[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue May 22 00:43:03 UTC 2018


The branch, master has been updated
       via  20fda4f auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.
       via  8cd905d s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level
       via  e1ede0b auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
      from  f93cc23 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 20fda4f600c46e73571709f718c78017b9b037a2
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 21 13:58:12 2018 +1200

    auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144

commit 8cd905d5751457de35010285793a191d10ecdb04
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 21 13:53:01 2018 +1200

    s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level
    
    Selftest logs are full of calls to security_token_debug() with no context
    and this is never a log level 0 event, so tidy it up.
    
    The RODC would trigger this each time there is an attempted preload
    of a user in the Denied RODC replication group.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit e1ede0b1ffd128707bb4b5ae271c82cb8e2de26c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 21 13:51:16 2018 +1200

    auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/ntlm/auth.c                    | 3 +++
 source4/auth/ntlm/auth_anonymous.c          | 3 +++
 source4/auth/ntlm/auth_developer.c          | 3 +++
 source4/auth/ntlm/auth_sam.c                | 3 +++
 source4/auth/ntlm/auth_server_service.c     | 3 +++
 source4/auth/ntlm/auth_simple.c             | 3 +++
 source4/auth/ntlm/auth_unix.c               | 3 +++
 source4/auth/ntlm/auth_util.c               | 3 +++
 source4/auth/ntlm/auth_winbind.c            | 3 +++
 source4/auth/sam.c                          | 5 ++++-
 source4/auth/session.c                      | 6 +++++-
 source4/auth/system_session.c               | 2 ++
 source4/auth/unix_token.c                   | 9 ++++++---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 ++-
 source4/rpc_server/drsuapi/drsutil.c        | 4 ++--
 15 files changed, 48 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1293b28..e560116 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -34,6 +34,9 @@
 #include "auth/kerberos/kerberos_util.h"
 #include "libds/common/roles.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 static NTSTATUS auth_generate_session_info_wrapper(struct auth4_context *auth_context,
 						   TALLOC_CTX *mem_ctx,
                                                   void *server_returned_info,
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index e8a9ed3..83aeb43 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -24,6 +24,9 @@
 #include "auth/ntlm/auth_proto.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *);
 
 /**
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 8703577..b655283 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -24,6 +24,9 @@
 #include "auth/ntlm/auth_proto.h"
 #include "libcli/security/security.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *);
 
 static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index d63a7d1..fb88cb8 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -37,6 +37,9 @@
 #include "libcli/auth/libcli_auth.h"
 #include "libds/common/roles.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 NTSTATUS auth_sam_init(void);
 
 extern const char *user_attrs[];
diff --git a/source4/auth/ntlm/auth_server_service.c b/source4/auth/ntlm/auth_server_service.c
index 9ac080a..7fbb1fe 100644
--- a/source4/auth/ntlm/auth_server_service.c
+++ b/source4/auth/ntlm/auth_server_service.c
@@ -20,6 +20,9 @@
 #include "includes.h"
 #include "auth/auth.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 NTSTATUS server_service_auth_init(TALLOC_CTX *ctx)
 {
 	return auth4_init();
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index d7811b9..273e488 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -27,6 +27,9 @@
 #include "auth/auth.h"
 #include "dsdb/samdb/samdb.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 struct authenticate_ldap_simple_bind_state {
 	bool using_tls;
 	struct auth4_context *auth_context;
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index c01ec35..67cd5f3 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -28,6 +28,9 @@
 #include "../libcli/auth/pam_errors.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *);
 
 /* TODO: look at how to best fill in parms retrieveing a struct passwd info
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
index 5084cc4..af89130 100644
--- a/source4/auth/ntlm/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
@@ -29,6 +29,9 @@
 #include "librpc/gen_ndr/drsuapi.h"
 #include "dsdb/samdb/samdb.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 /* this default function can be used by mostly all backends
  * which don't want to set a challenge
  */
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index a3efde8..318675f 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -35,6 +35,9 @@
 #include "dsdb/samdb/samdb.h"
 #include "auth/auth_sam.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *);
 
 static NTSTATUS winbind_want_check(struct auth_method_context *ctx,
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index fb309f5..9d1fc65 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,7 +32,10 @@
 #include "param/param.h"
 #include "librpc/gen_ndr/ndr_winbind_c.h"
 
