[SCM] Samba Shared Repository - branch v4-15-test updated
Jule Anger
janger at samba.org
Fri Nov 19 08:12:02 UTC 2021
The branch, v4-15-test has been updated
via bf9fdf5b455 cmdline: Make -P work in clustered mode
via f1c064e792a cmdline: Add a callback to set the machine account details
via 575e620ad6c lib: Add required includes to source3/include/secrets.h
via 3309ab5fa02 selftest: Add reproducer for bug 14908
via 4d68d797f18 s3:modules:recycle - fix crash in recycle_unlink_internal
from 9bcba58e4d4 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit bf9fdf5b45531749d5e533fe91dd957d64f81d6b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 17 12:27:27 2021 +0100
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
(cherry picked from commit cdc0268c1987f36ab400ea01df88d55c02dccfdb)
Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-15-test): Fri Nov 19 08:11:05 UTC 2021 on sn-devel-184
commit f1c064e792ae1b9d3cc57380205246dc21e8bb3c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 17 12:25:58 2021 +0100
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 63c80f25da8829a7bd3244afea29c13f699efac1)
commit 575e620ad6cf57634c3357f8677f8beaf7c12caa
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 17 12:25:05 2021 +0100
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d6270525699fbc856b217cf18ece7f1d063b144d)
commit 3309ab5fa0245ca791e66c585c131abb82d24a8b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 17 16:34:07 2021 +0100
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9faa3173193ddcb95905993d960cc10d4366524e)
commit 4d68d797f187358e6b328550999ddff5bf755df0
Author: Andrew Walker <awalker at ixsystems.com>
Date: Thu Oct 28 16:01:42 2021 -0400
s3:modules:recycle - fix crash in recycle_unlink_internal
Original logic for separating path from base name assumed
that we were using same string to determine offset when
getting the parent dir name (smb_fname->base_name).
Simplify by using parent_dirname() to split the path
from base name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184
(cherry picked from commit be3a47e22ad6be204f4a7d6070f82f990c17e6fb)
-----------------------------------------------------------------------
Summary of changes:
lib/cmdline/cmdline.c | 16 ++++++++++++--
lib/cmdline/cmdline.h | 4 ++++
lib/cmdline/cmdline_s3.c | 28 ++++++++++++++++++++++++
lib/cmdline/wscript | 2 +-
source3/include/secrets.h | 3 +++
source3/modules/vfs_recycle.c | 17 +++++---------
source3/script/tests/test_net_machine_account.sh | 22 +++++++++++++++++++
source3/selftest/tests.py | 9 ++++++++
8 files changed, 86 insertions(+), 15 deletions(-)
create mode 100755 source3/script/tests/test_net_machine_account.sh
Changeset truncated at 500 lines:
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 63e81bc0a7f..0c0b3ead7da 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds;
static samba_cmdline_load_config cmdline_load_config_fn;
static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg;
+static NTSTATUS (*cli_credentials_set_machine_account_fn)(
+ struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx) =
+ cli_credentials_set_machine_account;
+
/* PRIVATE */
bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx)
{
@@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void)
return &cmdline_daemon_cfg;
}
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx))
+{
+ cli_credentials_set_machine_account_fn = fn;
+}
+
void samba_cmdline_burn(int argc, char *argv[])
{
bool found = false;
@@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
if (machine_account_pending) {
NTSTATUS status;
- status = cli_credentials_set_machine_account(creds,
- lp_ctx);
+ status = cli_credentials_set_machine_account_fn(
+ creds, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
fprintf(stderr,
"Failed to set machine account: %s\n",
diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h
index 1f85da0099e..5cd58c3ddbb 100644
--- a/lib/cmdline/cmdline.h
+++ b/lib/cmdline/cmdline.h
@@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum smb_cmdline_popt_options opt);
*/
struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void);
+void samba_cmdline_set_machine_account_fn(
+ NTSTATUS (*fn) (struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx));
+
/**
* @brief Burn secrets on the command line.
