[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Jun 29 03:08:01 UTC 2021
The branch, master has been updated
via 5f70396e62d idl: secrets_domain_info1_change is not a recursive structure
via feaf0d1ab71 s4:dsdsb: Check return code of cli_credentials_guess()
via ee9dc1fb474 s3:libsmb: Check return code of cli_credentials_guess()
via 08585bcfb2b s3:libnetapi: Check return code of cli_credentials_guess()
via 304cb910bd3 auth:creds: Check return code of cli_credentials_guess()
via 9f69e93bad3 lib:cmdline: Ignore the return code of cli_credentials_guess()
via 9f786df2a2f auth:creds: Return bool for cli_credentials_guess()
via f7ff694cddd auth:creds: Add sanity check for env variables
via 5dd3a0cc175 s4:rpc_server: Check return code of cli_credentials_set_conf()
via cfe9fb2373f s4:kpasswd: Check return code of cli_credentials_set_conf()
via 0ea4041432f s4:dns_server: Check return code of cli_credentials_set_conf()
via 9c84bea515e s4:dns:bind_dlz: Check return codes of cli_credentials functions
via 6fb3cd8d133 s4:auth: Check return code of cli_credentials_set_conf()
via 2f700ebda69 s4:auth: Check return code of cli_credentials_set_conf()
via 5281a6592b0 s3:winbindd: Check return code of cli_credentials_set_conf()
via 0f13044634d s3:passdb: Check return code of cli_credentials_set_conf()
via b18fa931f31 s3:libsmb: Check return code of cli_credentials_set_conf()
via ced8390c955 s3:auth: Check return code of cli_credentials_set_conf()
via cdf8859b906 auth:creds: Check return code of cli_credentials_set_conf()
via 1d6dfd5b4d7 auth:creds: Return a bool for cli_credentials_set_conf()
via 701c55841fb rpc/dnsserver: check talloc_strndup return
via 14ce22f4465 rpc dnsserver: improve handling of serial numbers
via 0fa98cd38b5 rpc dnsserver: set the record rank
via 8b3d2556dad rpc dnsserver: updates reset more than timestamp
via 9fb87134b8c rpc:dnsserver: allow update replacing with similar record
via fa608837369 rpc:dnsserver: split off record rank setting logic
from b5339048001 s3: VFS: fake_acls. Add missing NULL check for return of cp_smb_filename().
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5f70396e62d7cc77bf248576e2ca6e7f0f755bde
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Jun 22 16:00:00 2021 +0200
idl: secrets_domain_info1_change is not a recursive structure
575d39048e3b4f619d65d65303ac809c40c5d495 has marked
several structures as recursive, they contain typically a
backpointer named '* next'. secrets_domain_info1 is not self
recursive, it only contains a pointer named '*next_change'.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 29 03:07:17 UTC 2021 on sn-devel-184
commit feaf0d1ab7128230181c071c8da9cd2cc67bd41c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:37:13 2021 +0200
s4:dsdsb: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ee9dc1fb47442c6b8839b10be135f2af525fe376
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:35:47 2021 +0200
s3:libsmb: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 08585bcfb2b60c1684f2f5c69496d16b8d86ee6b
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:34:39 2021 +0200
s3:libnetapi: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 304cb910bd3637e79805b7a0fd21f508d1f9d5a0
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:24:38 2021 +0200
auth:creds: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f69e93bad38d45a53219cf248ba92097298b7e7
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 27 16:19:31 2021 +0200
lib:cmdline: Ignore the return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f786df2a2fd5c72b331625db74547fc88ad3e83
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 27 16:15:30 2021 +0200
auth:creds: Return bool for cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f7ff694cdddfe2c93751dd951fdf08defc51b5d5
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 27 16:11:48 2021 +0200
auth:creds: Add sanity check for env variables
CID 710829
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5dd3a0cc17582388e59f8775d5ffdad679b05aa6
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:48:42 2021 +0200
s4:rpc_server: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cfe9fb2373fe32dcea10b2be3b604c5ce9678333
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:47:23 2021 +0200
s4:kpasswd: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0ea4041432f2307514566d480be194984ab35029
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:46:14 2021 +0200
s4:dns_server: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9c84bea515ea77c692e52ce81e04bc4df380956b
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:44:44 2021 +0200
s4:dns:bind_dlz: Check return codes of cli_credentials functions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6fb3cd8d133e1f89be90e62a411f8682049c6129
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:41:36 2021 +0200
s4:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2f700ebda69bfd1a532aa43f8cf3279865931716
