[SCM] Samba Shared Repository - branch v4-16-stable updated
Jule Anger
janger at samba.org
Mon Jun 13 06:55:45 UTC 2022
The branch, v4-16-stable has been updated
via b1829426413 VERSION: Disable GIT_SNAPSHOT for the 4.16.2 release.
via 7fd4aba0fb4 WHATSNEW: Add release notes for Samba 4.16.2.
via 9bab57ae404 Revert "lib:util: Remove NIS support from string_match()"
via 87f59494345 Revert "s3:smbd: Remove NIS support"
via cdbd540b7cb Revert "docs-xml: Update documentation for removal of NIS support"
via 16df1ed429d Revert "s3:auth: Fix user_in_list() for UNIX groups"
via 56eca407415 ldb: version 2.5.1
via bb60c85153b s3:smbd: Out-by-4 error in smbd read reply max_send clamp
via 1397656cebf s3:printing: Start samba-bgqd as soon as possible
via 8507fa6fc7d s3:printing: Initialize the printcap cache as soon as the bgqd starts
via c3ce1fec590 lib/util/gpfswrap: remove unused gpfswrap_get_winattrs_path()
via b8cc300d226 vfs_gpfs: use handle based gpfswrap_get_winattrs()
via 72ef38a9747 lib/util/gpfswrap: remove unused gpfswrap_getacl()
via bdb2714671f vfs_gpfs: finally: use gpfswrap_fgetacl() instead of gpfswrap_getacl()
via 1d4f8f3e472 lib/util/gpfswrap: add gpfswrap_fgetacl()
via 069354e7480 vfs_gpfs: pass fsp to gpfs_getacl_with_capability()
via bce1de5580f vfs_gpfs: pass fsp to vfs_gpfs_getacl()
via a039780c01c vfs_gpfs: use fsp in gpfsacl_get_posix_acl()
via d9222188190 vfs_gpfs: pass fsp to gpfsacl_get_posix_acl()
via f752c389740 vfs_gpfs: pass fsp to gpfs_get_nfs4_acl()
via 2a50ba5ae19 vfs_gpfs: pass fsp to gpfsacl_emu_chmod()
via ea39a8894a2 vfs_gpfs: indentation and README.Coding fixes
via e3de2bdb859 s3/client: Restore '-E' handling
via 239e0759db3 s3/script/tests: Test smbclient -E redirects output to stderr
via 53ac81eef24 s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
via b09a37cd821 third_party: Update waf to version 2.0.24
via 32a573463e8 third_party: Update waf to verison 2.0.23
via 8385893f4c6 third_party:waf: Print the version of waf at the end of the update script
via f23f9132f7c srvsvc: Announce [username] in NetShareEnum
via 344ff937f20 srvsvc: Add a central return point to init_srv_share_info_ctr()
via 807ce67629d selftest: Test for bug 15062 -- list "username" in netshareenum
via 25b7144283f s3: smbd: Allow a durable handle on a leased stat-open.
via c7e2b4c3e90 s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
via 43a4e018ff0 VERSION: Bump version up to Samba 4.16.2...
