[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Jul 21 21:30:03 UTC 2017 

The branch, master has been updated
       via  13f9192 s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
       via  5c1e2f5 winbindd: avoid refreshing sequence number when domain is offline
       via  c819c7d winbindd: queryuser - only get group name if needed
       via  e3a151e winbindd: cache name-to-sid from PAC based on lookup domain
      from  1dcacff vfs_ceph: fix cephwrap_chdir()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 13f91927e0f642e58c70d7b0b2f68df861ac661c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Jul 20 11:56:21 2017 +0200

    s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
    
    This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6.
    
    Sadly we can't have automated tests for this as we only implement
    the client side for this protocol.
    
    I've tested with using:
    
    bin/smbtorture \
      -W BLA --realm=BLA.BASE \
      -s /dev/null -Uadministrator%A1b2C3d4 \
      ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
      rpc.epmapper.epmapper.Lookup_simple \
    
    and:
    
    bin/smbtorture \
      -W BLA --realm=BLA.BASE \
      -s /dev/null -Uadministrator%A1b2C3d4 \
      ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
      rpc.epmapper.epmapper.Lookup_simple \
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144

commit 5c1e2f564ba75212be9fc48f8a6788a017060420
Author: Uri Simchoni <uri at samba.org>
Date:   Wed Jun 7 20:34:33 2017 +0300

    winbindd: avoid refreshing sequence number when domain is offline
    
    When there's no connectivity to the domain, avoid attempt to
    refresh sequence number. Before the change, this was avoided
    only if winbind offline logon was enabled. However, being
    able to operate based on cached data is desired even when
    offline logons are disabled (offline logons are about caching
    credentials for PAM authentication, a user may not want this
    and still want service from the SMB server during short
    AD disconnects).
    
    Signed-off-by: Uri Simchoni <uri at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit c819c7d58f05692628eb9673dfdca5dc1d212d43
Author: Uri Simchoni <uri at samba.org>
Date:   Wed Jun 7 20:33:57 2017 +0300

    winbindd: queryuser - only get group name if needed
    
    When calculating the user entry for a user, the
    primary group id *name* might be needed if it is
    part of a home dir / shell template (%g or %G).
    
    Only resolve primary group SID to primary group name
    if it is needed, thereby saving a round-trip to the DC
    (and better handling situations where it is disconnected).
    
    Signed-off-by: Uri Simchoni <uri at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit e3a151e2472d97891c97cc898f27f3ccf712bf35
Author: Uri Simchoni <uri at samba.org>
Date:   Wed Jun 7 20:33:24 2017 +0300

    winbindd: cache name-to-sid from PAC based on lookup domain
    
    The name-to-sid lookup for trusted domains is not necessarily
    done against the domain - in AD member case it is done
    against the primary domain. Therefore the caching should also
    be done against the lookup domain.
    
    Signed-off-by: Uri Simchoni <uri at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/wb_queryuser.c  | 26 ++++++++++++++++++++++++--
 source3/winbindd/winbindd_pam.c  |  2 +-
 source3/winbindd/winbindd_util.c |  3 ---
 source4/lib/http/gensec/ntlm.c   |  2 +-
 4 files changed, 26 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 69b4c8d..1c91949 100644
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -202,6 +202,8 @@ static void wb_queryuser_done(struct tevent_req *subreq)
 		req, struct wb_queryuser_state);
 	struct wbint_userinfo *info = state->info;
 	NTSTATUS status, result;
+	bool need_group_name = false;
+	const char *tmpl = NULL;
 
 	status = dcerpc_wbint_GetNssInfo_recv(subreq, info, &result);
 	TALLOC_FREE(subreq);
@@ -236,7 +238,16 @@ static void wb_queryuser_done(struct tevent_req *subreq)
 		return;
 	}
 
-	if (state->info->primary_group_name == NULL) {
+	tmpl = lp_template_homedir();
+	if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+		need_group_name = true;
+	}
+	tmpl = lp_template_shell();
+	if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+		need_group_name = true;
+	}
+
+	if (need_group_name && state->info->primary_group_name == NULL) {
 		subreq = wb_lookupsid_send(state, state->ev, &info->group_sid);
 		if (tevent_req_nomem(subreq, req)) {
 			return;
@@ -291,6 +302,8 @@ static void wb_queryuser_got_gid(struct tevent_req *subreq)
 		req, struct wb_queryuser_state);
 	struct unixid xid;
 	NTSTATUS status;
+	bool need_group_name = false;
+	const char *tmpl = NULL;
 
 	status = wb_sids2xids_recv(subreq, &xid, 1);
 	TALLOC_FREE(subreq);
@@ -305,7 +318,16 @@ static void wb_queryuser_got_gid(struct tevent_req *subreq)
 
 	state->info->primary_gid = xid.id;
 
-	if (state->info->primary_group_name == NULL) {
+	tmpl = lp_template_homedir();
+	if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+		need_group_name = true;
+	}
+	tmpl = lp_template_shell();
+	if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
+		need_group_name = true;
+	}
+
+	if (need_group_name && state->info->primary_group_name == NULL) {
 		subreq = wb_lookupsid_send(state, state->ev,
 					   &state->info->group_sid);
 		if (tevent_req_nomem(subreq, req)) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 8abd8f0..37b0c09 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2664,7 +2664,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 		 * We're in the parent here, so find the child
 		 * pointer from the PAC domain name.
 		 */
-		domain = find_domain_from_name_noinit(
+		domain = find_lookup_domain_from_name(
 				info3_copy->base.logon_domain.string);
 		if (domain && domain->primary ) {
 			struct dom_sid user_sid;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index d2a091a..6eed02e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1619,9 +1619,6 @@ void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
 
 bool is_domain_offline(const struct winbindd_domain *domain)
 {
-	if (!lp_winbind_offline_logon()) {
-		return false;
-	}
 	if (get_global_winbindd_state_offline()) {
 		return true;
 	}
diff --git a/source4/lib/http/gensec/ntlm.c b/source4/lib/http/gensec/ntlm.c
index 7d692ed..788fb7d 100644
--- a/source4/lib/http/gensec/ntlm.c
+++ b/source4/lib/http/gensec/ntlm.c
@@ -134,7 +134,7 @@ static void gensec_http_ntlm_update_done(struct tevent_req *subreq)
 	}
 
 	state->out = data_blob_string_const(str);
-	return;
+	tevent_req_done(req);
 }
 
 static NTSTATUS gensec_http_ntlm_update_recv(struct tevent_req *req,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list