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 22 09:39:53 2021 +0200
s4:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5281a6592b0965e9c308421bb4d7555d25f90bd4
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 4 11:24:55 2021 +0200
s3:winbindd: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0f13044634d67e717e3a7b3fec561273ff3d1f73
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 4 11:08:28 2021 +0200
s3:passdb: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b18fa931f313f1dd345cf6e9c74168a53b45bdf2
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 4 11:06:23 2021 +0200
s3:libsmb: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ced8390c955a91062da6eaed96d948a6d45d1cbd
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 4 11:05:27 2021 +0200
s3:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cdf8859b906bab0461256c7f773aba23227642df
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 4 11:02:02 2021 +0200
auth:creds: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d6dfd5b4d7790308f9c704305d7ab8aa5cd5903
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 1 17:02:10 2021 +0200
auth:creds: Return a bool for cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 701c55841fbf5d772e479dba6a0cde2e69e2d9c4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 23 01:00:12 2021 +1200
rpc/dnsserver: check talloc_strndup return
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 14ce22f4465622a94da073d0a8a76c105326b31c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 28 22:48:00 2021 +1200
rpc dnsserver: improve handling of serial numbers
This is not correct, but it gets closer. We need to save the updated
serial number in the SOA.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0fa98cd38b59c9c05d717510f1d164af538dae90
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 28 22:45:52 2021 +1200
rpc dnsserver: set the record rank
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b3d2556dad5f97d1ba7186b9f4504d0ecc57d55
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 28 22:44:28 2021 +1200
rpc dnsserver: updates reset more than timestamp
This is based on observed Windows behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9fb87134b8c3455940d502e13aa622234cf37b2c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 28 19:09:17 2021 +1200
rpc:dnsserver: allow update replacing with similar record
We have been refusing to handle the case where the replaced record
matches the replacement according to dns_record_match() (meaning the
wType and data are semantically identical). In Windows this is
explicitly used for changing TTL.
There are further changes we need to properly handle this case.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fa608837369090c0cb789740d50de8332a570ada
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 11 11:40:59 2021 +1200
rpc:dnsserver: split off record rank setting logic
We want to do this also in update (in following commits), and we later
will want to fix the logic.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 179 ++++++++++++++++++------
auth/credentials/credentials.h | 4 +-
auth/credentials/pycredentials.c | 14 +-
auth/credentials/tests/test_creds.c | 14 +-
lib/cmdline/cmdline.c | 9 +-
selftest/knownfail.d/dns-aging | 4 -
selftest/knownfail.d/dnscmd | 1 -
source3/auth/auth_generic.c | 8 +-
source3/lib/netapi/netapi.c | 3 +-
source3/librpc/idl/secrets.idl | 2 +-
source3/libsmb/auth_generic.c | 7 +-
source3/libsmb/cliconnect.c | 5 +-
source3/passdb/passdb.c | 12 +-
source3/winbindd/winbindd_cm.c | 7 +-
source4/auth/session.c | 8 +-
source4/auth/system_session.c | 12 +-
source4/dns_server/dlz_bind9.c | 22 ++-
source4/dns_server/dns_server.c | 9 +-
source4/dsdb/samdb/ldb_modules/proxy.c | 8 +-
source4/kdc/kpasswd-service.c | 5 +-
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 32 ++---
source4/rpc_server/dnsserver/dnsdb.c | 95 ++++++++++---
source4/rpc_server/remote/dcesrv_remote.c | 10 +-
23 files changed, 359 insertions(+), 111 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 5c39569e34a..02a3cf3b354 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -64,13 +64,18 @@ struct cli_credentials *cli_credentials_init_server(TALLOC_CTX *mem_ctx,
{
struct cli_credentials *server_creds = NULL;
NTSTATUS status;
+ bool ok;
server_creds = cli_credentials_init(mem_ctx);
if (server_creds == NULL) {
return NULL;
}
- cli_credentials_set_conf(server_creds, lp_ctx);
+ ok = cli_credentials_set_conf(server_creds, lp_ctx);
+ if (!ok) {
+ TALLOC_FREE(server_creds);
+ return NULL;
+ }
status = cli_credentials_set_machine_account(server_creds, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -985,38 +990,86 @@ _PUBLIC_ char *cli_credentials_get_unparsed_name(struct cli_credentials *credent
return name;
}
+
/**
* Specifies default values for domain, workstation and realm
* from the smb.conf configuration file
*
* @param cred Credentials structure to fill in
+ *
+ * @return true on success, false on error.
