[SCM] Samba Shared Repository - branch v4-13-test updated
Karolin Seeger
kseeger at samba.org
Thu Sep 10 09:43:02 UTC 2020
The branch, v4-13-test has been updated
via a0c9e2e4907 s3:libads: Also add a realm entry for the domain name
via 41f9aef217f s3:libads: Only add RC4 if weak crypto is allowed
via 3e145fef4f9 s3:libads: Remove DES legacy types for Kerberos
via 88a31703a2d lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
via 191c2cd7b93 vfs_ring: Adapt to 4.13 VFS
via b29103ef46a Add vfs_ring.
from 99d555f772a VERSION: Bump version up to 4.13.0rc5...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit a0c9e2e49079f093baa26621a593d45d10ba69ed
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 13:49:33 2020 +0200
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator at DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
(cherry picked from commit 6444a743525532c70634e2dd4cacadce54ba2eab)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-13-test): Thu Sep 10 09:42:31 UTC 2020 on sn-devel-184
commit 41f9aef217fd67c2809b4a660a2bf8d479e55371
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 11:45:33 2020 +0200
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
(cherry picked from commit a5303967287cef0c3d0b653e2aca73d25d438cf7)
commit 3e145fef4f9a139e7517d101cfba011862ef2f4a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 3 11:11:14 2020 +0200
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
(cherry picked from commit 9cf1aecd73e011ad03ddb072760454379b3f0a32)
commit 88a31703a2d28d5f61e334153ef10920fac63e96
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 8 10:13:20 2020 +0000
lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit
f31333d40e6fa38daa32a3ebb32d5a317c06fc62.
This fixes a build problem if libbsd-dev is not installed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184
(cherry picked from commit 0022cd94587b805a525b0b9ef71ff0f15780424a)
commit 191c2cd7b93524fc1ee119c0f995171fb38dc210
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 10 12:12:30 2020 +0200
vfs_ring: Adapt to 4.13 VFS
commit b29103ef46a9f80a0184d4d999f22512b7fdcd89
Author: Jean-Marc Saffroy <jm at scality.com>
Date: Wed Sep 11 12:44:59 2019 +0200
Add vfs_ring.
-----------------------------------------------------------------------
Summary of changes:
lib/replace/wscript | 3 +
source3/libads/kerberos.c | 11 +++-
source3/modules/vfs_ring.c | 115 ++++++++++++++++++++++++++++++++++++
source3/modules/wscript_build | 8 +++
source3/wscript | 1 +
source4/heimdal_build/wscript_build | 7 +--
6 files changed, 136 insertions(+), 9 deletions(-)
create mode 100644 source3/modules/vfs_ring.c
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 55c8903f1c8..64f305d6df0 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -876,6 +876,9 @@ def build(bld):
if bld.CONFIG_SET('HAVE_LIBRT'): extra_libs += ' rt'
if bld.CONFIG_SET('REPLACE_REQUIRES_LIBSOCKET_LIBNSL'): extra_libs += ' socket nsl'
+ if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
+ REPLACE_HOSTCC_SOURCE += ' closefrom.c'
+
bld.SAMBA_SUBSYSTEM('LIBREPLACE_HOSTCC',
REPLACE_HOSTCC_SOURCE,
use_hostcc=True,
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 5959da919b0..03c7f35a44d 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -592,9 +592,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
#endif
}
- if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
- lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
- legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5";
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+ (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+ legacy_enctypes = "RC4-HMAC";
}
enctypes =
@@ -725,11 +726,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
"\tdns_lookup_kdc = true\n\n"
"[realms]\n\t%s = {\n"
"%s\t}\n"
+ "\t%s = {\n"
+ "%s\t}\n"
"%s\n",
realm_upper,
enctypes,
realm_upper,
kdc_ip_string,
+ domain,
+ kdc_ip_string,
include_system_krb5);
if (!file_contents) {
diff --git a/source3/modules/vfs_ring.c b/source3/modules/vfs_ring.c
new file mode 100644
index 00000000000..eedcb25c3d8
--- /dev/null
+++ b/source3/modules/vfs_ring.c
@@ -0,0 +1,115 @@
+/*
+ * VFS module implementing get_real_filename for Scality SOFS
+ *
+ * Copyright (C) 2016, Jean-Marc Saffroy <jm at scality.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "smbd/smbd.h"
+
+#define DBG 10
+
+#define GRFN_PREFIX "scal.grfn."
