[SCM] Samba Shared Repository - branch v4-11-stable updated

Karolin Seeger kseeger at samba.org
Tue Aug 25 07:51:54 UTC 2020


The branch, v4-11-stable has been updated
       via  1bd81cac381 VERSION: Disable GIT_SNAPSHOT for the 4.11.12 release.
       via  f1636226f12 WHATSNEW: Add release notes for Samba 4.11.12.
       via  684d4d70391 util: Add cmocka unit test for directory_create_or_exists
       via  2d5e88dc84b util: Allow symlinks in directory_create_or_exist
       via  bb08c9b1f08 dbcheck: Allow a dangling forward link outside our known NCs
       via  b3d08729d1b s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
       via  7a431cb5b5c s3:leases: log errors with level 0 in leases_db_do_locked_fn()
       via  eb14d8850f8 smbd: check for stale pid in get_lease_type()
       via  37e41647813 smbd: let get_lease_type() take a non-const share_mode_entry
       via  fc4f7104690 smbd: inverse if/else logic in get_lease_type()
       via  4d5312be999 s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
       via  58bc493c779 smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
       via  c8507d0af5c docs: Fix documentation for require_membership_of of pam_winbind.conf
       via  76d466f579f docs: Fix documentation for require_membership_of of pam_winbind
       via  482246b997b lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
       via  d77eb1c1670 lib/debug: assert file backend
       via  c557da03cfe lib:util: Fix smbclient -l basename dir
       via  1e53f8a6b26 Add a test for smbclient -l basename
       via  05a6a60a745 s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
       via  03eb7b7c0de lib/util: do not install "test_util_paths"
       via  b36dc13c1a0 selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
       via  f8d033dde43 selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
       via  e52f5199091 dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
       via  f0e3089a5a7 util: fix build on AIX by fixing the order of replace.h include
       via  1ffaeed5970 util: Reallocate larger buffer if getpwuid_r() returns ERANGE
       via  581b581700c util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
       via  cf319e099c1 util: Simplify input validation
       via  671e06eb496 s3: libsmb: Fix SMB2 client rename bug to a Windows server.
       via  7d407fa84ae VERSION: Bump version up to 4.11.12.
       via  fe2edeccab4 Merge tag 'samba-4.11.11' into v4-11-test
       via  08a51254198 VERSION: Bump version up to 4.11.11...
      from  c9fa9874747 VERSION: Disable GIT_SNAPSHOT for the 4.11.11 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       |  73 +++++-
 docs-xml/manpages/pam_winbind.8.xml                |   8 +-
 docs-xml/manpages/pam_winbind.conf.5.xml           |   9 +-
 lib/replace/wscript                                |   1 +
 lib/util/debug.c                                   |   6 +
 lib/util/tests/test_util.c                         | 234 ++++++++++++++++++
 lib/util/tests/test_util_paths.c                   |   2 +-
 lib/util/util.c                                    |  18 +-
 lib/util/util_paths.c                              |  47 +++-
 lib/util/wscript_build                             |   6 +
 python/samba/dbchecker.py                          |  24 +-
 .../tests/samba_tool/user_virtualCryptSHA_base.py  | 118 ++++++++++
 .../tests/samba_tool/user_virtualCryptSHA_gpg.py   | 261 +++++++++++++++++++++
 .../user_virtualCryptSHA_userPassword.py           | 185 +++++++++++++++
 selftest/quick                                     |   3 +
 selftest/target/Samba4.pm                          |  39 +++
 selftest/tests.py                                  |   2 +
 source3/libsmb/cli_smb2_fnum.c                     |  26 +-
 source3/locking/leases_db.c                        |  12 +-
 source3/locking/locking.c                          |   7 +-
 .../script/tests/test_smbclient_log_basename.sh    |  36 +++
 source3/selftest/tests.py                          |   3 +
 source3/smbd/open.c                                |  34 ++-
 source3/smbd/oplock.c                              |  59 +++--
 source3/smbd/proto.h                               |   4 +-
 source3/winbindd/idmap_ad.c                        |   8 +
 source4/dsdb/samdb/ldb_modules/password_hash.c     |  37 ++-
 source4/selftest/tests.py                          |   3 +-
 29 files changed, 1207 insertions(+), 60 deletions(-)
 create mode 100644 lib/util/tests/test_util.c
 create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_base.py
 create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
 create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
 create mode 100755 source3/script/tests/test_smbclient_log_basename.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 54f3b5842d6..78723f9b618 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b9a6ac2e537..80e5f32b1a0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,72 @@
+                   ===============================
+                   Release Notes for Samba 4.11.12
+                           August 25, 2020
+		   ===============================
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.11
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
+     to work on RHEL7.
+   * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14426: lib/debug: Set the correct default backend loglevel to
+     MAX_DEBUG_LEVEL.
+   * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o  Günther Deschner <gd at samba.org>
+   * BUG 14370: lib/util: do not install "test_util_paths".
+
+o  Amit Kumar <amitkuma at redhat.com>
+   * BUG 14345: lib:util: Fix smbclient -l basename dir.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o  Christof Schmitt <cs at samba.org>
+   * BUG 14166: util: Allow symlinks in directory_create_or_exist.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14358: docs: Fix documentation for require_membership_of of
+     pam_winbind.
+
+o  Andrew <awalker at ixsystems.com>
+   * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
+     mode fatal.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
                    ===============================
                    Release Notes for Samba 4.11.11
                             July 02, 2020
@@ -79,8 +148,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ===============================
                    Release Notes for Samba 4.11.10
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index a9a227f1647..a61fb2d58e5 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -84,9 +84,11 @@
 		If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
 		can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
 		SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
-		<parameter>MYDOMAIN\myuser</parameter>.  pam_winbind will, in that case, lookup the SID internally. Note that
-		NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
-		user is a member of with <command>wbinfo --user-sids=SID</command>.
+		<parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+		<parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+		<parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+		the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+		verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
 		</para>
 