from 80503890e59 VERSION: Disable GIT_SNAPSHOT for the 4.16.1 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 73 ++++++++++-
buildtools/bin/waf | 3 +-
buildtools/wafsamba/wafsamba.py | 2 +-
docs-xml/smbdotconf/security/hostsallow.xml | 7 ++
docs-xml/smbdotconf/security/invalidusers.xml | 15 ++-
docs-xml/smbdotconf/security/usernamemap.xml | 5 +
docs-xml/smbdotconf/security/validusers.xml | 7 +-
docs-xml/smbdotconf/winbind/winbindseparator.xml | 4 +-
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.5.1.sigs} | 0
...pyldb-util-2.1.0.sigs => pyldb-util-2.5.1.sigs} | 0
lib/ldb/wscript | 2 +-
lib/util/access.c | 56 +++++++++
lib/util/gpfswrap.c | 24 +---
lib/util/gpfswrap.h | 4 +-
selftest/knownfail | 1 +
selftest/target/Samba3.pm | 4 +
source3/auth/user_util.c | 139 +++++++++++++++++----
source3/client/client.c | 5 +
source3/libads/ldap.c | 7 ++
source3/modules/vfs_gpfs.c | 89 +++++++------
source3/printing/queue_process.c | 11 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 114 +++++++++++++----
source3/script/tests/test_smbclient_s3.sh | 58 +++++++++
source3/script/tests/test_user_in_sharelist.sh | 22 ++++
source3/selftest/tests.py | 6 +
source3/smbd/durable.c | 4 -
source3/smbd/reply.c | 4 +-
source3/smbd/share_access.c | 21 ++--
source3/wscript | 4 +
source4/torture/smb2/durable_open.c | 63 ++++++++++
third_party/waf/update.sh | 4 +-
third_party/waf/waflib/Context.py | 8 +-
third_party/waf/waflib/Runner.py | 4 +-
third_party/waf/waflib/TaskGen.py | 8 +-
third_party/waf/waflib/Tools/c_config.py | 1 +
third_party/waf/waflib/Tools/ccroot.py | 1 +
third_party/waf/waflib/Tools/compiler_c.py | 25 ++--
third_party/waf/waflib/Tools/compiler_cxx.py | 25 ++--
third_party/waf/waflib/Tools/msvc.py | 17 ++-
third_party/waf/waflib/Tools/python.py | 11 +-
third_party/waf/waflib/Tools/qt5.py | 4 +-
third_party/waf/waflib/Tools/tex.py | 1 +
third_party/waf/waflib/Tools/winres.py | 35 ++++++
.../waflib/extras/clang_compilation_database.py | 2 +-
third_party/waf/waflib/extras/classic_runner.py | 68 ++++++++++
third_party/waf/waflib/extras/color_gcc.py | 2 +-
third_party/waf/waflib/extras/eclipse.py | 74 ++++++++++-
third_party/waf/waflib/extras/gccdeps.py | 82 ++++++------
third_party/waf/waflib/extras/msvcdeps.py | 54 +++++---
third_party/waf/waflib/extras/msvs.py | 6 +-
third_party/waf/waflib/extras/swig.py | 2 +-
third_party/waf/waflib/extras/wafcache.py | 26 ++--
third_party/waf/waflib/fixpy2.py | 2 +-
54 files changed, 961 insertions(+), 257 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.5.1.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.5.1.sigs} (100%)
create mode 100755 source3/script/tests/test_user_in_sharelist.sh
create mode 100644 third_party/waf/waflib/extras/classic_runner.py
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 1d75a4031c7..e910dbc2a7e 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=16
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index dfe17dcf110..a4727cbf331 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,73 @@
+ ==============================
+ Release Notes for Samba 4.16.2
+ June 13, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.1
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
+ file had been deleted.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 15087: netgroups support removed.
+
+o Samuel Cabrero <scabrero at suse.de>
+ * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
+ server.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15062: Update from 4.15 to 4.16 breaks discovery of [homes] on
+ standalone server from Win and IOS.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15071: waf produces incorrect names for python extensions with Python
+ 3.11.
+
+o Noel Power <noel.power at suse.com>
+ * BUG 15075: smbclient -E doesn't work as advertised.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15071: waf produces incorrect names for python extensions with Python
+ 3.11.
+ * BUG 15081: The samba background daemon doesn't refresh the printcap cache
+ on startup.
+
+o Robert Sprowson <webpages at sprow.co.uk>
+ * BUG 14443: Out-by-4 error in smbd read reply max_send clamp..