+#define GRFN_PREFIX_LEN (sizeof(GRFN_PREFIX)-1)
+
+static int vfs_ring_get_real_filename(struct vfs_handle_struct *handle,
+ const struct smb_filename *dirpath,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name)
+{
+ const char *path = dirpath->base_name;
+ bool mangled;
+ char attr_name [NAME_MAX+1];
+ char attr_value[NAME_MAX+1];
+ int rc;
+ const struct smb_filename *smb_fname = NULL;
+
+ if (!strcmp(path, ""))
+ path = ".";
+
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ path,
+ NULL,
+ NULL,
+ dirpath->twrp,
+ 0);
+ if (smb_fname == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" lookup \"%s\"\n",
+ path, name));
+
+ mangled = mangle_is_mangled(name, handle->conn->params);
+ if (mangled) {
+ return SMB_VFS_NEXT_GET_REAL_FILENAME(
+ handle, dirpath, name, mem_ctx, found_name);
+ }
+
+ if (strlen(name) > NAME_MAX - GRFN_PREFIX_LEN) {
+ errno = ENAMETOOLONG;
+ return -1;
+ }
+
+ strncpy(attr_name, GRFN_PREFIX, sizeof(attr_name));
+ strncpy(attr_name + GRFN_PREFIX_LEN, name,
+ sizeof(attr_name) - GRFN_PREFIX_LEN);
+
+ rc = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, attr_name,
+ attr_value, sizeof(attr_value));
+ if (rc < 0) {
+ DEBUG(DBG, ("vfs_ring_get_real_filename: getxattr(\"%s\",\"%s\") -> %s\n",
+ path, name, strerror(errno)));
+ if (errno == EOPNOTSUPP)
+ return SMB_VFS_NEXT_GET_REAL_FILENAME(
+ handle, dirpath, name, mem_ctx, found_name);
+ if (errno == ENOATTR)
+ errno = ENOENT;
+ return -1;
+ }
+
+ attr_value[rc] = 0;
+ *found_name = talloc_strdup(mem_ctx, attr_value);
+ if (*found_name == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" found \"%s\" as \"%s\"\n",
+ path, name, *found_name));
+
+ return 0;
+}
+
+static struct vfs_fn_pointers vfs_ring_fns = {
+ .get_real_filename_fn = vfs_ring_get_real_filename,
+};
+
+NTSTATUS vfs_ring_init(TALLOC_CTX *);
+NTSTATUS vfs_ring_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS ret;
+
+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "ring",
+ &vfs_ring_fns);
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
+
+ return ret;
+}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 09528f38070..9ae787aa6f4 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -598,6 +598,14 @@ bld.SAMBA3_MODULE('vfs_vxfs',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_vxfs'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_vxfs'))
+bld.SAMBA3_MODULE('vfs_ring',
+ subsystem='vfs',
+ source='vfs_ring.c',
+ deps='talloc',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_ring'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_ring'))
+
bld.SAMBA3_MODULE('vfs_offline',
subsystem='vfs',
source='vfs_offline.c',
diff --git a/source3/wscript b/source3/wscript
index 335cfd797f1..3f490bae336 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1941,6 +1941,7 @@ main() {
vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap
vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid
vfs_time_audit vfs_offline vfs_virusfilter vfs_widelinks
+ vfs_ring
'''))
if host_os.rfind('linux') > -1:
default_shared_modules.extend(['vfs_snapper'])
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index e031d9831ff..9904b245218 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -382,12 +382,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
../heimdal_build/replace.c
'''
- if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
- ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + '''
- ../../lib/replace/closefrom.c
- '''
- else:
- ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
+ ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
ROKEN_SOURCE = ROKEN_COMMON_SOURCE + '''
lib/roken/resolve.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list