[SCM] Samba Shared Repository - branch v4-19-stable updated
Jule Anger
janger at samba.org
Tue Aug 8 07:20:15 UTC 2023
The branch, v4-19-stable has been updated
via e7330e360e1 VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release.
via 19e9735c072 WHATSNEW: Add release notes for Samba 4.19.0rc2.
via 9a87e2061dc third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
via 1231268c219 s3/modules: Fix DFS links when widelinks = yes
via 368b3e6102b s3/modules: Add flag indicating if connected share is a dfs share
via ece48278912 sefltest: Add new regression test dfs with widelinks = yes
via d59392056e7 selftest: Add new dfs share (with widelinks enabled)
via e7f91e1d22b vfs_aio_pthread: fix segfault if samba-tool ntacl get
via 68db9b7390b dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
via bffe1f5720e dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
via 4cd7ead4e6b s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
via 4f1156f138d s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
via 2f1502a70d8 s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
via 9cb4754d0c4 s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
via 66605c7c765 dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
via 3493671ce74 dsdb: Use samdb_system_container_dn() in samldb.c
via 37094ba8e53 dsdb: Add new function samdb_system_container_dn()
via e5ea3562b39 Bug #9959: Don't search for CN=System
via b4f10979d86 For Bug #9959: local talloc frame for next commit
via 3bab56a7db6 VERSION: Bump version up to Samba 4.19.0rc2...
from 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 23 ++++++++-
selftest/target/Samba3.pm | 5 ++
source3/modules/vfs_aio_pthread.c | 3 +-
source3/modules/vfs_widelinks.c | 30 ++++++++++--
source3/passdb/pdb_samba_dsdb.c | 12 +++--
source3/script/tests/test_bug15435_widelink_dfs.sh | 28 +++++++++++
source3/selftest/tests.py | 10 ++++
source4/dsdb/common/util.c | 19 ++++++++
source4/dsdb/common/util_trusts.c | 21 ++-------
source4/dsdb/samdb/ldb_modules/operational.c | 22 +++++----
source4/dsdb/samdb/ldb_modules/samldb.c | 7 +--
source4/rpc_server/backupkey/dcesrv_backupkey.c | 54 +++++++++-------------
source4/rpc_server/lsa/lsa_init.c | 7 ++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++--
third_party/heimdal/kdc/pkinit.c | 4 +-
16 files changed, 168 insertions(+), 87 deletions(-)
create mode 100755 source3/script/tests/test_bug15435_widelink_dfs.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 285ff9b821a..3aded533ec5 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 44e7edc2263..59a6dcc41a9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.19. This is *not*
+This is the second release candidate of Samba 4.19. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -235,6 +235,27 @@ smb.conf changes
directory name cache size Removed
+CHANGES SINCE 4.19.0rc1
+=======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Noel Power <noel.power at suse.com>
+ * BUG 15435: regression DFS not working with widelinks = true.
+
+o Arvid Requate <requate at univention.de>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15443: Heimdal fails to build on 32-bit FreeBSD.
+
+o Jones Syue <jonessyue at qnap.com>
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+
+
KNOWN ISSUES
============
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b4c3c130e9a..39831afc599 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3034,6 +3034,11 @@ sub provision($$)
msdfs root = yes
msdfs shuffle referrals = yes
guest ok = yes
+[msdfs-share-wl]
+ path = $msdfs_shrdir
+ msdfs root = yes
+ wide links = yes
+ guest ok = yes
[msdfs-share2]
path = $msdfs_shrdir2
msdfs root = yes
diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c
index 428ae5f2a4c..0303ff04bc9 100644
--- a/source3/modules/vfs_aio_pthread.c
+++ b/source3/modules/vfs_aio_pthread.c
@@ -475,7 +475,8 @@ static int aio_pthread_openat_fn(vfs_handle_struct *handle,
aio_allow_open = false;
}
- if (fsp->conn->sconn->client->server_multi_channel_enabled) {
+ if (fsp->conn->sconn->client != NULL &&
+ fsp->conn->sconn->client->server_multi_channel_enabled) {
/*
* This module is not compatible with multi channel yet.