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.16.1
May 02, 2022
@@ -68,8 +138,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.16.0
March 21, 2022
diff --git a/buildtools/bin/waf b/buildtools/bin/waf
index b0ccb09a877..d9cba343623 100755
--- a/buildtools/bin/waf
+++ b/buildtools/bin/waf
@@ -32,7 +32,7 @@ POSSIBILITY OF SUCH DAMAGE.
import os, sys, inspect
-VERSION="2.0.22"
+VERSION="2.0.24"
REVISION="x"
GIT="x"
INSTALL="x"
@@ -164,4 +164,3 @@ if __name__ == '__main__':
from waflib import Scripting
Scripting.waf_entry_point(cwd, VERSION, wafdir[0])
-
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 185ef3b73a2..7885ee720be 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -38,7 +38,7 @@ LIB_PATH="shared"
os.environ['PYTHONUNBUFFERED'] = '1'
-if Context.HEXVERSION not in (0x2001600,):
+if Context.HEXVERSION not in (0x2001800,):
Logs.error('''
Please use the version of waf that comes with Samba, not
a system installed version. See http://wiki.samba.org/index.php/Waf
diff --git a/docs-xml/smbdotconf/security/hostsallow.xml b/docs-xml/smbdotconf/security/hostsallow.xml
index a052e7f79cd..8b4b62268a3 100644
--- a/docs-xml/smbdotconf/security/hostsallow.xml
+++ b/docs-xml/smbdotconf/security/hostsallow.xml
@@ -41,6 +41,13 @@
<para><command moreinfo="none">hosts allow = lapland, arvidsjaur</command></para>
+ <para>Example 4: allow only hosts in NIS netgroup "foonet", but
+ deny access from one particular host</para>
+
+ <para><command moreinfo="none">hosts allow = @foonet</command></para>
+
+ <para><command moreinfo="none">hosts deny = pirate</command></para>
+
<note><para>Note that access still requires suitable user-level passwords.</para></note>
<para>See <citerefentry><refentrytitle>testparm</refentrytitle>
diff --git a/docs-xml/smbdotconf/security/invalidusers.xml b/docs-xml/smbdotconf/security/invalidusers.xml
index 268cdfad560..b2fb2b9d293 100644
--- a/docs-xml/smbdotconf/security/invalidusers.xml
+++ b/docs-xml/smbdotconf/security/invalidusers.xml
@@ -7,8 +7,21 @@
to login to this service. This is really a <emphasis>paranoid</emphasis>
check to absolutely ensure an improper setting does not breach
your security.</para>
+
+ <para>A name starting with a '@' is interpreted as an NIS
+ netgroup first (if your system supports NIS), and then as a UNIX
+ group if the name was not found in the NIS netgroup database.</para>
- <para>A name starting with a '@' is interpreted UNIX group.</para>
+ <para>A name starting with '+' is interpreted only
+ by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
+ '&' is interpreted only by looking in the NIS netgroup database
+ (this requires NIS to be working on your system). The characters
+ '+' and '&' may be used at the start of the name in either order
+ so the value <parameter moreinfo="none">+&group</parameter> means check the
+ UNIX group database, followed by the NIS netgroup database, and
+ the value <parameter moreinfo="none">&+group</parameter> means check the NIS
+ netgroup database, followed by the UNIX group database (the
+ same as the '@' prefix).</para>
<para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
This is useful in the [homes] section.</para>
diff --git a/docs-xml/smbdotconf/security/usernamemap.xml b/docs-xml/smbdotconf/security/usernamemap.xml
index eab72bb8672..809a54c1e2f 100644
--- a/docs-xml/smbdotconf/security/usernamemap.xml
+++ b/docs-xml/smbdotconf/security/usernamemap.xml
@@ -58,6 +58,11 @@
</para>
+ <para>
+ If your system supports the NIS NETGROUP option then the netgroup database is checked before the <filename
+ moreinfo="none">/etc/group </filename> database for matching groups.
+ </para>
+
<para>
You can map Windows usernames that have spaces in them by using double quotes around the name. For example:
<programlisting>
diff --git a/docs-xml/smbdotconf/security/validusers.xml b/docs-xml/smbdotconf/security/validusers.xml
index 6b0bacfd78a..0b681a1fef5 100644
--- a/docs-xml/smbdotconf/security/validusers.xml
+++ b/docs-xml/smbdotconf/security/validusers.xml
@@ -4,10 +4,9 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This is a list of users that should be allowed to login to this service.
