
winbindd: cache name-to-sid from PAC based on lookup domain
The name-to-sid lookup for trusted domains is not necessarily
done against the domain - in AD member case it is done
against the primary domain. Therefore the caching should also
be done against the lookup domain.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/wb_queryuser.c | 26 ++++++++++++++++++++++++--
source3/winbindd/winbindd_pam.c | 2 +-
source3/winbindd/winbindd_util.c | 3 ---
source4/lib/http/gensec/ntlm.c | 2 +-
4 files changed, 26 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 69b4c8d..1c91949 100644
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -202,6 +202,8 @@ static void wb_queryuser_done(struct tevent_req *subreq)
req, struct wb_queryuser_state);
struct wbint_userinfo *info = state->info;
NTSTATUS status, result;
+ bool need_group_name = false;
+ const char *tmpl = NULL;
status = dcerpc_wbint_GetNssInfo_recv(subreq, info, &result);
TALLOC_FREE(subreq);
@@ -236,7 +238,16 @@ static void wb_queryuser_done(struct tevent_req *subreq)
return;
}
- if (state->info->primary_group_name == NULL) {
+ tmpl = lp_template_homedir();
+ if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+ need_group_name = true;
+ }
+ tmpl = lp_template_shell();
+ if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+ need_group_name = true;
+ }
+
+ if (need_group_name && state->info->primary_group_name == NULL) {
subreq = wb_lookupsid_send(state, state->ev, &info->group_sid);
if (tevent_req_nomem(subreq, req)) {
return;
@@ -291,6 +302,8 @@ static void wb_queryuser_got_gid(struct tevent_req *subreq)
req, struct wb_queryuser_state);
struct unixid xid;
NTSTATUS status;
+ bool need_group_name = false;
+ const char *tmpl = NULL;
status = wb_sids2xids_recv(subreq, &xid, 1);
TALLOC_FREE(subreq);
@@ -305,7 +318,16 @@ static void wb_queryuser_got_gid(struct tevent_req *subreq)
state->info->primary_gid = xid.id;
- if (state->info->primary_group_name == NULL) {
+ tmpl = lp_template_homedir();
+ if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+ need_group_name = true;
+ }
+ tmpl = lp_template_shell();
+ if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+ need_group_name = true;
+ }
+
+ if (need_group_name && state->info->primary_group_name == NULL) {
subreq = wb_lookupsid_send(state, state->ev,
&state->info->group_sid);
if (tevent_req_nomem(subreq, req)) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 8abd8f0..37b0c09 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2664,7 +2664,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
* We're in the parent here, so find the child
* pointer from the PAC domain name.
*/
- domain = find_domain_from_name_noinit(
+ domain = find_lookup_domain_from_name(
info3_copy->base.logon_domain.string);
if (domain && domain->primary ) {
struct dom_sid user_sid;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index d2a091a..6eed02e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1619,9 +1619,6 @@ void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
bool is_domain_offline(const struct winbindd_domain *domain)
{
- if (!lp_winbind_offline_logon()) {
- return false;
- }
if (get_global_winbindd_state_offline()) {
return true;
}
diff --git a/source4/lib/http/gensec/ntlm.c b/source4/lib/http/gensec/ntlm.c
index 7d692ed..788fb7d 100644
--- a/source4/lib/http/gensec/ntlm.c
+++ b/source4/lib/http/gensec/ntlm.c
@@ -134,7 +134,7 @@ static void gensec_http_ntlm_update_done(struct tevent_req *subreq)
}
state->out = data_blob_string_const(str);
- return;
+ tevent_req_done(req);
}
static NTSTATUS gensec_http_ntlm_update_recv(struct tevent_req *req,
--
Samba Shared Repository
More information about the samba-cvs
mailing list