[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Wed Jan 9 13:02:09 UTC 2019
The branch, v4-9-test has been updated
via d4b8049d781 s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts
via cb7dabb89d3 s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available
via 887030b71c9 s3:auth_winbind: remove fallback to optional backend
via 48af1338396 s3-smbd: avoid assuming fsp is always intact after close_file call.
via e7b344747eb lib/util: Count a trailing line that doesn't end in a newline
via 55e8277a975 samba-tool drs showrepl: do not crash if no dnsHostName found
via a1486390762 s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration
from 41889196769 s3:utils/smbget fix recursive download with empty source directories
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit d4b8049d78118be7b412f62367894caa43d40d5f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 8 23:25:40 2018 +0100
s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144
(cherry picked from commit 63dc60767eb13d8fc09ed4bc44faa538581b18f1)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Jan 9 14:01:30 CET 2019 on sn-devel-144
commit cb7dabb89d3aae8cb4c33831ec6a1daef2ee56ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 8 22:53:21 2018 +0100
s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit ec3adc1e5b3cc953576efa795dfb25af08a8ab79)
commit 887030b71c92615e65a6e9e2526aa9ed4d22e884
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 8 22:48:33 2018 +0100
s3:auth_winbind: remove fallback to optional backend
This is not possible anymore, as the trustdomain backend
was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit f3bac8c91121871bf8ce852bc3e3ea2e834d3f27)
commit 48af13383966c89ee4d1f20ca088bab33ecbf56c
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 18 11:10:04 2018 +0100
s3-smbd: avoid assuming fsp is always intact after close_file call.
Instead use the already copied smb_fname directly.
https://bugzilla.samba.org/show_bug.cgi?id=13720
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Dec 18 20:11:07 CET 2018 on sn-devel-144
(cherry picked from commit 90fab07f0710bb2061d3f14326c874dd049823fc)
commit e7b344747eb7df22e91d857f40c8babf94665e97
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Dec 14 14:43:57 2018 +1100
lib/util: Count a trailing line that doesn't end in a newline
If the final line of a file does not contain a newline then it isn't
included in the line count.
Change i to point to the next slot in the array instead of the current
one. This means that that the current line won't be thrown away if no
newline is seen.
Without changing i to unsigned int, the -O3 --picky -developer build
fails with:
[ 745/4136] Compiling lib/util/util_file.c
==> /builds/samba-team/devel/samba/samba-o3.stderr <==
../../lib/util/util_file.c: In function ‘file_lines_parse’:
../../lib/util/util_file.c:251:8: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
while (i > 0 && ret[i-1][0] == 0) {
^
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13717
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Dec 19 08:08:28 CET 2018 on sn-devel-144
(cherry picked from commit 5118985841aa0363147d552f243ab5a7d90dbdaf)
commit 55e8277a9751bbf00bc6ad6e5f12d9163ddbdf36
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Oct 11 11:59:52 2018 +1300
samba-tool drs showrepl: do not crash if no dnsHostName found
This should not happen, but it does sometimes in an autobuild
environment. Rather than reporting this by crashing, we report it by
showing there is no DNS name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13716
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144
(cherry picked from commit 2fc855e7d2458249ca6fc8ffdf1d7633ab84cc55)
commit a1486390762ed418cce0d54190ae3059228c18c7
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 19 09:38:33 2018 +0100
s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration
This happens on standalone servers, where winbindd is automatically
started by init scripts if it's installed. But it's not really
used and may not have a valid idmap configuration (
"idmap config * : range" has no default!)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1)
-----------------------------------------------------------------------
Summary of changes:
lib/util/tests/file.c | 152 ++++++++++++++++++++++++++++++++++++++++++++
lib/util/util_file.c | 6 +-
python/samba/netcmd/drs.py | 4 +-