-#define KRBTGT_ATTRS \
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+#define KRBTGT_ATTRS				\
 	/* required for the krb5 kdc */		\
 	"objectClass",				\
 	"sAMAccountName",			\
diff --git a/source4/auth/session.c b/source4/auth/session.c
index c27d273..e324ecf 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -34,6 +34,9 @@
 #include <gssapi/gssapi.h>
 #include "libcli/wbclient/wbclient.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, 
 					    struct loadparm_context *lp_ctx)
 {
@@ -415,5 +418,6 @@ void auth_session_info_debug(int dbg_lev,
 		return;	
 	}
 
-	security_token_debug(0, dbg_lev, session_info->security_token);
+	security_token_debug(DBGC_AUTH, dbg_lev,
+			     session_info->security_token);
 }
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 4c5290d..1d238ee 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -29,6 +29,8 @@
 #include "auth/session.h"
 #include "auth/system_session_proto.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
 
 /*
   prevent the static system session being freed
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index e5eb0aa..492149b 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -25,6 +25,9 @@
 #include "libcli/wbclient/wbclient.h"
 #include "param/param.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
 /*
   form a security_unix_token from the current security_token
 */
@@ -76,7 +79,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 		char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
 		DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID.  Conversion was returned as type %d, full token:\n",
 			  sid_str, (int)ids[0].xid.type));
-		security_token_debug(0, 0, token);
+		security_token_debug(DBGC_AUTH, 0, token);
 		talloc_free(sid_str);
 		return NT_STATUS_INVALID_SID;
 	}
@@ -90,7 +93,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 		char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
 		DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID.  Conversion was returned as type %d, full token:\n",
 			  sid_str, (int)ids[1].xid.type));
-		security_token_debug(0, 0, token);
+		security_token_debug(DBGC_AUTH, 0, token);
 		talloc_free(sid_str);
 		return NT_STATUS_INVALID_SID;
 	}
@@ -104,7 +107,7 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 			char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
 			DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID.  Conversion was returned as type %d, full token:\n",
 				  sid_str, (unsigned int)s, (int)ids[s].xid.type));
-			security_token_debug(0, 0, token);
+			security_token_debug(DBGC_AUTH, 0, token);
 			talloc_free(sid_str);
 			return NT_STATUS_INVALID_SID;
 		}
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 250b4c7..eac96a3 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -1018,7 +1018,8 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
 		level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
 		if (level < SECURITY_DOMAIN_CONTROLLER) {
 			DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2,
+					     dce_call->conn->auth_state.session_info->security_token);
 			return WERR_DS_DRA_ACCESS_DENIED;
 		}
 	}
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index 53bcb16..6fe254a 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -107,7 +107,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
 		if (call) {
 			DEBUG(0,("%s refused for security token (level=%u)\n",
 				 call, (unsigned)level));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2, dce_call->conn->auth_state.session_info->security_token);
 		}
 		return WERR_DS_DRA_ACCESS_DENIED;
 	}
@@ -170,7 +170,7 @@ static WERROR drs_security_access_check_log(struct ldb_context *sam_ctx,
 	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
 		DEBUG(3,("%s refused for security token on %s\n",
 			 ext_right, ldb_dn_get_linearized(dn)));
-		security_token_debug(2, 0, token);
+		security_token_debug(DBGC_DRS_REPL, 3, token);
 		return WERR_DS_DRA_ACCESS_DENIED;
 	} else if (ret != LDB_SUCCESS) {
 		DEBUG(1,("Failed to perform access check on %s: %s\n", ldb_dn_get_linearized(dn), ldb_strerror(ret)));


-- 
Samba Shared Repository



More information about the samba-cvs mailing list