*
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 639d403aed3..6e2c154c756 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -26,6 +26,7 @@
#include "auth/credentials/credentials.h"
#include "dynconfig/dynconfig.h"
#include "cmdline_private.h"
+#include "source3/include/secrets.h"
static bool _require_smbconf;
static enum samba_cmdline_config_type _config_type;
@@ -84,6 +85,31 @@ static bool _samba_cmdline_load_config_s3(void)
return true;
}
+static NTSTATUS _samba_cmd_set_machine_account_s3(
+ struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
+{
+ struct db_context *db_ctx = secrets_db_ctx();
+ NTSTATUS status;
+
+ if (db_ctx == NULL) {
+ DBG_WARNING("failed to open secrets.tdb to obtain our "
+ "trust credentials for %s\n",
+ lpcfg_workgroup(lp_ctx));;
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = cli_credentials_set_machine_account_db_ctx(
+ cred, lp_ctx, db_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("cli_credentials_set_machine_account_db_ctx "
+ "failed: %s\n",
+ nt_errstr(status));
+ }
+
+ return status;
+}
+
bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
enum samba_cmdline_config_type config_type,
bool require_smbconf)
@@ -119,6 +145,8 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
}
samba_cmdline_set_load_config_fn(_samba_cmdline_load_config_s3);
+ samba_cmdline_set_machine_account_fn(
+ _samba_cmd_set_machine_account_s3);
return true;
}
diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript
index 9c50b47a41c..6b816c859c1 100644
--- a/lib/cmdline/wscript
+++ b/lib/cmdline/wscript
@@ -19,7 +19,7 @@ def build(bld):
bld.SAMBA_SUBSYSTEM('CMDLINE_S3',
source='cmdline_s3.c',
- deps='cmdline')
+ deps='cmdline secrets3')
bld.SAMBA_SUBSYSTEM('CMDLINE_S4',
source='cmdline_s4.c',
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index 2478561cee7..1abfbb07e89 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -20,6 +20,9 @@
#ifndef _SECRETS_H
#define _SECRETS_H
+#include "replace.h"
+#include "librpc/gen_ndr/security.h"
+
/* the first one is for the hashed password (NT4 style) the latter
for plaintext (ADS)
*/
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 7cbc938a57c..b794ebc2d8c 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -572,17 +572,10 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
*/
/* extract filename and path */
- base = strrchr(full_fname->base_name, '/');
- if (base == NULL) {
- base = full_fname->base_name;
- path_name = SMB_STRDUP("/");
- ALLOC_CHECK(path_name, done);
- }
- else {
- path_name = SMB_STRDUP(full_fname->base_name);
- ALLOC_CHECK(path_name, done);
- path_name[base - smb_fname->base_name] = '\0';
- base++;
+ if (!parent_dirname(talloc_tos(), full_fname->base_name, &path_name, &base)) {
+ rc = -1;
+ errno = ENOMEM;
+ goto done;
}
/* original filename with path */
@@ -717,7 +710,7 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
recycle_touch_mtime(handle));
done:
- SAFE_FREE(path_name);
+ TALLOC_FREE(path_name);
SAFE_FREE(temp_name);
SAFE_FREE(final_name);
TALLOC_FREE(full_fname);
diff --git a/source3/script/tests/test_net_machine_account.sh b/source3/script/tests/test_net_machine_account.sh
new file mode 100755
index 00000000000..69844443bf6
--- /dev/null
+++ b/source3/script/tests/test_net_machine_account.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# Reproducer for https://bugzilla.samba.org/show_bug.cgi?id=14908
+
+if [ $# -lt 2 ]; then
+ echo "Usage: $0 NET CONFFILE SERVER_IP"
+ exit 1
+fi
+
+NET="$1"; shift
+CONFFILE="$1"; shift
+SERVER_IP="$1"; shift
+
+export UID_WRAPPER_ROOT=1
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+testit "net_ads_user" $VALGRIND $NET rpc user --configfile="$CONFFILE" -S "$SERVER_IP" -P || failed=`expr $failed + 1`
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 10dd5042e46..32f02396004 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1289,6 +1289,15 @@ plantestsuite(
"",
"-b $PREFIX/clusteredmember/unclists/tmp.txt -N 5 -o 10"])
+plantestsuite(
+ "samba3.net_machine_account",
+ "clusteredmember",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_net_machine_account.sh"),
+ "bin/net",
+ "$SERVERCONFFILE",
+ "$SERVER_IP"])
+
plantestsuite(
"samba3.net_lookup_ldap",
"ad_dc:local",
--
Samba Shared Repository
More information about the samba-cvs
mailing list