[SCM] Samba Shared Repository - branch v4-15-test updated
Jule Anger
janger at samba.org
Fri Oct 22 08:40:01 UTC 2021
The branch, v4-15-test has been updated
via be8fb0218af heimdal:kdc: Only check for default salt for des-cbc-crc enctype
via cb768d624eb libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
via b299897ab58 docs-xml: Update winbindd(8) manpage
via b8c8c2017db s3:winbindd: Fix winbindd child logfile name handling
via 9257b637f14 debug: Remove "override_logfile"
from 57ffd32d455 s3: smbspool. Remove last use of 'extern char **environ;'.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 8 15:53:47 2021 +1300
heimdal:kdc: Only check for default salt for des-cbc-crc enctype
Previously, this algorithm was preferring RC4 over AES for machine
accounts in the preauth case. This is because AES keys for machine
accounts in Active Directory use a non-default salt, while RC4 keys do
not use a salt. To avoid this behaviour, only prefer keys with default
salt for the des-cbc-crc enctype.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53)
Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-15-test): Fri Oct 22 08:39:30 UTC 2021 on sn-devel-184
commit cb768d624eb4e9e4bbaec5e1408d59267c5bb475
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 28 22:24:32 2021 +0200
libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
We can only assume that servers with support for AES-GMAC-128 signing
will except an SMB2 Cancel with ASYNC_ID and real MID.
This strategy is also used by Windows clients, because
some vendors don't cope otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184
(cherry picked from commit dd07bb81bb9a570b321bb2e5adab42546736ff9f)
commit b299897ab58a22d50c296cc446725ad7aa1b57d3
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Fri Oct 8 13:16:05 2021 +0200
docs-xml: Update winbindd(8) manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 12 09:30:02 UTC 2021 on sn-devel-184
(cherry picked from commit 12d04d9a9288a9358d5f5aebaec126cc610952b1)
commit b8c8c2017dbcfe8debf6fee5d131ff36a0e79a39
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Thu Oct 7 12:08:22 2021 +0200
s3:winbindd: Fix winbindd child logfile name handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Handling of logfile name for main and child winbindd must ensure:
1) Log directory is selected in this order:
* -l option of winbindd
* "log file" parameter in smb.conf
* compile time value '/usr/local/samba/var'
2) Log filename pattern
* parent process uses log.winbindd
* child uses log.wb-<name>
3) Log reopen works for both parent and child (i.e. log filename is not changed)
* kill -HUP <pid>
* smbcontrol <pid> reload-config
This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure that:
- 1st removal: child uses log.wb-<name> after the fork
- 2nd removal: child after HUP signal, does not switch to log.winbindd
- 3rd removal: child after smbcontrol reload-config, does not switch to
log.winbindd
Interesting commits: bfa1b2a8 1484b7f3 3b015a4c d1f7a371
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b92589c31f0eb3eaf2b3b1867e10b759f6a2edda)
commit 9257b637f14754427957711fe89d5cb4107881b2
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 17 10:22:29 2021 +0200
debug: Remove "override_logfile"
The only writer to this variable left with c377845d27d4dcd7. The
closest match for override_logfile is is_default_dyn_LOGFILEBASE()
with the opposite logic.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 18 00:53:28 UTC 2021 on sn-devel-184
(cherry picked from commit cf4a868be50e795889b76b59f7fbe1cca51bcbfa)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/winbindd.8.xml | 20 +++++++++++++++++++-
lib/util/debug.c | 10 ----------
libcli/smb/smb2_signing.c | 12 ++++++++++--
libcli/smb/smbXcli_base.c | 6 +++++-
selftest/knownfail_heimdal_kdc | 3 ---
source3/nmbd/nmbd.c | 4 +---
source3/winbindd/winbindd.c | 4 +---
source3/winbindd/winbindd_cm.c | 1 -
source3/winbindd/winbindd_dual.c | 21 +++++++++++----------
source4/heimdal/kdc/kerberos5.c | 3 ++-
10 files changed, 49 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
index 3b7487c1b1c..7a643b8879c 100644
--- a/docs-xml/manpages/winbindd.8.xml
+++ b/docs-xml/manpages/winbindd.8.xml
@@ -195,7 +195,25 @@ hosts: files wins
</para></listitem>
</varlistentry>
- &cmdline.common.samba.server;
+ &cmdline.common.debug.server;
+ &cmdline.common.config.server;
+ &cmdline.common.option;
+
+ <varlistentry>
+ <term>-l|--log-basename=logdirectory</term>
+ <listitem>
+ <para>
+ Base directory name for log/debug files. The parent process
+ uses filename log.winbindd, the child process uses filename
+ log.wb-<name>. The log file is never removed by winbindd.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ &cmdline.common.samba.leakreport;
+ &cmdline.common.samba.leakreportfull;
+ &cmdline.version;
+
&popt.autohelp;
</variablelist>
diff --git a/lib/util/debug.c b/lib/util/debug.c
index cd52fe4be77..4fd17679227 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -583,16 +583,6 @@ static void debug_backends_log(const char *msg, int msg_level)
}
}
-/* -------------------------------------------------------------------------- **
- * External variables.
