[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Nov 26 08:17:03 UTC 2020
The branch, master has been updated
via 53274d11488 samba_upgradedns: Do not print confusing logs about missing .zone files
via a31891c7424 Test password removal via python proctitle
via 9ec698954d5 Remove password from samba-tool proctitle
via d49e96bc45e Do not create an empty DB when accessing a sam.ldb
via f226bea5de8 torture: Do not call destroy_dlz() on uninitialised memory
via 6718b5e6d05 waf: upgrade to 2.0.21
via 5ef3b6deba4 s3:lib: Check return code of set_blocking()
via c79b3e2e8a7 s3:smbd: Check return code of set_blocking()
via 8d5d968ddef libcli:smb: Check return code of set_blocking
via 7fa75b69933 s3:winbind: Check return code of set_blocking()
via 17a72ab531e s3:smbd: Fix a possible null pointer deref in oplock code
via 15609cb9198 samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free
from 53c39a26197 s3: smbd: Fix misleading comment I added for commit 382a5c4e7ec08ec9291453ffad9541ab36aca274
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 53274d114884d85959f268ca89b561ef0c102bf7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 24 10:15:43 2020 +1300
samba_upgradedns: Do not print confusing logs about missing .zone files
samba_upgradedns prints confusing logs about upgrading zone files
and automatically creating DNS zones when the zone already exists.
We need to move the logging to later when we know we what we are
using the parsed information for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14580
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Nov 26 08:16:04 UTC 2020 on sn-devel-184
commit a31891c7424f22a970c91611e7beb1fa6ee75c49
Author: David Mulder <dmulder at suse.com>
Date: Fri Nov 8 20:06:53 2019 +0000
Test password removal via python proctitle
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ec698954d54ddf5ea38439ab335b14181bed34a
Author: Heiko Baumann <baumann at hs-koblenz.de>
Date: Tue Sep 3 14:30:18 2019 +0200
Remove password from samba-tool proctitle
This fix makes sure the password is removed from the proctitle
of samba-tool so it cannot be exposed by e.g. ps(1).
- Moved code to python/samba/getopt.py as suggested by David Mulder
- Except ModuleNotFoundError when trying to load setproctitle module
- Improved code to keep option separator (space or equal sign) while
removing password from proctitle.
Signed-off-by: Heiko Baumann <heibau at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
commit d49e96bc45ea5e2d3364242dad36fe9094b7cc42
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 23 19:35:37 2020 +1300
Do not create an empty DB when accessing a sam.ldb
Samba already does this for samba-tool and doing this should make
our errors more sensible, particularly in BIND9 if not provisioned
with the correct --dns-backend=DLZ_BIND9
The old error was like:
named[62954]: samba_dlz: Unable to get basedn for
/var/lib/samba/private/dns/sam.ldb
- NULL Base DN invalid for a base search.
The new error will be like (in this case from the torture test):
Failed to connect to Failed to connect to
ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb:
Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb':
No such file or directory: Operations error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit f226bea5de892e3dbda3c0737edf054399ec0104
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 23 20:27:51 2020 +1300
torture: Do not call destroy_dlz() on uninitialised memory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 6718b5e6d059e5668fc538be802ebd9fbe5ce9af
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 25 16:29:06 2020 +0100
waf: upgrade to 2.0.21
This commit message was wrong:
commit 5fc3a71d0f54b176d3cb2e399718d0468507e797
Author: David Mulder <dmulder at suse.com>
Date: Mon Aug 24 13:12:46 2020 -0600
waf: upgrade to 2.0.20
This contain an important change:
"Fix gccdeps.scan() returning nodes that no longer exist on disk."