 		<para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index 193a0dc971c..ea35d3f6245 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -69,9 +69,12 @@
 		If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
 		can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
 		SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
-		<parameter>MYDOMAIN\myuser</parameter>.  pam_winbind will, in that case, lookup the SID internally. Note that
-		NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
-		user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
+		<parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+		<parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+		<parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+		the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+		verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
+		This setting is empty by default.
 		</para>
 		<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
 		</listitem>
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 56e2a22de49..d5651f1bdc0 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -649,6 +649,7 @@ def configure(conf):
 
     conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True)
     conf.CHECK_FUNCS_IN('crypt_r', 'crypt', checklibc=True)
+    conf.CHECK_FUNCS_IN('crypt_rn', 'crypt', checklibc=True)
 
     conf.CHECK_VARIABLE('rl_event_hook', define='HAVE_DECL_RL_EVENT_HOOK', always=True,
                         headers='readline.h readline/readline.h readline/history.h')
diff --git a/lib/util/debug.c b/lib/util/debug.c
index c42022ec9bb..d8427c291da 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -30,6 +30,7 @@
 #include "util_strlist.h" /* LIST_SEP */
 #include "blocking.h"
 #include "debug.h"
+#include <assert.h>
 
 /* define what facility to use for syslog */
 #ifndef SYSLOG_FACILITY
@@ -1113,6 +1114,7 @@ static bool reopen_one_log(int *fd, const char *logfile)
 */
 bool reopen_logs_internal(void)
 {
+	struct debug_backend *b = NULL;
 	mode_t oldumask;
 	int new_fd = 0;
 	size_t i;
@@ -1141,6 +1143,10 @@ bool reopen_logs_internal(void)
 		return true;
 
 	case DEBUG_FILE:
+		b = debug_find_backend("file");
+		assert(b != NULL);
+
+		b->log_level = MAX_DEBUG_LEVEL;
 		break;
 	}
 
diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
new file mode 100644
index 00000000000..eebba39e70c
--- /dev/null
+++ b/lib/util/tests/test_util.c
@@ -0,0 +1,234 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Unit test for util.c
+ *
+ *  Copyright (C) Christof Schmitt 2020
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "lib/util/util.c"
+#include <cmocka.h>
+
+struct test_paths {
+	char testdir[PATH_MAX];
+	char none[PATH_MAX];
+	char dir[PATH_MAX];
+	mode_t dir_mode;
+	char file[PATH_MAX];
+	mode_t file_mode;
+	char symlink_none[PATH_MAX];
+	char symlink_dir[PATH_MAX];
+	char symlink_file[PATH_MAX];
+};
+
+static int group_setup(void **state)
+{
+	struct test_paths *paths = NULL;
+	char *testdir = NULL;
+	int ret, fd;
+
+	umask(0);
+
+	paths = malloc(sizeof(struct test_paths));
+	assert_non_null(paths);
+
+	strlcpy(paths->testdir, tmpdir(), sizeof(paths->testdir));
+	strlcat(paths->testdir, "/test_util_XXXXXX", sizeof(paths->testdir));
+	testdir = mkdtemp(paths->testdir);
+	assert_non_null(testdir);
+
+	strlcpy(paths->none, testdir, sizeof(paths->none));
+	strlcat(paths->none, "/none", sizeof(paths->none));
+
+	strlcpy(paths->dir, testdir, sizeof(paths->dir));
+	strlcat(paths->dir, "/dir", sizeof(paths->dir));
+	paths->dir_mode = 0750;
+	ret = mkdir(paths->dir, paths->dir_mode);
+	assert_return_code(ret, errno);
+
+	strlcpy(paths->file, testdir, sizeof(paths->file));
+	strlcat(paths->file, "/file", sizeof(paths->file));
+	paths->file_mode = 0640;
+	fd = creat(paths->file, paths->file_mode);
+	assert_return_code(fd, errno);
+	ret = close(fd);
+	assert_return_code(ret, errno);