*/
-_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
- struct loadparm_context *lp_ctx)
+_PUBLIC_ bool cli_credentials_set_conf(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
const char *sep = NULL;
const char *realm = lpcfg_realm(lp_ctx);
enum credentials_client_protection protection =
lpcfg_client_protection(lp_ctx);
+ const char *workgroup = lpcfg_workgroup(lp_ctx);
+ const char *netbios_name = lpcfg_netbios_name(lp_ctx);
+ bool ok;
- cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
- if (lpcfg_parm_is_cmdline(lp_ctx, "workgroup")) {
- cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_SPECIFIED);
- } else {
- cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_SMB_CONF);
+ (void)cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
+
+ if (workgroup != NULL && strlen(workgroup) == 0) {
+ workgroup = NULL;
}
- if (lpcfg_parm_is_cmdline(lp_ctx, "netbios name")) {
- cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED);
- } else {
- cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SMB_CONF);
+
+ if (workgroup != NULL) {
+ if (lpcfg_parm_is_cmdline(lp_ctx, "workgroup")) {
+ ok = cli_credentials_set_domain(cred,
+ workgroup,
+ CRED_SPECIFIED);
+ if (!ok) {
+ DBG_ERR("Failed to set domain!\n");
+ return false;
+ }
+ } else {
+ (void)cli_credentials_set_domain(cred,
+ workgroup,
+ CRED_SMB_CONF);
+ }
}
+
+ if (netbios_name != NULL && strlen(netbios_name) == 0) {
+ netbios_name = NULL;
+ }
+
+ if (netbios_name != NULL) {
+ if (lpcfg_parm_is_cmdline(lp_ctx, "netbios name")) {
+ ok = cli_credentials_set_workstation(cred,
+ netbios_name,
+ CRED_SPECIFIED);
+ if (!ok) {
+ DBG_ERR("Failed to set workstation!\n");
+ return false;
+ }
+ } else {
+ (void)cli_credentials_set_workstation(cred,
+ netbios_name,
+ CRED_SMB_CONF);
+ }
+ }
+
if (realm != NULL && strlen(realm) == 0) {
realm = NULL;
}
- if (lpcfg_parm_is_cmdline(lp_ctx, "realm")) {
- cli_credentials_set_realm(cred, realm, CRED_SPECIFIED);
- } else {
- cli_credentials_set_realm(cred, realm, CRED_SMB_CONF);
+
+ if (realm != NULL) {
+ if (lpcfg_parm_is_cmdline(lp_ctx, "realm")) {
+ ok = cli_credentials_set_realm(cred,
+ realm,
+ CRED_SPECIFIED);
+ if (!ok) {
+ DBG_ERR("Failed to set realm!\n");
+ return false;
+ }
+ } else {
+ (void)cli_credentials_set_realm(cred,
+ realm,
+ CRED_SMB_CONF);
+ }
}
sep = lpcfg_winbind_separator(lp_ctx);
@@ -1091,6 +1144,8 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
}
cred->gensec_features_obtained = CRED_SMB_CONF;
}
+
+ return true;
}
/**
@@ -1099,46 +1154,92 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
*
* @param cred Credentials structure to fill in
*/
-_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
- struct loadparm_context *lp_ctx)
+_PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
- char *p;
const char *error_string;
+ const char *env = NULL;
+ bool ok;
if (lp_ctx != NULL) {
- cli_credentials_set_conf(cred, lp_ctx);
+ ok = cli_credentials_set_conf(cred, lp_ctx);
+ if (!ok) {
+ return false;
+ }
}
-
- if (getenv("LOGNAME")) {
- cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV);
+
+ env = getenv("LOGNAME");
+ if (env != NULL) {
+ size_t len = strlen(env);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_set_username(cred,
+ env,
+ CRED_GUESS_ENV);
+ }
}
- if (getenv("USER")) {
- cli_credentials_parse_string(cred, getenv("USER"), CRED_GUESS_ENV);
- if ((p = strchr_m(getenv("USER"),'%'))) {
- memset(p,0,strlen(cred->password));
+ env = getenv("USER");
+ if (env != NULL) {
+ size_t len = strlen(env);
+
+ if (len > 0 && len <= 1024) {
+ char *p = NULL;
+
+ (void)cli_credentials_parse_string(cred,
+ env,
+ CRED_GUESS_ENV);
+ if ((p = strchr_m(env, '%'))) {
+ memset(p, '\0', strlen(cred->password));
+ }
}
}
- if (getenv("PASSWD")) {
- cli_credentials_set_password(cred, getenv("PASSWD"), CRED_GUESS_ENV);
+ env = getenv("PASSWD");
+ if (env != NULL) {
+ size_t len = strlen(env);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_set_password(cred,
+ env,
+ CRED_GUESS_ENV);
+ }
}
- if (getenv("PASSWD_FD")) {
- cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")),
- CRED_GUESS_FILE);
+ env = getenv("PASSWD_FD");
+ if (env != NULL) {
+ size_t len = strlen(env);
+
+ if (len > 0 && len <= 1024) {
+ int fd = atoi(env);
+
+ (void)cli_credentials_parse_password_fd(cred,
+ fd,