- Names starting with an '@' are interpreted using the same rules as
- described in the
- <parameter moreinfo="none">invalid users</parameter> parameter.
+ This is a list of users that should be allowed to login to this service. Names starting with
+ '@', '+' and '&' are interpreted using the same rules as described in the
+ <parameter moreinfo="none">invalid users</parameter> parameter.
</para>
<para>
diff --git a/docs-xml/smbdotconf/winbind/winbindseparator.xml b/docs-xml/smbdotconf/winbind/winbindseparator.xml
index 9be46109cd6..eda14f4e03a 100644
--- a/docs-xml/smbdotconf/winbind/winbindseparator.xml
+++ b/docs-xml/smbdotconf/winbind/winbindseparator.xml
@@ -10,9 +10,9 @@
and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services.
</para>
- <para>Please note that setting this parameter to + can cause problems
+ <para>Please note that setting this parameter to + causes problems
with group membership at least on glibc systems, as the character +
- was used as a special character for NIS in /etc/group.</para>
+ is used as a special character for NIS in /etc/group.</para>
</description>
<value type="default">\</value>
diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.5.1.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.5.1.sigs
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs b/lib/ldb/ABI/pyldb-util-2.5.1.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.5.1.sigs
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index b811b68861f..f483dd54748 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -2,7 +2,7 @@
APPNAME = 'ldb'
# For Samba 4.16.x
-VERSION = '2.5.0'
+VERSION = '2.5.1'
import sys, os
diff --git a/lib/util/access.c b/lib/util/access.c
index 5b53894b2ce..b1b4bffaeaa 100644
--- a/lib/util/access.c
+++ b/lib/util/access.c
@@ -114,6 +114,62 @@ static bool string_match(const char *tok,const char *s)
&& strequal_m(tok, s + str_len - tok_len)) {
return true;
}
+ } else if (tok[0] == '@') { /* netgroup: look it up */
+#ifdef HAVE_NETGROUP
+ DATA_BLOB tmp;
+ char *mydomain = NULL;
+ char *hostname = NULL;
+ bool netgroup_ok = false;
+ char nis_domain_buf[256];
+
+ if (memcache_lookup(
+ NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("yp_default_domain"),
+ &tmp)) {
+
+ SMB_ASSERT(tmp.length > 0);
+ mydomain = (tmp.data[0] == '\0')
+ ? NULL : (char *)tmp.data;
+ } else {
+ if (getdomainname(nis_domain_buf,
+ sizeof(nis_domain_buf)) == 0) {
+ mydomain = &nis_domain_buf[0];
+ memcache_add(NULL,
+ SINGLETON_CACHE,
+ data_blob_string_const_null(
+ "yp_default_domain"),
+ data_blob_string_const_null(
+ mydomain));
+ } else {
+ mydomain = NULL;
+ }
+ }
+
+ if (!mydomain) {
+ DEBUG(0,("Unable to get default yp domain. "
+ "Try without it.\n"));
+ }
+ if (!(hostname = smb_xstrdup(s))) {
+ DEBUG(1,("out of memory for strdup!\n"));
+ return false;
+ }
+
+ netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
+
+ DBG_INFO("%s %s of domain %s in netgroup %s\n",
+ netgroup_ok ? "Found" : "Could not find",
+ hostname,
+ mydomain?mydomain:"(ANY)",
+ tok+1);
+
+ SAFE_FREE(hostname);
+
+ if (netgroup_ok)
+ return true;
+#else
+ DEBUG(0,("access: netgroup support is not configured\n"));
+ return false;
+#endif
} else if (strequal_m(tok, "ALL")) { /* all: match any */
return true;