+
+	strlcpy(paths->symlink_none, testdir, sizeof(paths->symlink_none));
+	strlcat(paths->symlink_none, "/symlink_none",
+		sizeof(paths->symlink_none));
+	ret = symlink("/none", paths->symlink_none);
+	assert_return_code(ret, errno);
+
+	strlcpy(paths->symlink_dir, testdir, sizeof(paths->symlink_dir));
+	strlcat(paths->symlink_dir, "/symlink_dir", sizeof(paths->symlink_dir));
+	ret = symlink(paths->dir, paths->symlink_dir);
+	assert_return_code(ret, errno);
+
+	strlcpy(paths->symlink_file, testdir, sizeof(paths->symlink_file));
+	strlcat(paths->symlink_file, "/symlink_file",
+		sizeof(paths->symlink_file));
+	ret = symlink(paths->file, paths->symlink_file);
+	assert_return_code(ret, errno);
+
+	*state = paths;
+
+	return 0;
+}
+
+static int group_teardown(void **state)
+{
+	struct test_paths *paths = *state;
+	int ret;
+
+	return 0;
+
+	ret = rmdir(paths->dir);
+	assert_return_code(ret, errno);
+
+	ret = unlink(paths->file);
+	assert_return_code(ret, errno);
+
+	ret = unlink(paths->symlink_none);
+	assert_return_code(ret, errno);
+
+	ret = unlink(paths->symlink_dir);
+	assert_return_code(ret, errno);
+
+	ret = unlink(paths->symlink_file);
+	assert_return_code(ret, errno);
+
+	ret = unlink(paths->testdir);
+	assert_return_code(ret, errno);
+
+	free(paths);
+	return 0;
+}
+
+static void test_directory_create_or_exists_none(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->none, 0775);
+	assert_true(b);
+
+	ret = lstat(paths->none, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, 0775);
+	assert_true(S_ISDIR(sbuf.st_mode));
+
+	ret = rmdir(paths->none);
+	assert_return_code(ret, errno);
+}
+
+static void test_directory_create_or_exists_dir(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->dir, 770);
+	assert_true(b);
+
+	ret = lstat(paths->dir, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, paths->dir_mode);
+	assert_true(S_ISDIR(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_file(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->file, 770);
+	assert_false(b);
+
+	ret = lstat(paths->file, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, paths->file_mode);
+	assert_true(S_ISREG(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_none(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->symlink_none, 770);
+	assert_false(b);
+
+	ret = lstat(paths->symlink_none, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, 0777);
+	assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_dir(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->symlink_dir, 770);
+	assert_true(b);
+
+	ret = lstat(paths->symlink_dir, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, 0777);
+	assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_file(void **state)
+{
+	struct test_paths *paths = *state;
+	bool b;
+	struct stat sbuf;
+	int ret;
+
+	b = directory_create_or_exist(paths->symlink_file, 770);
+	assert_false(b);
+
+	ret = lstat(paths->symlink_file, &sbuf);
+	assert_return_code(ret, errno);
+	assert_int_equal(sbuf.st_mode & 0777, 0777);
+	assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+int main(int argc, char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_directory_create_or_exists_none),
+		cmocka_unit_test(test_directory_create_or_exists_dir),
+		cmocka_unit_test(test_directory_create_or_exists_file),
+		cmocka_unit_test(test_directory_create_or_exists_symlink_none),
+		cmocka_unit_test(test_directory_create_or_exists_symlink_dir),
+		cmocka_unit_test(test_directory_create_or_exists_symlink_file),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+	return cmocka_run_group_tests(tests, group_setup, group_teardown);
+}
diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
index b89abf0aea1..4dfe11c1445 100644
--- a/lib/util/tests/test_util_paths.c
+++ b/lib/util/tests/test_util_paths.c
@@ -23,9 +23,9 @@
 #include <setjmp.h>
 #include <cmocka.h>
 