- */
-
-/*
- used to check if the user specified a
- logfile on the command line
-*/
-bool override_logfile;
-
int debuglevel_get_class(size_t idx)
{
return dbgc_config[idx].loglevel;
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index fdb69e90a07..29ddfe71a24 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -430,8 +430,16 @@ static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key
}
msg_id = BVAL(hdr, SMB2_HDR_MESSAGE_ID);
if (msg_id == 0) {
- DBG_ERR("opcode[%u] msg_id == 0\n", opcode);
- return NT_STATUS_INTERNAL_ERROR;
+ if (opcode != SMB2_OP_CANCEL ||
+ sign_algo_id >= SMB2_SIGNING_AES128_GMAC)
+ {
+ DBG_ERR("opcode[%u] msg_id == 0\n", opcode);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ /*
+ * Legacy algorithms allow MID 0
+ * for cancel requests
+ */
}
if (msg_id == UINT64_MAX) {
DBG_ERR("opcode[%u] msg_id == UINT64_MAX\n", opcode);
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 3fb51e33ffe..7579fa1c378 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3318,7 +3318,11 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs,
state->smb2.cancel_flags = SVAL(state->smb2.hdr, SMB2_HDR_FLAGS);
state->smb2.cancel_flags &= ~SMB2_HDR_FLAG_CHAINED;
- state->smb2.cancel_mid = mid;
+ if (state->conn->smb2.server.sign_algo >= SMB2_SIGNING_AES128_GMAC) {
+ state->smb2.cancel_mid = mid;
+ } else {
+ state->smb2.cancel_mid = 0;
+ }
state->smb2.cancel_aid = 0;
skip_credits:
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index 767bfe90943..8b497160878 100644
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -48,7 +48,6 @@
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_hide_client_names.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_claims.ad_dc
-^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_etypes.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_subkey.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_flags.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_nonce.ad_dc
@@ -57,9 +56,7 @@
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_service_ticket.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_service_ticket_mach.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_unknown_critical_option.ad_dc
-^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_fast_no_etypes.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs.ad_dc
-^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_etypes.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_subkey.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_service_ticket.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_service_ticket_mach.ad_dc
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index d43c52bb406..44121e9915c 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -37,8 +37,6 @@ int global_nmb_port = -1;
extern bool rescan_listen_set;
extern bool global_in_nmbd;
-extern bool override_logfile;
-
/* have we found LanMan clients yet? */
bool found_lm_clients = False;
@@ -857,7 +855,7 @@ static bool open_sockets(bool isdaemon, int port)
sys_srandom(time(NULL) ^ getpid());
- if (!override_logfile) {
+ if (is_default_dyn_LOGFILEBASE()) {
char *lfile = NULL;
if (asprintf(&lfile, "%s/log.nmbd", get_dyn_LOGFILEBASE()) < 0) {
exit(1);
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 8c35b8eae76..25d8b723010 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -64,8 +64,6 @@ static void winbindd_setup_max_fds(void);
static bool opt_nocache = False;
static bool interactive = False;
-extern bool override_logfile;
-
struct imessaging_context *winbind_imessaging_context(void)
{
static struct imessaging_context *msg = NULL;
@@ -1718,7 +1716,7 @@ int main(int argc, const char **argv)
poptFreeContext(pc);
- if (!override_logfile) {
+ if (is_default_dyn_LOGFILEBASE()) {
char *lfile = NULL;
if (asprintf(&lfile,"%s/log.winbindd",
get_dyn_LOGFILEBASE()) > 0) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index fdb894d7ff6..7381495e155 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -98,7 +98,6 @@ struct dc_name_ip {
};
extern struct winbindd_methods reconnect_methods;
-extern bool override_logfile;
static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain, bool need_rw_dc);
static void set_dc_type_and_flags( struct winbindd_domain *domain );
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 5006d6af096..b275dfb128c 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -47,8 +47,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-extern bool override_logfile;
-
static void forall_domain_children(bool (*fn)(struct winbindd_child *c,
void *private_data),
void *private_data)
@@ -1546,16 +1544,18 @@ NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself,
close_conns_after_fork();
- if (!override_logfile && logfilename) {
+ if (logfilename != NULL) {
lp_set_logfile(logfilename);
reopen_logs();
}
- if (!winbindd_setup_sig_term_handler(false))
+ if (!winbindd_setup_sig_term_handler(false)) {
return NT_STATUS_NO_MEMORY;
- if (!winbindd_setup_sig_hup_handler(override_logfile ? NULL :
- logfilename))
+ }
+
+ if (!winbindd_setup_sig_hup_handler(logfilename)) {
return NT_STATUS_NO_MEMORY;
+ }
/* Stop zombies in children */
CatchChild();
@@ -1776,10 +1776,11 @@ static bool fork_domain_child(struct winbindd_child *child)
messaging_register(global_messaging_context(), NULL,
MSG_WINBIND_DISCONNECT_DC,
winbind_msg_disconnect_dc);
- messaging_register(global_messaging_context(),
- override_logfile ? NULL : child->logfilename,
- MSG_SMB_CONF_UPDATED,
- winbindd_msg_reload_services_child);
+ messaging_register(
+ global_messaging_context(),
+ child->logfilename,
+ MSG_SMB_CONF_UPDATED,
+ winbindd_msg_reload_services_child);
primary_domain = find_our_domain();
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 0fa336e871c..a7ca3d93475 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -174,7 +174,8 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
if (ret)
continue;
- if (is_preauth && !is_default_salt_p(&def_salt, key))
+ if (is_preauth && enctype == (krb5_enctype)ETYPE_DES_CBC_CRC
+ && !is_default_salt_p(&def_salt, key))
continue;
enctype = p[i];
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list