source3/auth/auth.c | 2 +-
source3/auth/auth_winbind.c | 47 +++++++++-----
source3/auth/token_util.c | 18 +++++-
source3/smbd/smb2_close.c | 2 +-
7 files changed, 207 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/tests/file.c b/lib/util/tests/file.c
index f349c214f08..ca0416e20e6 100644
--- a/lib/util/tests/file.c
+++ b/lib/util/tests/file.c
@@ -60,6 +60,154 @@ static bool test_file_load_save(struct torture_context *tctx)
return true;
}
+#define TEST_DATA_WITH_NEWLINE TEST_DATA "\n"
+#define TEST_DATA_NO_NEWLINE TEST_DATA
+#define TEST_DATA_EMPTY ""
+#define TEST_DATA_BLANKS_ONLY "\n\n\n\n\n"
+#define TEST_DATA_WITH_TRAILING_BLANKS TEST_DATA TEST_DATA_BLANKS_ONLY
+
+static bool test_file_lines_load(struct torture_context *tctx)
+{
+ char **lines;
+ int numlines;
+ TALLOC_CTX *mem_ctx = tctx;
+
+ /*
+ * Last line has trailing whitespace
+ */
+
+ torture_assert(tctx,
+ file_save(TEST_FILENAME,
+ TEST_DATA_WITH_NEWLINE,
+ strlen(TEST_DATA_WITH_NEWLINE)),
+ "saving file");
+
+ lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+
+ torture_assert_int_equal(tctx, numlines, 3, "Lines");
+
+ torture_assert_mem_equal(tctx,
+ lines[0],
+ TEST_LINE1,
+ strlen(TEST_LINE1),
+ "Line 1");
+
+ torture_assert_mem_equal(tctx,
+ lines[1],
+ TEST_LINE2,
+ strlen(TEST_LINE2),
+ "Line 2");
+
+ torture_assert_mem_equal(tctx,
+ lines[2],
+ TEST_LINE3,
+ strlen(TEST_LINE3),
+ "Line 3");
+
+ unlink(TEST_FILENAME);
+
+ /*
+ * Last line has NO trailing whitespace
+ */
+
+ torture_assert(tctx,
+ file_save(TEST_FILENAME,
+ TEST_DATA_NO_NEWLINE,
+ strlen(TEST_DATA_NO_NEWLINE)),
+ "saving file");
+
+ lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+
+ torture_assert_int_equal(tctx, numlines, 3, "Lines");
+
+ torture_assert_mem_equal(tctx,
+ lines[0],
+ TEST_LINE1,
+ strlen(TEST_LINE1),
+ "Line 1");
+
+ torture_assert_mem_equal(tctx,
+ lines[1],
+ TEST_LINE2,
+ strlen(TEST_LINE2),
+ "Line 2");
+
+ torture_assert_mem_equal(tctx,
+ lines[2],
+ TEST_LINE3,
+ strlen(TEST_LINE3),
+ "Line 3");
+
+ unlink(TEST_FILENAME);
+
+ /*
+ * Empty file
+ */
+
+ torture_assert(tctx,
+ file_save(TEST_FILENAME,
+ TEST_DATA_EMPTY,
+ strlen(TEST_DATA_EMPTY)),
+ "saving file");
+
+ lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+
+ torture_assert_int_equal(tctx, numlines, 0, "Lines");
+
+ unlink(TEST_FILENAME);
+
+ /*
+ * Just blank lines
+ */
+
+ torture_assert(tctx,
+ file_save(TEST_FILENAME,
+ TEST_DATA_BLANKS_ONLY,
+ strlen(TEST_DATA_BLANKS_ONLY)),
+ "saving file");
+
+ lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+
+ torture_assert_int_equal(tctx, numlines, 0, "Lines");
+
+ unlink(TEST_FILENAME);
+
+ /*
+ * Several trailing blank lines
+ */
+
+ torture_assert(tctx,
+ file_save(TEST_FILENAME,
+ TEST_DATA_WITH_TRAILING_BLANKS,
+ strlen(TEST_DATA_WITH_TRAILING_BLANKS)),
+ "saving file");
+
+ lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+
+ torture_assert_int_equal(tctx, numlines, 3, "Lines");
+
+ torture_assert_mem_equal(tctx,
+ lines[0],
+ TEST_LINE1,
+ strlen(TEST_LINE1),
+ "Line 1");
+
+ torture_assert_mem_equal(tctx,
+ lines[1],
+ TEST_LINE2,
+ strlen(TEST_LINE2),
+ "Line 2");
+
+ torture_assert_mem_equal(tctx,
+ lines[2],
+ TEST_LINE3,
+ strlen(TEST_LINE3),
+ "Line 3");
+
+ unlink(TEST_FILENAME);
+
+ return true;
+}
static bool test_afdgets(struct torture_context *tctx)
{
@@ -102,6 +250,10 @@ struct torture_suite *torture_local_util_file(TALLOC_CTX *mem_ctx)
torture_suite_add_simple_test(suite, "file_load_save",
test_file_load_save);
+ torture_suite_add_simple_test(suite,
+ "file_lines_load",
+ test_file_lines_load);
+
torture_suite_add_simple_test(suite, "afdgets", test_afdgets);
return suite;
diff --git a/lib/util/util_file.c b/lib/util/util_file.c
index bf2f3e1a27f..926eda240f6 100644
--- a/lib/util/util_file.c
+++ b/lib/util/util_file.c
@@ -220,7 +220,7 @@ parse a buffer into lines
**/
char **file_lines_parse(char *p, size_t size, int *numlines, TALLOC_CTX *mem_ctx)
{
- int i;
+ unsigned int i;
char *s, **ret;
if (!p) return NULL;
@@ -238,11 +238,11 @@ char **file_lines_parse(char *p, size_t size, int *numlines, TALLOC_CTX *mem_ctx
talloc_steal(ret, p);
ret[0] = p;
- for (s = p, i=0; s < p+size; s++) {
+ for (s = p, i=1; s < p+size; s++) {
if (s[0] == '\n') {
s[0] = 0;
- i++;
ret[i] = s+1;
+ i++;
}
if (s[0] == '\r') s[0] = 0;
}
diff --git a/python/samba/netcmd/drs.py b/python/samba/netcmd/drs.py