+ CRED_GUESS_FILE);
+ }
}
-
- p = getenv("PASSWD_FILE");
- if (p && p[0]) {
- cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE);
+
+ env = getenv("PASSWD_FILE");
+ if (env != NULL) {
+ size_t len = strlen(env);
+
+ if (len > 0 && len <= 4096) {
+ (void)cli_credentials_parse_password_file(cred,
+ env,
+ CRED_GUESS_FILE);
+ }
}
-
+
if (lp_ctx != NULL &&
cli_credentials_get_kerberos_state(cred) != CRED_USE_KERBEROS_DISABLED) {
- cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE,
- &error_string);
+ (void)cli_credentials_set_ccache(cred,
+ lp_ctx,
+ NULL,
+ CRED_GUESS_FILE,
+ &error_string);
}
+
+ return true;
}
/**
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 04cf5138aec..4057565ad34 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -130,7 +130,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred);
struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
-void cli_credentials_set_conf(struct cli_credentials *cred,
+bool cli_credentials_set_conf(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
@@ -204,7 +204,7 @@ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred
struct db_context *db_ctx);
bool cli_credentials_authentication_requested(struct cli_credentials *cred);
-void cli_credentials_guess(struct cli_credentials *cred,
+bool cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
const char *bind_dn);
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 566405a08ee..798cdb41a00 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -622,6 +622,7 @@ static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
struct loadparm_context *lp_ctx;
TALLOC_CTX *mem_ctx;
struct cli_credentials *creds;
+ bool ok;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
@@ -645,9 +646,11 @@ static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
return NULL;
}
- cli_credentials_set_conf(creds, lp_ctx);
-
+ ok = cli_credentials_set_conf(creds, lp_ctx);
talloc_free(mem_ctx);
+ if (!ok) {
+ return NULL;
+ }
Py_RETURN_NONE;
}
@@ -658,6 +661,7 @@ static PyObject *py_creds_guess(PyObject *self, PyObject *args)
struct loadparm_context *lp_ctx;
TALLOC_CTX *mem_ctx;
struct cli_credentials *creds;
+ bool ok;
creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
@@ -680,9 +684,11 @@ static PyObject *py_creds_guess(PyObject *self, PyObject *args)
return NULL;
}
- cli_credentials_guess(creds, lp_ctx);
-
+ ok = cli_credentials_guess(creds, lp_ctx);
talloc_free(mem_ctx);
+ if (!ok) {
+ return NULL;
+ }
Py_RETURN_NONE;
}
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index 0f482e38eaa..a2f9642bfe0 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -118,12 +118,14 @@ static void torture_creds_guess(void **state)
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
const char *env_user = getenv("USER");
+ bool ok;
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
setenv("PASSWD", "SECRET", 1);
- cli_credentials_guess(creds, NULL);
+ ok = cli_credentials_guess(creds, NULL);
+ assert_true(ok);
assert_string_equal(creds->username, env_user);
assert_int_equal(creds->username_obtained, CRED_GUESS_ENV);
@@ -137,12 +139,14 @@ static void torture_creds_anon_guess(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
+ bool ok;
creds = cli_credentials_init_anon(mem_ctx);
assert_non_null(creds);
setenv("PASSWD", "SECRET", 1);
- cli_credentials_guess(creds, NULL);
+ ok = cli_credentials_guess(creds, NULL);
+ assert_true(ok);
assert_string_equal(creds->username, "");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
@@ -227,11 +231,13 @@ static void torture_creds_krb5_state(void **state)
assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
- cli_credentials_set_conf(creds, lp_ctx);
+ ok = cli_credentials_set_conf(creds, lp_ctx);
+ assert_true(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
- cli_credentials_guess(creds, lp_ctx);
+ ok = cli_credentials_guess(creds, lp_ctx);
+ assert_true(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 11630287a83..a0a55f4dcfb 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -757,8 +757,15 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
/*
* This calls cli_credentials_set_conf() to get the defaults
* form smb.conf and set the winbind separator.
+ *
+ * Just warn that we can't read the smb.conf. The might not be
+ * one available or we want to ignore it.