} else if (strequal_m(tok, "FAIL")) { /* fail: match any */
diff --git a/lib/util/gpfswrap.c b/lib/util/gpfswrap.c
index 5cf6d2148e7..d05358e141e 100644
--- a/lib/util/gpfswrap.c
+++ b/lib/util/gpfswrap.c
@@ -23,7 +23,7 @@
static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny);
static int (*gpfs_set_lease_fn)(int fd, unsigned int type);
-static int (*gpfs_getacl_fn)(const char *pathname, int flags, void *acl);
+static int (*gpfs_fgetacl_fn)(int fd, int flags, void *acl);
static int (*gpfs_putacl_fn)(const char *pathname, int flags, void *acl);
static int (*gpfs_get_realfilename_path_fn)(const char *pathname,
char *filenamep,
@@ -33,8 +33,6 @@ static int (*gpfs_set_winattrs_path_fn)(const char *pathname,
struct gpfs_winattr *attrs);
static int (*gpfs_set_winattrs_fn)(int fd, int flags,
struct gpfs_winattr *attrs);
-static int (*gpfs_get_winattrs_path_fn)(const char *pathname,
- struct gpfs_winattr *attrs);
static int (*gpfs_get_winattrs_fn)(int fd, struct gpfs_winattr *attrs);
static int (*gpfs_ftruncate_fn)(int fd, gpfs_off64_t length);
static int (*gpfs_lib_init_fn)(int flags);
@@ -70,12 +68,11 @@ int gpfswrap_init(void)
gpfs_set_share_fn = dlsym(l, "gpfs_set_share");
gpfs_set_lease_fn = dlsym(l, "gpfs_set_lease");
- gpfs_getacl_fn = dlsym(l, "gpfs_getacl");
+ gpfs_fgetacl_fn = dlsym(l, "gpfs_getacl_fd");
gpfs_putacl_fn = dlsym(l, "gpfs_putacl");
gpfs_get_realfilename_path_fn = dlsym(l, "gpfs_get_realfilename_path");
gpfs_set_winattrs_path_fn = dlsym(l, "gpfs_set_winattrs_path");
gpfs_set_winattrs_fn = dlsym(l, "gpfs_set_winattrs");
- gpfs_get_winattrs_path_fn = dlsym(l, "gpfs_get_winattrs_path");
gpfs_get_winattrs_fn = dlsym(l, "gpfs_get_winattrs");
gpfs_ftruncate_fn = dlsym(l, "gpfs_ftruncate");
gpfs_lib_init_fn = dlsym(l, "gpfs_lib_init");
@@ -112,14 +109,14 @@ int gpfswrap_set_lease(int fd, unsigned int type)
return gpfs_set_lease_fn(fd, type);
}
-int gpfswrap_getacl(const char *pathname, int flags, void *acl)
+int gpfswrap_fgetacl(int fd, int flags, void *acl)
{
- if (gpfs_getacl_fn == NULL) {
+ if (gpfs_fgetacl_fn == NULL) {
errno = ENOSYS;
return -1;
}
- return gpfs_getacl_fn(pathname, flags, acl);
+ return gpfs_fgetacl_fn(fd, flags, acl);
}
int gpfswrap_putacl(const char *pathname, int flags, void *acl)
@@ -166,17 +163,6 @@ int gpfswrap_set_winattrs(int fd, int flags, struct gpfs_winattr *attrs)
return gpfs_set_winattrs_fn(fd, flags, attrs);
}
-int gpfswrap_get_winattrs_path(const char *pathname,
- struct gpfs_winattr *attrs)
-{
- if (gpfs_get_winattrs_path_fn == NULL) {
- errno = ENOSYS;
- return -1;
- }
-
- return gpfs_get_winattrs_path_fn(pathname, attrs);
-}
-
int gpfswrap_get_winattrs(int fd, struct gpfs_winattr *attrs)
{
if (gpfs_get_winattrs_fn == NULL) {
diff --git a/lib/util/gpfswrap.h b/lib/util/gpfswrap.h
index 764cf686d2e..1e74496c060 100644
--- a/lib/util/gpfswrap.h
+++ b/lib/util/gpfswrap.h
@@ -29,7 +29,7 @@
int gpfswrap_init(void);
int gpfswrap_set_share(int fd, unsigned int allow, unsigned int deny);
int gpfswrap_set_lease(int fd, unsigned int type);
-int gpfswrap_getacl(const char *pathname, int flags, void *acl);
+int gpfswrap_fgetacl(int fd, int flags, void *acl);
int gpfswrap_putacl(const char *pathname, int flags, void *acl);
int gpfswrap_get_realfilename_path(const char *pathname,
