[SCM] Samba Shared Repository - branch v4-11-stable updated
Karolin Seeger
kseeger at samba.org
Tue Aug 25 07:51:54 UTC 2020
The branch, v4-11-stable has been updated
via 1bd81cac381 VERSION: Disable GIT_SNAPSHOT for the 4.11.12 release.
via f1636226f12 WHATSNEW: Add release notes for Samba 4.11.12.
via 684d4d70391 util: Add cmocka unit test for directory_create_or_exists
via 2d5e88dc84b util: Allow symlinks in directory_create_or_exist
via bb08c9b1f08 dbcheck: Allow a dangling forward link outside our known NCs
via b3d08729d1b s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
via 7a431cb5b5c s3:leases: log errors with level 0 in leases_db_do_locked_fn()
via eb14d8850f8 smbd: check for stale pid in get_lease_type()
via 37e41647813 smbd: let get_lease_type() take a non-const share_mode_entry
via fc4f7104690 smbd: inverse if/else logic in get_lease_type()
via 4d5312be999 s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
via 58bc493c779 smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
via c8507d0af5c docs: Fix documentation for require_membership_of of pam_winbind.conf
via 76d466f579f docs: Fix documentation for require_membership_of of pam_winbind
via 482246b997b lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
via d77eb1c1670 lib/debug: assert file backend
via c557da03cfe lib:util: Fix smbclient -l basename dir
via 1e53f8a6b26 Add a test for smbclient -l basename
via 05a6a60a745 s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
via 03eb7b7c0de lib/util: do not install "test_util_paths"
via b36dc13c1a0 selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
via f8d033dde43 selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
via e52f5199091 dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
via f0e3089a5a7 util: fix build on AIX by fixing the order of replace.h include
via 1ffaeed5970 util: Reallocate larger buffer if getpwuid_r() returns ERANGE
via 581b581700c util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
via cf319e099c1 util: Simplify input validation
via 671e06eb496 s3: libsmb: Fix SMB2 client rename bug to a Windows server.
via 7d407fa84ae VERSION: Bump version up to 4.11.12.
via fe2edeccab4 Merge tag 'samba-4.11.11' into v4-11-test
via 08a51254198 VERSION: Bump version up to 4.11.11...
from c9fa9874747 VERSION: Disable GIT_SNAPSHOT for the 4.11.11 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 73 +++++-
docs-xml/manpages/pam_winbind.8.xml | 8 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 9 +-
lib/replace/wscript | 1 +
lib/util/debug.c | 6 +
lib/util/tests/test_util.c | 234 ++++++++++++++++++
lib/util/tests/test_util_paths.c | 2 +-
lib/util/util.c | 18 +-
lib/util/util_paths.c | 47 +++-
lib/util/wscript_build | 6 +
python/samba/dbchecker.py | 24 +-
.../tests/samba_tool/user_virtualCryptSHA_base.py | 118 ++++++++++
.../tests/samba_tool/user_virtualCryptSHA_gpg.py | 261 +++++++++++++++++++++
.../user_virtualCryptSHA_userPassword.py | 185 +++++++++++++++
selftest/quick | 3 +
selftest/target/Samba4.pm | 39 +++
selftest/tests.py | 2 +
source3/libsmb/cli_smb2_fnum.c | 26 +-
source3/locking/leases_db.c | 12 +-
source3/locking/locking.c | 7 +-
.../script/tests/test_smbclient_log_basename.sh | 36 +++
source3/selftest/tests.py | 3 +
source3/smbd/open.c | 34 ++-
source3/smbd/oplock.c | 59 +++--
source3/smbd/proto.h | 4 +-
source3/winbindd/idmap_ad.c | 8 +
source4/dsdb/samdb/ldb_modules/password_hash.c | 37 ++-
source4/selftest/tests.py | 3 +-
29 files changed, 1207 insertions(+), 60 deletions(-)
create mode 100644 lib/util/tests/test_util.c
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_base.py
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
create mode 100755 source3/script/tests/test_smbclient_log_basename.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 54f3b5842d6..78723f9b618 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b9a6ac2e537..80e5f32b1a0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,72 @@
+ ===============================
+ Release Notes for Samba 4.11.12
+ August 25, 2020
+ ===============================
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.11
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
+ to work on RHEL7.
+ * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14426: lib/debug: Set the correct default backend loglevel to
+ MAX_DEBUG_LEVEL.
+ * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o Günther Deschner <gd at samba.org>
+ * BUG 14370: lib/util: do not install "test_util_paths".
+
+o Amit Kumar <amitkuma at redhat.com>
+ * BUG 14345: lib:util: Fix smbclient -l basename dir.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 14166: util: Allow symlinks in directory_create_or_exist.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14358: docs: Fix documentation for require_membership_of of
+ pam_winbind.