https://gitlab.com/ita1024/waf/-/merge_requests/2293
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
The fix was in in waf master, but not included in 2.0.20,
but it's now included in 2.0.21.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5ef3b6deba421b55b4d84c333e3316d9d024df14
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 24 17:42:24 2020 +0100
s3:lib: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c79b3e2e8a77401a094e6c2de3a3182573c6a9fd
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 24 17:40:33 2020 +0100
s3:smbd: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8d5d968ddef50831ea8e210986b01d5dd1630ffd
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 24 17:35:26 2020 +0100
libcli:smb: Check return code of set_blocking
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7fa75b699335cb7832d412315ba8a3cdfc29debc
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 24 17:33:26 2020 +0100
s3:winbind: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 17a72ab531e6fde04132448b2b7259aca33d3456
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 24 16:57:12 2020 +0100
s3:smbd: Fix a possible null pointer deref in oplock code
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 15609cb91986b3e29c5b1a3b6c69c04829f43eb4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Nov 18 12:11:10 2020 +1300
samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free
Otherwise the administrator might only find there is a problem once they
attempt to restore the domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 2 +-
bootstrap/config.py | 2 +
bootstrap/generated-dists/centos7/bootstrap.sh | 1 +
bootstrap/generated-dists/centos7/packages.yml | 1 +
bootstrap/generated-dists/centos8/bootstrap.sh | 1 +
bootstrap/generated-dists/centos8/packages.yml | 1 +
bootstrap/generated-dists/debian10/bootstrap.sh | 1 +
bootstrap/generated-dists/debian10/packages.yml | 1 +
bootstrap/generated-dists/fedora32/bootstrap.sh | 1 +
bootstrap/generated-dists/fedora32/packages.yml | 1 +
bootstrap/generated-dists/fedora33/bootstrap.sh | 1 +
bootstrap/generated-dists/fedora33/packages.yml | 1 +
bootstrap/generated-dists/opensuse151/bootstrap.sh | 1 +
bootstrap/generated-dists/opensuse151/packages.yml | 1 +
bootstrap/generated-dists/opensuse152/bootstrap.sh | 1 +
bootstrap/generated-dists/opensuse152/packages.yml | 1 +
bootstrap/generated-dists/ubuntu1604/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu1604/packages.yml | 1 +
bootstrap/generated-dists/ubuntu1804/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu1804/packages.yml | 1 +
bootstrap/generated-dists/ubuntu2004/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu2004/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
buildtools/bin/waf | 2 +-
buildtools/wafsamba/wafsamba.py | 2 +-
libcli/smb/smbXcli_base.c | 5 ++-
python/samba/getopt.py | 48 +++++++++++++++++++++
python/samba/netcmd/domain_backup.py | 26 +++++++++++
python/samba/tests/cred_opt.py | 50 ++++++++++++++++++++++
selftest/tests.py | 1 +
source3/lib/server_prefork.c | 6 ++-
source3/smbd/oplock.c | 3 +-
source3/smbd/smb2_server.c | 8 +++-
source3/winbindd/winbindd_dual.c | 11 ++++-
source4/dsdb/samdb/samdb.c | 3 ++
source4/scripting/bin/samba_upgradedns | 7 +--
source4/torture/dns/dlz_bind9.c | 18 ++++++--
third_party/waf/waflib/Build.py | 6 ++-
third_party/waf/waflib/Context.py | 8 ++--
third_party/waf/waflib/Tools/asm.py | 5 +--
third_party/waf/waflib/Tools/c_config.py | 1 +
third_party/waf/waflib/Tools/msvc.py | 8 +++-
third_party/waf/waflib/Tools/qt5.py | 26 ++++++++---
third_party/waf/waflib/Tools/waf_unit_test.py | 10 ++++-
third_party/waf/waflib/extras/boost.py | 5 ++-
third_party/waf/waflib/extras/c_dumbpreproc.py | 2 +-
third_party/waf/waflib/extras/doxygen.py | 4 +-
third_party/waf/waflib/extras/file_to_object.py | 9 +++-
third_party/waf/waflib/extras/gccdeps.py | 21 +++++++--
third_party/waf/waflib/extras/msvcdeps.py | 27 +++++++++---
third_party/waf/waflib/extras/pch.py | 4 +-
third_party/waf/waflib/extras/sphinx.py | 40 +++++++++++++----
third_party/waf/waflib/extras/wafcache.py | 46 +++++++++++++++-----
third_party/waf/waflib/extras/xcode6.py | 18 ++++----
54 files changed, 377 insertions(+), 79 deletions(-)
create mode 100644 python/samba/tests/cred_opt.py
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d65f4d2b769..accaced66a0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -32,7 +32,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: d4867986881a9601c4620baf9a3bf28f5d1d1343