+#include "lib/replace/replace.h"
 #include <talloc.h>
 
-#include "lib/replace/replace.h"
 #include "lib/util/util_paths.c"
 
 static int setup(void **state)
diff --git a/lib/util/util.c b/lib/util/util.c
index 0d9ffe5cb7b..52fc61a3e81 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -339,6 +339,7 @@ _PUBLIC_ bool directory_exist(const char *dname)
 
 /**
  * Try to create the specified directory if it didn't exist.
+ * A symlink to a directory is also accepted as a valid existing directory.
  *
  * @retval true if the directory already existed
  * or was successfully created.
@@ -372,9 +373,22 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
 			return false;
 		}
 
-		if (!S_ISDIR(sbuf.st_mode)) {
-			return false;
+		if (S_ISDIR(sbuf.st_mode)) {
+			return true;
 		}
+
+		if (S_ISLNK(sbuf.st_mode)) {
+			ret = stat(dname, &sbuf);
+			if (ret != 0) {
+				return false;
+			}
+
+			if (S_ISDIR(sbuf.st_mode)) {
+				return true;
+			}
+		}
+
+		return false;
 	}
 
 	return true;
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..72cc0aab8de 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -68,25 +68,54 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
 {
 	struct passwd pwd = {0};
 	struct passwd *pwdbuf = NULL;
-	char buf[NSS_BUFLEN_PASSWD] = {0};
+	char *buf = NULL;
+	char *out = NULL;
+	long int initlen;
+	size_t len;
 	int rc;
 
-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+	initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	if (initlen == -1) {
+		len = 1024;
+	} else {
+		len = (size_t)initlen;
+	}
+	buf = talloc_size(mem_ctx, len);
+	if (buf == NULL) {
+		return NULL;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list