char *filenamep,
@@ -38,8 +38,6 @@ int gpfswrap_set_winattrs_path(const char *pathname,
int flags,
struct gpfs_winattr *attrs);
int gpfswrap_set_winattrs(int fd, int flags, struct gpfs_winattr *attrs);
-int gpfswrap_get_winattrs_path(const char *pathname,
- struct gpfs_winattr *attrs);
int gpfswrap_get_winattrs(int fd, struct gpfs_winattr *attrs);
int gpfswrap_ftruncate(int fd, gpfs_off64_t length);
int gpfswrap_lib_init(int flags);
diff --git a/selftest/knownfail b/selftest/knownfail
index 7e897dd026d..4c5d03147d2 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -194,6 +194,7 @@
^samba3.smb2.durable-open.delete_on_close2
^samba3.smb2.durable-v2-open.app-instance
^samba3.smb2.durable-open.reopen1a-lease\(ad_dc\)$
+^samba3.smb2.durable-open.stat-open\(ad_dc\)$
^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba4.smb2.ioctl.req_two_resume_keys\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index e1d301898d3..b260f26cbc0 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -750,6 +750,10 @@ sub provision_ad_member
path = $share_dir
valid users = \"+$dcvars->{DOMAIN}/domain users\"
+[valid_users_nis_group]
+ path = $share_dir
+ valid users = \"&$dcvars->{DOMAIN}/domain users\"
+
[valid_users_unix_nis_group]
path = $share_dir
valid users = \"+&$dcvars->{DOMAIN}/domain users\"
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index aa765c2a692..f40123e246a 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -129,46 +129,141 @@ static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char
}
/****************************************************************************
- Check if a user is in a user list
+ Check if a user is in a netgroup user list. If at first we don't succeed,
+ try lower case.
+****************************************************************************/
+
+bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
+{
+#ifdef HAVE_NETGROUP
+ char nis_domain_buf[256];
+ const char *nis_domain = NULL;
+ char *lowercase_user = NULL;
+
+ if (getdomainname(nis_domain_buf, sizeof(nis_domain_buf)) == 0) {
+ nis_domain = &nis_domain_buf[0];
+ } else {
+ DEBUG(5,("Unable to get default yp domain, "
+ "let's try without specifying it\n"));
+ nis_domain = NULL;
+ }
+
+ DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+ user, nis_domain ? nis_domain : "(ANY)", ngname));
+
+ if (innetgr(ngname, NULL, user, nis_domain)) {
+ DEBUG(5,("user_in_netgroup: Found\n"));
+ return true;
+ }
+
+ /*
+ * Ok, innetgr is case sensitive. Try once more with lowercase
+ * just in case. Attempt to fix #703. JRA.
+ */
+ lowercase_user = talloc_strdup(ctx, user);
+ if (!lowercase_user) {
+ return false;
+ }
+ if (!strlower_m(lowercase_user)) {
+ return false;
+ }
+
+ if (strcmp(user,lowercase_user) == 0) {
+ /* user name was already lower case! */
+ return false;
+ }
- We removed NIS support in 2021, but need to keep configs working.
+ DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+ lowercase_user, nis_domain ? nis_domain : "(ANY)", ngname));
- TOOD FIXME: Remove this funciton
+ if (innetgr(ngname, NULL, lowercase_user, nis_domain)) {
+ DEBUG(5,("user_in_netgroup: Found\n"));
+ return true;
+ }
+#endif /* HAVE_NETGROUP */
+ return false;
--
Samba Shared Repository
More information about the samba-cvs
mailing list