+ SAMBA_CI_CONTAINER_TAG: 42ecbfbf716fa85ce251a955de72a92af26fc7b2
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/bootstrap/config.py b/bootstrap/config.py
index ecbc614f056..982ebae1cd1 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -141,6 +141,7 @@ PKGS = [
('python3-dnspython', 'python3-dns'),
('python3-pexpect', ''), # for wintest only
('python3-pyasn1', 'python3-pyasn1'), # for krb5 tests
+ ('python3-setproctitle', 'python3-setproctitle'),
('', 'libsemanage-python'),
('', 'policycoreutils-python'),
@@ -451,6 +452,7 @@ RPM_DISTS = {
'libcephfs-devel': '',
'gnutls-devel': 'compat-gnutls34-devel',
'liburing-devel': '', # not available
+ 'python3-setproctitle': 'python36-setproctitle',
}
},
'centos8': {
diff --git a/bootstrap/generated-dists/centos7/bootstrap.sh b/bootstrap/generated-dists/centos7/bootstrap.sh
index 63746e248bc..7a6659d8e9a 100755
--- a/bootstrap/generated-dists/centos7/bootstrap.sh
+++ b/bootstrap/generated-dists/centos7/bootstrap.sh
@@ -91,6 +91,7 @@ yum install -y \
python36-iso8601 \
python36-markdown \
python36-pyasn1 \
+ python36-setproctitle \
quota-devel \
readline-devel \
redhat-lsb \
diff --git a/bootstrap/generated-dists/centos7/packages.yml b/bootstrap/generated-dists/centos7/packages.yml
index 7fb9b811397..ef6bbf82670 100644
--- a/bootstrap/generated-dists/centos7/packages.yml
+++ b/bootstrap/generated-dists/centos7/packages.yml
@@ -77,6 +77,7 @@ packages:
- python36-iso8601
- python36-markdown
- python36-pyasn1
+ - python36-setproctitle
- quota-devel
- readline-devel
- redhat-lsb
diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh
index 342188e7fe5..e5167a2b561 100755
--- a/bootstrap/generated-dists/centos8/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8/bootstrap.sh
@@ -98,6 +98,7 @@ yum install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-setproctitle \
quota-devel \
readline-devel \
redhat-lsb \
diff --git a/bootstrap/generated-dists/centos8/packages.yml b/bootstrap/generated-dists/centos8/packages.yml
index d82a80e6957..4e45f1c15e1 100644
--- a/bootstrap/generated-dists/centos8/packages.yml
+++ b/bootstrap/generated-dists/centos8/packages.yml
@@ -80,6 +80,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-setproctitle
- quota-devel
- readline-devel
- redhat-lsb
diff --git a/bootstrap/generated-dists/debian10/bootstrap.sh b/bootstrap/generated-dists/debian10/bootstrap.sh
index 94f85473811..0bf5f6b50d2 100755
--- a/bootstrap/generated-dists/debian10/bootstrap.sh
+++ b/bootstrap/generated-dists/debian10/bootstrap.sh
@@ -92,6 +92,7 @@ apt-get -y install \
python3-matplotlib \
python3-pexpect \
python3-pyasn1 \
+ python3-setproctitle \
rng-tools \
rsync \
sed \
diff --git a/bootstrap/generated-dists/debian10/packages.yml b/bootstrap/generated-dists/debian10/packages.yml
index ff45afedf93..f302831ee9a 100644
--- a/bootstrap/generated-dists/debian10/packages.yml
+++ b/bootstrap/generated-dists/debian10/packages.yml
@@ -81,6 +81,7 @@ packages:
- python3-matplotlib
- python3-pexpect
- python3-pyasn1
+ - python3-setproctitle
- rng-tools
- rsync
- sed
diff --git a/bootstrap/generated-dists/fedora32/bootstrap.sh b/bootstrap/generated-dists/fedora32/bootstrap.sh
index 18fbfefedbc..1a585d2f133 100755
--- a/bootstrap/generated-dists/fedora32/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora32/bootstrap.sh
@@ -94,6 +94,7 @@ dnf install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-setproctitle \
quota-devel \
readline-devel \
redhat-lsb \
diff --git a/bootstrap/generated-dists/fedora32/packages.yml b/bootstrap/generated-dists/fedora32/packages.yml
index 6cb2ce3841f..ee3a0a6d2ff 100644
--- a/bootstrap/generated-dists/fedora32/packages.yml
+++ b/bootstrap/generated-dists/fedora32/packages.yml
@@ -83,6 +83,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-setproctitle
- quota-devel
- readline-devel
- redhat-lsb
diff --git a/bootstrap/generated-dists/fedora33/bootstrap.sh b/bootstrap/generated-dists/fedora33/bootstrap.sh
index d7e77eab255..fce2626eaee 100755
--- a/bootstrap/generated-dists/fedora33/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora33/bootstrap.sh
@@ -95,6 +95,7 @@ dnf install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-setproctitle \
quota-devel \
readline-devel \
redhat-lsb \
diff --git a/bootstrap/generated-dists/fedora33/packages.yml b/bootstrap/generated-dists/fedora33/packages.yml