+
+o Andrew <awalker at ixsystems.com>
+ * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
+ mode fatal.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
===============================
Release Notes for Samba 4.11.11
July 02, 2020
@@ -79,8 +148,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
===============================
Release Notes for Samba 4.11.10
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index a9a227f1647..a61fb2d58e5 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -84,9 +84,11 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
</para>
<para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index 193a0dc971c..ea35d3f6245 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -69,9 +69,12 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
+ This setting is empty by default.
</para>
<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
</listitem>
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 56e2a22de49..d5651f1bdc0 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -649,6 +649,7 @@ def configure(conf):
conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True)
conf.CHECK_FUNCS_IN('crypt_r', 'crypt', checklibc=True)
+ conf.CHECK_FUNCS_IN('crypt_rn', 'crypt', checklibc=True)
conf.CHECK_VARIABLE('rl_event_hook', define='HAVE_DECL_RL_EVENT_HOOK', always=True,
headers='readline.h readline/readline.h readline/history.h')
diff --git a/lib/util/debug.c b/lib/util/debug.c
index c42022ec9bb..d8427c291da 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -30,6 +30,7 @@
#include "util_strlist.h" /* LIST_SEP */
#include "blocking.h"
#include "debug.h"
+#include <assert.h>
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
@@ -1113,6 +1114,7 @@ static bool reopen_one_log(int *fd, const char *logfile)
*/
bool reopen_logs_internal(void)
{
+ struct debug_backend *b = NULL;
mode_t oldumask;
int new_fd = 0;
size_t i;
@@ -1141,6 +1143,10 @@ bool reopen_logs_internal(void)
return true;
case DEBUG_FILE:
+ b = debug_find_backend("file");
+ assert(b != NULL);
+
+ b->log_level = MAX_DEBUG_LEVEL;
break;
}
diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
new file mode 100644
index 00000000000..eebba39e70c
--- /dev/null
+++ b/lib/util/tests/test_util.c
@@ -0,0 +1,234 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Unit test for util.c
+ *
+ * Copyright (C) Christof Schmitt 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "lib/util/util.c"
+#include <cmocka.h>
+
+struct test_paths {
+ char testdir[PATH_MAX];
+ char none[PATH_MAX];
+ char dir[PATH_MAX];
+ mode_t dir_mode;
+ char file[PATH_MAX];
+ mode_t file_mode;
+ char symlink_none[PATH_MAX];
+ char symlink_dir[PATH_MAX];
+ char symlink_file[PATH_MAX];
+};
+
+static int group_setup(void **state)
+{
+ struct test_paths *paths = NULL;
+ char *testdir = NULL;
+ int ret, fd;
+
+ umask(0);
+
+ paths = malloc(sizeof(struct test_paths));
+ assert_non_null(paths);
+
+ strlcpy(paths->testdir, tmpdir(), sizeof(paths->testdir));
+ strlcat(paths->testdir, "/test_util_XXXXXX", sizeof(paths->testdir));
+ testdir = mkdtemp(paths->testdir);
+ assert_non_null(testdir);
+
+ strlcpy(paths->none, testdir, sizeof(paths->none));
+ strlcat(paths->none, "/none", sizeof(paths->none));
+
+ strlcpy(paths->dir, testdir, sizeof(paths->dir));
+ strlcat(paths->dir, "/dir", sizeof(paths->dir));
+ paths->dir_mode = 0750;
+ ret = mkdir(paths->dir, paths->dir_mode);
+ assert_return_code(ret, errno);
+
+ strlcpy(paths->file, testdir, sizeof(paths->file));
+ strlcat(paths->file, "/file", sizeof(paths->file));
+ paths->file_mode = 0640;
+ fd = creat(paths->file, paths->file_mode);
+ assert_return_code(fd, errno);
+ ret = close(fd);
+ assert_return_code(ret, errno);
+
+ strlcpy(paths->symlink_none, testdir, sizeof(paths->symlink_none));
+ strlcat(paths->symlink_none, "/symlink_none",
+ sizeof(paths->symlink_none));
+ ret = symlink("/none", paths->symlink_none);
+ assert_return_code(ret, errno);
+
+ strlcpy(paths->symlink_dir, testdir, sizeof(paths->symlink_dir));
+ strlcat(paths->symlink_dir, "/symlink_dir", sizeof(paths->symlink_dir));
+ ret = symlink(paths->dir, paths->symlink_dir);
+ assert_return_code(ret, errno);
+
+ strlcpy(paths->symlink_file, testdir, sizeof(paths->symlink_file));
+ strlcat(paths->symlink_file, "/symlink_file",
+ sizeof(paths->symlink_file));
+ ret = symlink(paths->file, paths->symlink_file);
+ assert_return_code(ret, errno);
+
+ *state = paths;
+
+ return 0;
+}
+
+static int group_teardown(void **state)
+{
+ struct test_paths *paths = *state;
+ int ret;
+
+ return 0;
+
+ ret = rmdir(paths->dir);