*/
- cli_credentials_guess(creds, lp_ctx);
+ ok = cli_credentials_guess(creds, lp_ctx);
+ if (!ok) {
+ fprintf(stderr,
+ "Unable to read defaults from smb.conf\n");
+ }
(void)cli_credentials_get_password_and_obtained(creds,
&password_obtained);
diff --git a/selftest/knownfail.d/dns-aging b/selftest/knownfail.d/dns-aging
index f585449e1f9..bff873cc1ca 100644
--- a/selftest/knownfail.d/dns-aging
+++ b/selftest/knownfail.d/dns-aging
@@ -31,12 +31,9 @@ samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_aging
samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_aging_touch
samba.tests.dns_aging.+test_dns_add_sibling_2_7_days_no_aging_touch
samba.tests.dns_aging.+test_add_update_dwFlags
-samba.tests.dns_aging.+test_add_update_dwReserved
samba.tests.dns_aging.+test_add_update_dwSerial
samba.tests.dns_aging.+test_add_update_dwSerial_2
samba.tests.dns_aging.+test_add_update_many
-samba.tests.dns_aging.+test_add_update_timestamp
-samba.tests.dns_aging.+test_add_update_ttl
samba.tests.dns_aging.+test_add_update_ttl_serial
samba.tests.dns_aging.+test_dns_delete_simple_0_0_days_no_aging_touch
samba.tests.dns_aging.+test_dns_delete_simple_0_113_days_no_aging_touch
@@ -53,7 +50,6 @@ samba.tests.dns_aging.+test_dns_delete_simple_2_13_days_no_aging_touch
samba.tests.dns_aging.+test_dns_delete_simple_2_3_days_no_aging_touch
samba.tests.dns_aging.+test_dynamic_record_static_update
samba.tests.dns_aging.+test_multi_records_delete_aging
-samba.tests.dns_aging.+test_rpc_update_timestamps
samba.tests.dns_aging.+test_static_record_dynamic_update
samba.tests.dns_aging.+test_update_aging_disabled\b
samba.tests.dns_aging.+test_update_aging_disabled_beyond_refresh_window
diff --git a/selftest/knownfail.d/dnscmd b/selftest/knownfail.d/dnscmd
index 95860d2e9c2..5385997ab50 100644
--- a/selftest/knownfail.d/dnscmd
+++ b/selftest/knownfail.d/dnscmd
@@ -1,2 +1 @@
-samba.tests.samba_tool.dnscmd.+test_update_valid_type
samba.tests.samba_tool.dnscmd.+test_update_invalid_type
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index ebb1f19bd54..0e9245fc23d 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -268,6 +268,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
struct cli_credentials *server_credentials;
const char *dns_name;
const char *dns_domain;
+ bool ok;
struct auth4_context *auth4_context = make_auth4_context_s3(tmp_ctx, auth_context);
if (auth4_context == NULL) {
goto nomem;
@@ -346,7 +347,12 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
goto nomem;
}
- cli_credentials_set_conf(server_credentials, lp_ctx);
+ ok = cli_credentials_set_conf(server_credentials, lp_ctx);
+ if (!ok) {
+ DBG_ERR("Failed to set server credentials defaults "
+ "from smb.conf.\n");
+ goto nomem;
+ }
if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) {
cli_credentials_set_kerberos_state(server_credentials,
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index fb51bb34323..8dbb05307d2 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -129,7 +129,8 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
BlockSignals(True, SIGPIPE);
- cli_credentials_guess(ctx->creds, lp_ctx);
+ /* Ignore return code, as we might not have a smb.conf */
+ (void)cli_credentials_guess(ctx->creds, lp_ctx);
status = libnetapi_init_private_context(ctx);
if (status != 0) {
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
index 186d925e45e..2c06fa6990d 100644
--- a/source3/librpc/idl/secrets.idl
+++ b/source3/librpc/idl/secrets.idl
@@ -100,7 +100,7 @@ import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
NTTIME password_last_change;
hyper password_changes;
- [max_recursion(20000)] secrets_domain_info1_change *next_change;
+ secrets_domain_info1_change *next_change;
[ref] secrets_domain_info1_password *password;
secrets_domain_info1_password *old_password;
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index 59560d677bc..e5120a083a6 100644
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -64,6 +64,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
struct gensec_settings *gensec_settings;
const struct gensec_security_ops **backends = NULL;
struct loadparm_context *lp_ctx;
+ bool ok;
ans = talloc_zero(mem_ctx, struct auth_generic_state);
if (!ans) {
@@ -120,7 +121,11 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_guess(ans->credentials, lp_ctx);
+ ok = cli_credentials_guess(ans->credentials, lp_ctx);
+ if (!ok) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_INTERNAL_ERROR;
--
Samba Shared Repository
More information about the samba-cvs
mailing list