index 98c362181d9..9fb68c1c539 100644
--- a/bootstrap/generated-dists/fedora33/packages.yml
+++ b/bootstrap/generated-dists/fedora33/packages.yml
@@ -84,6 +84,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-setproctitle
- quota-devel
- readline-devel
- redhat-lsb
diff --git a/bootstrap/generated-dists/opensuse151/bootstrap.sh b/bootstrap/generated-dists/opensuse151/bootstrap.sh
index 33c8aeb4021..df136a64ae8 100755
--- a/bootstrap/generated-dists/opensuse151/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse151/bootstrap.sh
@@ -88,6 +88,7 @@ zypper --non-interactive install \
python3-gpg \
python3-iso8601 \
python3-pyasn1 \
+ python3-setproctitle \
readline-devel \
rng-tools \
rpcgen \
diff --git a/bootstrap/generated-dists/opensuse151/packages.yml b/bootstrap/generated-dists/opensuse151/packages.yml
index 5e7b1a11d7a..9f224e86c36 100644
--- a/bootstrap/generated-dists/opensuse151/packages.yml
+++ b/bootstrap/generated-dists/opensuse151/packages.yml
@@ -76,6 +76,7 @@ packages:
- python3-gpg
- python3-iso8601
- python3-pyasn1
+ - python3-setproctitle
- readline-devel
- rng-tools
- rpcgen
diff --git a/bootstrap/generated-dists/opensuse152/bootstrap.sh b/bootstrap/generated-dists/opensuse152/bootstrap.sh
index e2d23c7b216..ab9b2e52370 100755
--- a/bootstrap/generated-dists/opensuse152/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse152/bootstrap.sh
@@ -90,6 +90,7 @@ zypper --non-interactive install \
python3-gpg \
python3-iso8601 \
python3-pyasn1 \
+ python3-setproctitle \
readline-devel \
rng-tools \
rpcgen \
diff --git a/bootstrap/generated-dists/opensuse152/packages.yml b/bootstrap/generated-dists/opensuse152/packages.yml
index f68b06394a9..8a65ed8c688 100644
--- a/bootstrap/generated-dists/opensuse152/packages.yml
+++ b/bootstrap/generated-dists/opensuse152/packages.yml
@@ -78,6 +78,7 @@ packages:
- python3-gpg
- python3-iso8601
- python3-pyasn1
+ - python3-setproctitle
- readline-devel
- rng-tools
- rpcgen
diff --git a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
index ab66f088448..acb9d4a427c 100755
--- a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
@@ -91,6 +91,7 @@ apt-get -y install \
python3-matplotlib \
python3-pexpect \
python3-pyasn1 \
+ python3-setproctitle \
rng-tools \
rsync \
sed \
diff --git a/bootstrap/generated-dists/ubuntu1604/packages.yml b/bootstrap/generated-dists/ubuntu1604/packages.yml
index d0a773558b4..33302f64a4b 100644
--- a/bootstrap/generated-dists/ubuntu1604/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1604/packages.yml
@@ -80,6 +80,7 @@ packages:
- python3-matplotlib
- python3-pexpect
- python3-pyasn1
+ - python3-setproctitle
- rng-tools
- rsync
- sed
diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
index 013f289d880..7f42512c2b8 100755
--- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
@@ -93,6 +93,7 @@ apt-get -y install \
python3-matplotlib \
python3-pexpect \
python3-pyasn1 \
+ python3-setproctitle \
rng-tools \
rsync \
sed \
diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml b/bootstrap/generated-dists/ubuntu1804/packages.yml
index 2ba03c496af..4711b7ce996 100644
--- a/bootstrap/generated-dists/ubuntu1804/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1804/packages.yml
@@ -82,6 +82,7 @@ packages:
- python3-matplotlib
- python3-pexpect
- python3-pyasn1
+ - python3-setproctitle
- rng-tools
- rsync
- sed
diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
index 013f289d880..7f42512c2b8 100755
--- a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
@@ -93,6 +93,7 @@ apt-get -y install \
python3-matplotlib \
python3-pexpect \
python3-pyasn1 \
+ python3-setproctitle \
rng-tools \
rsync \
sed \
diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml b/bootstrap/generated-dists/ubuntu2004/packages.yml
index 2ba03c496af..4711b7ce996 100644
--- a/bootstrap/generated-dists/ubuntu2004/packages.yml
+++ b/bootstrap/generated-dists/ubuntu2004/packages.yml
@@ -82,6 +82,7 @@ packages:
- python3-matplotlib
- python3-pexpect
- python3-pyasn1
+ - python3-setproctitle
- rng-tools
- rsync
- sed
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 816528d3b0e..46493c16eb0 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-d4867986881a9601c4620baf9a3bf28f5d1d1343
+42ecbfbf716fa85ce251a955de72a92af26fc7b2
diff --git a/buildtools/bin/waf b/buildtools/bin/waf
index feabe25d131..041450fc131 100755
--- a/buildtools/bin/waf
+++ b/buildtools/bin/waf
@@ -32,7 +32,7 @@ POSSIBILITY OF SUCH DAMAGE.
