[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Sat May 12 10:06:02 UTC 2018 

The branch, master has been updated
       via  77ea31b devel: removing unused code from chgkrbtgtpass
       via  8b72d4c samdb rid: clear cache to prevent old ntds_guid
       via  6a09162 ldb: removing prior secret from logs
      from  b9d01fd ctdb-scripts: Drop CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES options

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 77ea31bccfc63980cd112c87b2aaf7eb7b5cf549
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Tue May 1 15:54:07 2018 +1200

    devel: removing unused code from chgkrbtgtpass
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Sat May 12 12:05:31 CEST 2018 on sn-devel-144

commit 8b72d4c7bbb8462232d685e17612b06b4cca57f2
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Tue May 1 15:51:10 2018 +1200

    samdb rid: clear cache to prevent old ntds_guid
    
    During the new samba-tool domain backup restore the NTDS GUID changes
    as the server is taken over by the new DC record.
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

commit 6a09162df6bd38098253b50a7ac32bfdc8dbf9d4
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Tue May 1 11:10:40 2018 +1200

    ldb: removing prior secret from logs
    
    priorSecret, like secret, can contain a machine account password
    (for secrets.ldb) and so should not be printed in a debug
    trace.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13353
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb-samba/ldif_handlers.c             | 3 ++-
 python/samba/upgradehelpers.py            | 5 ++---
 source4/dsdb/samdb/ldb_modules/ridalloc.c | 6 ++++++
 source4/scripting/devel/chgkrbtgtpass     | 5 +----
 4 files changed, 11 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 591bd1e..ecc02e5 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -1706,7 +1706,8 @@ const struct ldb_schema_syntax *ldb_samba_syntax_by_lDAPDisplayName(struct ldb_c
 	return s;
 }
 
-static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret", NULL};
+static const char *secret_attributes[] = {DSDB_SECRET_ATTRIBUTES, "secret",
+                                          "priorSecret", NULL};
 
 /*
   register the samba ldif handlers
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index d4f6944..14fe3e0 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -645,11 +645,10 @@ def update_dns_account_password(samdb, secrets_ldb, names):
 
         secrets_ldb.modify(msg)
 
-def update_krbtgt_account_password(samdb, names):
+def update_krbtgt_account_password(samdb):
     """Update (change) the password of the krbtgt account
 
-    :param samdb: An LDB object related to the sam.ldb file of a given provision
-    :param names: List of key provision parameters"""
+    :param samdb: An LDB object related to the sam.ldb file of a given provision"""
 
     expression = "samAccountName=krbtgt"
     res = samdb.search(expression=expression, attrs=[])
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
index abfe14a..b436b9b 100644
--- a/source4/dsdb/samdb/ldb_modules/ridalloc.c
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -443,6 +443,12 @@ int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *mem_ctx,
 		return ldb_operr(ldb_module_get_ctx(module));
 	}
 
+	/* clear the cache so we don't get an old ntds_guid */
+	if (ldb_set_opaque(ldb, "cache.ntds_guid", NULL) != LDB_SUCCESS) {
+		talloc_free(tmp_ctx);
+		return ldb_operr(ldb_module_get_ctx(module));
+	}
+
 	our_ntds_guid = samdb_ntds_objectGUID(ldb_module_get_ctx(module));
 	if (!our_ntds_guid) {
 		talloc_free(tmp_ctx);
diff --git a/source4/scripting/devel/chgkrbtgtpass b/source4/scripting/devel/chgkrbtgtpass
index 7e4f9fb..12be1bc 100644
--- a/source4/scripting/devel/chgkrbtgtpass
+++ b/source4/scripting/devel/chgkrbtgtpass
@@ -56,8 +56,5 @@ session = system_session()
 ldbs = get_ldbs(paths, creds, session, lp)
 ldbs.startTransactions()
 
-names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
-                                      paths, smbconf, lp)
-
-update_krbtgt_account_password(ldbs.sam, names)
+update_krbtgt_account_password(ldbs.sam)
 ldbs.groupedCommit()


-- 
Samba Shared Repository

More information about the samba-cvs mailing list