index b8793b76606..a751cbb635a 100644
--- a/python/samba/netcmd/drs.py
+++ b/python/samba/netcmd/drs.py
@@ -302,7 +302,7 @@ class cmd_drs_showrepl(Command):
(errno, _) = e.args
if errno == ldb.ERR_NO_SUCH_OBJECT:
d['is deleted'] = True
- except KeyError:
+ except (KeyError, IndexError):
pass
d['replicates NC'] = []
@@ -360,7 +360,7 @@ class cmd_drs_showrepl(Command):
self.message("\tConnection name: %s" % d['name'])
self.message("\tEnabled : %s" % str(d['enabled']).upper())
- self.message("\tServer DNS name : %s" % d['dns name'])
+ self.message("\tServer DNS name : %s" % d.get('dns name'))
self.message("\tServer DN name : %s" % d['remote DN'])
self.message("\t\tTransportType: RPC")
self.message("\t\toptions: 0x%08X" % d['options'])
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index d13d0fe471c..0a96d591808 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -557,7 +557,7 @@ NTSTATUS make_auth3_context_for_netlogon(TALLOC_CTX *mem_ctx,
switch (lp_server_role()) {
case ROLE_DOMAIN_BDC:
case ROLE_DOMAIN_PDC:
- methods = "sam_netlogon3 winbind:trustdomain";
+ methods = "sam_netlogon3 winbind";
break;
default:
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 6bf2118037d..93b832265cf 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "auth.h"
+#include "passdb.h"
#include "nsswitch/libwbclient/wbclient.h"
#undef DBGC_CLASS
@@ -110,13 +111,37 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
}
if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
- struct auth_methods *auth_method =
- (struct auth_methods *)my_private_data;
+ struct pdb_trusted_domain **domains = NULL;
+ uint32_t num_domains = 0;
+ NTSTATUS status;
+
+ if (lp_server_role() == ROLE_DOMAIN_MEMBER) {
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ DBG_ERR("winbindd not running - "
+ "but required as domain member: %s\n",
+ nt_errstr(status));
+ return status;
+ }
- if ( auth_method )
- return auth_method->auth(auth_context, auth_method->private_data,
- mem_ctx, user_info, server_info);
- return NT_STATUS_LOGON_FAILURE;
+ status = pdb_enum_trusted_domains(talloc_tos(), &num_domains, &domains);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("pdb_enum_trusted_domains() failed - %s\n",
+ nt_errstr(status));
+ return status;
+ }
+ TALLOC_FREE(domains);
+
+ if (num_domains == 0) {
+ DBG_DEBUG("winbindd not running - ignoring without "
+ "trusted domains\n");
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ DBG_ERR("winbindd not running - "
+ "but required as DC with trusts: %s\n",
+ nt_errstr(status));
+ return status;
}
if (wbc_status == WBC_ERR_AUTH_ERROR) {
@@ -164,16 +189,6 @@ static NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char
result->name = "winbind";
result->auth = check_winbind_security;
- if (param && *param) {
- /* we load the 'fallback' module - if winbind isn't here, call this
- module */
- auth_methods *priv;
- if (!load_auth_module(auth_context, param, &priv)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- result->private_data = (void *)priv;
- }
-
*auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index f5b0e694433..ee38d6c9645 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -745,7 +745,23 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
status = create_builtin_guests(domain_sid);
unbecome_root();
- if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
+ /*
+ * NT_STATUS_PROTOCOL_UNREACHABLE:
+ * => winbindd is not running.
+ *
+ * NT_STATUS_ACCESS_DENIED:
+ * => no idmap config at all
+ * and wbint_AllocateGid()/winbind_allocate_gid()
+ * failed.
+ *
+ * NT_STATUS_NO_SUCH_GROUP:
+ * => no idmap config at all and
+ * "tdbsam:map builtin = no" means
+ * wbint_Sids2UnixIDs() fails.
+ */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) {
/*
* Add BUILTIN\Guests directly to token.
* But only if the token already indicates
diff --git a/source3/smbd/smb2_close.c b/source3/smbd/smb2_close.c
index 33863d32f5f..1888736e4ae 100644
--- a/source3/smbd/smb2_close.c
+++ b/source3/smbd/smb2_close.c
@@ -263,7 +263,7 @@ static NTSTATUS smbd_smb2_close(struct smbd_smb2_request *req,
status = close_file(smbreq, fsp, NORMAL_CLOSE);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("smbd_smb2_close: close_file[%s]: %s\n",
- fsp_str_dbg(fsp), nt_errstr(status)));
+ smb_fname_str_dbg(smb_fname), nt_errstr(status)));
return status;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list