import os, sys, inspect
-VERSION="2.0.20"
+VERSION="2.0.21"
REVISION="x"
GIT="x"
INSTALL="x"
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 9dd6d05b91b..d1baa3b4940 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -38,7 +38,7 @@ LIB_PATH="shared"
os.environ['PYTHONUNBUFFERED'] = '1'
-if Context.HEXVERSION not in (0x2001400,):
+if Context.HEXVERSION not in (0x2001500,):
Logs.error('''
Please use the version of waf that comes with Samba, not
a system installed version. See http://wiki.samba.org/index.php/Waf
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 3e020faca3c..df80be6bf16 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -338,7 +338,10 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
return NULL;
}
- set_blocking(fd, false);
+ ret = set_blocking(fd, false);
+ if (ret < 0) {
+ goto error;
+ }
conn->sock_fd = fd;
conn->remote_name = talloc_strdup(conn, remote_name);
diff --git a/python/samba/getopt.py b/python/samba/getopt.py
index 63cd775605c..f693cde7b31 100644
--- a/python/samba/getopt.py
+++ b/python/samba/getopt.py
@@ -164,6 +164,53 @@ class CredentialsOptions(optparse.OptionGroup):
callback=self._set_krb5_ccache)
self.creds = Credentials()
+ def _ensure_secure_proctitle(self, opt_str, secret_data, data_type="password"):
+ """ Make sure no sensitive data (e.g. password) resides in proctitle. """
+ import re
+ try:
+ import setproctitle
+ except ModuleNotFoundError:
+ msg = ("WARNING: Using %s on command line is insecure. "
+ "Please install the setproctitle python module.\n"
+ % data_type)
+ sys.stderr.write(msg)
+ sys.stderr.flush()
+ return False
+ # Regex to search and replace secret data + option with.
+ # .*[ ]+ -> Before the option must be one or more spaces.
+ # [= ] -> The option and the secret data might be separated by space
+ # or equal sign.
+ # [ ]*.* -> After the secret data might be one, many or no space.
+ pass_opt_re_str = "(.*[ ]+)(%s[= ]%s)([ ]*.*)" % (opt_str, secret_data)
+ pass_opt_re = re.compile(pass_opt_re_str)
+ # Get current proctitle.
+ cur_proctitle = setproctitle.getproctitle()
+ # Make sure we build the correct regex.
+ if not pass_opt_re.match(cur_proctitle):
+ msg = ("Unable to hide %s in proctitle. This is most likely "
+ "a bug!\n" % data_type)
+ sys.stderr.write(msg)
+ sys.stderr.flush()
+ return False
+ # String to replace secret data with.
+ secret_data_replacer = "xxx"
+ # Build string to replace secret data and option with. And as we dont
+ # want to change anything else than the secret data within the proctitle
+ # we have to check if the option was passed with space or equal sign as
+ # separator.
+ opt_pass_with_eq = "%s=%s" % (opt_str, secret_data)
+ opt_pass_part = re.sub(pass_opt_re_str, r'\2', cur_proctitle)
+ if opt_pass_part == opt_pass_with_eq:
+ replace_str = "%s=%s" % (opt_str, secret_data_replacer)
+ else:
+ replace_str = "%s %s" % (opt_str, secret_data_replacer)
+ # Build new proctitle:
+ new_proctitle = re.sub(pass_opt_re_str,
+ r'\1' + replace_str + r'\3',
+ cur_proctitle)
+ # Set new proctitle.