+ assert_return_code(ret, errno);
+
+ ret = unlink(paths->file);
+ assert_return_code(ret, errno);
+
+ ret = unlink(paths->symlink_none);
+ assert_return_code(ret, errno);
+
+ ret = unlink(paths->symlink_dir);
+ assert_return_code(ret, errno);
+
+ ret = unlink(paths->symlink_file);
+ assert_return_code(ret, errno);
+
+ ret = unlink(paths->testdir);
+ assert_return_code(ret, errno);
+
+ free(paths);
+ return 0;
+}
+
+static void test_directory_create_or_exists_none(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->none, 0775);
+ assert_true(b);
+
+ ret = lstat(paths->none, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, 0775);
+ assert_true(S_ISDIR(sbuf.st_mode));
+
+ ret = rmdir(paths->none);
+ assert_return_code(ret, errno);
+}
+
+static void test_directory_create_or_exists_dir(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->dir, 770);
+ assert_true(b);
+
+ ret = lstat(paths->dir, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, paths->dir_mode);
+ assert_true(S_ISDIR(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_file(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->file, 770);
+ assert_false(b);
+
+ ret = lstat(paths->file, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, paths->file_mode);
+ assert_true(S_ISREG(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_none(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->symlink_none, 770);
+ assert_false(b);
+
+ ret = lstat(paths->symlink_none, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, 0777);
+ assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_dir(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->symlink_dir, 770);
+ assert_true(b);
+
+ ret = lstat(paths->symlink_dir, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, 0777);
+ assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+static void test_directory_create_or_exists_symlink_file(void **state)
+{
+ struct test_paths *paths = *state;
+ bool b;
+ struct stat sbuf;
+ int ret;
+
+ b = directory_create_or_exist(paths->symlink_file, 770);
+ assert_false(b);
+
+ ret = lstat(paths->symlink_file, &sbuf);
+ assert_return_code(ret, errno);
+ assert_int_equal(sbuf.st_mode & 0777, 0777);
+ assert_true(S_ISLNK(sbuf.st_mode));
+}
+
+int main(int argc, char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_directory_create_or_exists_none),
+ cmocka_unit_test(test_directory_create_or_exists_dir),
+ cmocka_unit_test(test_directory_create_or_exists_file),
+ cmocka_unit_test(test_directory_create_or_exists_symlink_none),
+ cmocka_unit_test(test_directory_create_or_exists_symlink_dir),
+ cmocka_unit_test(test_directory_create_or_exists_symlink_file),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ return cmocka_run_group_tests(tests, group_setup, group_teardown);
+}
diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
index b89abf0aea1..4dfe11c1445 100644
--- a/lib/util/tests/test_util_paths.c
+++ b/lib/util/tests/test_util_paths.c
@@ -23,9 +23,9 @@
#include <setjmp.h>
#include <cmocka.h>
+#include "lib/replace/replace.h"
#include <talloc.h>
-#include "lib/replace/replace.h"
#include "lib/util/util_paths.c"
static int setup(void **state)
diff --git a/lib/util/util.c b/lib/util/util.c
index 0d9ffe5cb7b..52fc61a3e81 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -339,6 +339,7 @@ _PUBLIC_ bool directory_exist(const char *dname)
/**
* Try to create the specified directory if it didn't exist.
+ * A symlink to a directory is also accepted as a valid existing directory.
*
* @retval true if the directory already existed
* or was successfully created.
@@ -372,9 +373,22 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
return false;
}
- if (!S_ISDIR(sbuf.st_mode)) {
- return false;
+ if (S_ISDIR(sbuf.st_mode)) {
+ return true;
}
+
+ if (S_ISLNK(sbuf.st_mode)) {
+ ret = stat(dname, &sbuf);
+ if (ret != 0) {
+ return false;
+ }
+
+ if (S_ISDIR(sbuf.st_mode)) {
+ return true;
+ }
+ }
+
+ return false;
}
return true;
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..72cc0aab8de 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -68,25 +68,54 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
{
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
- char buf[NSS_BUFLEN_PASSWD] = {0};
+ char *buf = NULL;
+ char *out = NULL;
+ long int initlen;
+ size_t len;
int rc;
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (initlen == -1) {
+ len = 1024;
+ } else {
+ len = (size_t)initlen;
+ }
+ buf = talloc_size(mem_ctx, len);
+ if (buf == NULL) {
+ return NULL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list