+ setproctitle.setproctitle(new_proctitle)
+
def _add_option(self, *args1, **kwargs):
if self.special_name is None:
return self.add_option(*args1, **kwargs)
@@ -183,6 +230,7 @@ class CredentialsOptions(optparse.OptionGroup):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
+ self._ensure_secure_proctitle(opt_str, arg, "password")
self.creds.set_password(arg)
self.ask_for_password = False
self.machine_pass = False
diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 2977b071ec3..5a46ad13f0c 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -108,6 +108,32 @@ def get_sid_for_restore(samdb, logger):
# Construct full SID
sid = dom_sid(samdb.get_domain_sid())
+ sid_for_restore = str(sid) + '-' + str(rid)
+
+ # Confirm the SID is not already in use
+ try:
+ res = samdb.search(scope=ldb.SCOPE_BASE,
+ base='<SID=%s>' % sid_for_restore,
+ attrs=[],
+ controls=['show_deleted:1',
+ 'show_recycled:1'])
+ if len(res) != 1:
+ # This case makes no sense, but neither does a corrupt RID set
+ raise CommandError("Cannot create backup - "
+ "this DC's RID pool is corrupt, "
+ "the next SID (%s) appears to be in use." %
+ sid_for_restore)
+ raise CommandError("Cannot create backup - "
+ "this DC's RID pool is corrupt, "
+ "the next SID %s points to existing object %s. "
+ "Please run samba-tool dbcheck on the source DC." %
+ (sid_for_restore, res[0].dn))
+ except ldb.LdbError as e:
+ (enum, emsg) = e.args
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ # We want NO_SUCH_OBJECT, anything else is a serious issue
+ raise
+
return str(sid) + '-' + str(rid)
diff --git a/python/samba/tests/cred_opt.py b/python/samba/tests/cred_opt.py
new file mode 100644
index 00000000000..91ca68085b7
--- /dev/null
+++ b/python/samba/tests/cred_opt.py
@@ -0,0 +1,50 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) David Mulder <dmulder at suse.com> 2019
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests for cred option parsing.
+
+"""
+
+import optparse
+from samba.getopt import CredentialsOptions
+import samba.tests
+import setproctitle
+import sys
+
+password_opt = '--password=super_secret_password'
+clear_password_opt = '--password=xxx'
+
+class CredentialsOptionsTests(samba.tests.TestCase):
+
+ def setUp(self):
+ super(samba.tests.TestCase, self).setUp()
+ self.old_proctitle = setproctitle.getproctitle()
+ setproctitle.setproctitle('%s %s' % (self.old_proctitle, password_opt))
+ sys.argv.append(password_opt)
+
+ def test_clear_proctitle_password(self):
+ parser = optparse.OptionParser()
+ credopts = CredentialsOptions(parser)
+ parser.add_option_group(credopts)
+ (opts, args) = parser.parse_args()
+ self.assertNotIn(password_opt, setproctitle.getproctitle())
+ self.assertIn(clear_password_opt, setproctitle.getproctitle())
+
+ def tearDown(self):
+ super(samba.tests.TestCase, self).tearDown()
+ setproctitle.setproctitle(self.old_proctitle)
+ sys.argv.pop()
diff --git a/selftest/tests.py b/selftest/tests.py
index 9772fe8f8f1..381586eb868 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -65,6 +65,7 @@ planpythontestsuite("none", "samba.tests.credentials")
planpythontestsuite("none", "samba.tests.registry")
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.auth")
planpythontestsuite("none", "samba.tests.get_opt")
+planpythontestsuite("none", "samba.tests.cred_opt")
planpythontestsuite("none", "samba.tests.security")
planpythontestsuite("none", "samba.tests.dcerpc.misc")
planpythontestsuite("none", "samba.tests.dcerpc.integer")
diff --git a/source3/lib/server_prefork.c b/source3/lib/server_prefork.c
index d3fb8d1a8bc..d0cea7c30c0 100644
--- a/source3/lib/server_prefork.c
+++ b/source3/lib/server_prefork.c
@@ -84,7 +84,11 @@ bool prefork_create_pool(TALLOC_CTX *mem_ctx,
for (i = 0; i < listen_fd_size; i++) {
pfp->listen_fds[i] = listen_fds[i];
--
Samba Shared Repository
More information about the samba-cvs
mailing list