*/
diff --git a/source3/modules/vfs_widelinks.c b/source3/modules/vfs_widelinks.c
index 0045242ba81..29f2d4834f6 100644
--- a/source3/modules/vfs_widelinks.c
+++ b/source3/modules/vfs_widelinks.c
@@ -106,6 +106,7 @@
struct widelinks_config {
bool active;
+ bool is_dfs_share;
char *cwd;
};
@@ -134,7 +135,8 @@ static int widelinks_connect(struct vfs_handle_struct *handle,
DBG_ERR("vfs_widelinks module loaded with "
"widelinks = no\n");
}
-
+ config->is_dfs_share =
+ (lp_host_msdfs() && lp_msdfs_root(SNUM(handle->conn)));
SMB_VFS_HANDLE_SET_DATA(handle,
config,
NULL, /* free_fn */
@@ -346,7 +348,7 @@ static int widelinks_openat(vfs_handle_struct *handle,
{
struct vfs_open_how how = *_how;
struct widelinks_config *config = NULL;
-
+ int ret;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct widelinks_config,
@@ -363,11 +365,33 @@ static int widelinks_openat(vfs_handle_struct *handle,
how.flags = (how.flags & ~O_NOFOLLOW);
}
- return SMB_VFS_NEXT_OPENAT(handle,
+ ret = SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
smb_fname,
fsp,
&how);
+ if (config->is_dfs_share && ret == -1 && errno == ENOENT) {
+ struct smb_filename *full_fname = NULL;
+ int lstat_ret;
+
+ full_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ dirfsp,
+ smb_fname);
+ if (full_fname == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ lstat_ret = SMB_VFS_NEXT_LSTAT(handle,
+ full_fname);
+ if (lstat_ret != -1 &&
+ VALID_STAT(full_fname->st) &&
+ S_ISLNK(full_fname->st.st_ex_mode)) {
+ fsp->fsp_name->st = full_fname->st;
+ }
+ TALLOC_FREE(full_fname);
+ errno = ENOENT;
+ }
+ return ret;
}
static struct vfs_fn_pointers vfs_widelinks_fns = {
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 8ed5799ac89..dee40bf2175 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -3317,9 +3317,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
goto out;
}
- msg->dn = ldb_dn_copy(tmp_ctx, base_dn);
+ msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx);
+ if (msg->dn == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
- ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name);
+ ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
goto out;
@@ -3544,13 +3548,13 @@ static NTSTATUS pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods,
return NT_STATUS_OK;
}
- tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb));
+ tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (tdo_dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
- ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain);
+ ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain);
if (!ok) {
TALLOC_FREE(tmp_ctx);
status = NT_STATUS_NO_MEMORY;
diff --git a/source3/script/tests/test_bug15435_widelink_dfs.sh b/source3/script/tests/test_bug15435_widelink_dfs.sh
new file mode 100755
index 00000000000..e239cd0c274
--- /dev/null
+++ b/source3/script/tests/test_bug15435_widelink_dfs.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# regression test for dfs access with wide links enabled on dfs share
+
+if [ $# -lt 5 ]; then
+ cat <<EOF
+Usage: test_smbclient_basic.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD SMBCLIENT <smbclient arguments>
+EOF
+ exit 1
+fi
+
+SERVER="$1"
+SERVER_IP="$2"
+USERNAME="$3"
+PASSWORD="$4"
+smbclient="$5"
+CONFIGURATION="$6"
+shift 6
+ADDARGS="$@"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+. $incdir/common_test_fns.inc
+
+# TEST
+test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' "//$SERVER/msdfs-share-wl" -U$DOMAIN\\$USERNAME%$PASSWORD $ADDARGS -c 'cd msdfs-src1' || failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index a10969adbb4..e6d544d9f87 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1725,6 +1725,16 @@ if have_cluster_support:
"$SERVERCONFFILE",
"$SERVER_IP"])
+plantestsuite("samba3.blackbox.smbclient-bug15435",
+ "fileserver",
+ [os.path.join(samba3srcdir, "script/tests/test_bug15435_widelink_dfs.sh"),
+ "$SERVER",
+ "$SERVER_IP",
+ "$USERNAME",
+ "$PASSWORD",
+ smbclient3,
+ configuration])
+
plantestsuite(
"samba3.net_lookup_ldap",
"ad_dc:local",
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index fbc8ffe5ce5..5fa9f65e247 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1276,6 +1276,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *
return new_dn;
}
+struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
+{
+ struct ldb_dn *new_dn = NULL;
+ bool ok;
+
+ new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
+ if (new_dn == NULL) {
+ return NULL;
+ }
+
+ ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
+ if (!ok) {
+ TALLOC_FREE(new_dn);
+ return NULL;
+ }
+
+ return new_dn;
+}
+
struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn;
diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
index 0f4d5584192..fd1aa2be4d4 100644
--- a/source4/dsdb/common/util_trusts.c
+++ b/source4/dsdb/common/util_trusts.c
@@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (netbios != NULL) {
netbios_encoded = ldb_binary_encode_string(frame, netbios);
if (netbios_encoded == NULL) {
@@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
filter = talloc_asprintf(frame,
"(&"
"(objectClass=trustedDomain)"
@@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx,
*res = NULL;
- system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
+ system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
if (exclude != NULL) {
exclude_encoded = ldb_binary_encode_string(frame, exclude);
if (exclude_encoded == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 310f98693c0..8821765a703 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -1009,19 +1009,20 @@ static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx,
{
static const char * const attrs[] = { NULL };
int ret;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
struct ldb_result *res = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
+ bool psc_ok;
*pso_count = 0;
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
/* get the number of PSO children */
ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
@@ -1088,8 +1089,8 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
char *sid_filter = NULL;
- struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
+ bool psc_ok;
const char *attrs[] = {
"msDS-PasswordSettingsPrecedence",
"objectGUID",
@@ -1117,13 +1118,14 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
/* only PSOs located in the Password Settings Container are valid */
- domain_dn = ldb_get_default_basedn(ldb);
- psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
- "CN=Password Settings Container,CN=System,%s",
- ldb_dn_get_linearized(domain_dn));
+ psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
+ psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
+ if (psc_ok == false) {
+ return ldb_oom(ldb);
+ }
ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
LDB_SCOPE_ONELEVEL, attrs,
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 1b4921a6f2e..1edcba7223d 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -5402,14 +5402,9 @@ static int check_rename_constraints(struct ldb_message *msg,
/* Objects under CN=System */
- dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
+ dn1 = samdb_system_container_dn(ldb, ac);
if (dn1 == NULL) return ldb_oom(ldb);
- if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
- talloc_free(dn1);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
(ldb_dn_compare_base(dn1, newdn) != 0)) {
talloc_free(dn1);
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index b5df40d1e1f..7c4b9de1feb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -59,10 +59,10 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
const char *name,
const DATA_BLOB *lsa_secret)
{
+ TALLOC_CTX *frame = talloc_stackframe();
struct ldb_message *msg;
struct ldb_result *res;
- struct ldb_dn *domain_dn;
- struct ldb_dn *system_dn;
+ struct ldb_dn *system_dn = NULL;
struct ldb_val val;
int ret;
char *name2;
@@ -72,13 +72,9 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
NULL
};
- domain_dn = ldb_get_default_basedn(ldb);
- if (!domain_dn) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- msg = ldb_msg_new(mem_ctx);
+ msg = ldb_msg_new(frame);
if (msg == NULL) {
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -92,15 +88,15 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* * taillor the function to the particular needs of backup protocol
*/
- system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
+ system_dn = samdb_system_container_dn(ldb, frame);
if (system_dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
name2 = talloc_asprintf(msg, "%s Secret", name);
if (name2 == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -110,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS || res->count != 0 ) {
DEBUG(2, ("Secret %s already exists !\n", name2));
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
@@ -119,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* here only if the key didn't exists before
*/
- msg->dn = ldb_dn_copy(mem_ctx, system_dn);
+ msg->dn = ldb_dn_copy(frame, system_dn);
if (msg->dn == NULL) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "cn", name2);
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "objectClass", "secret");
if (ret != LDB_SUCCESS) {
- talloc_free(msg);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
--
Samba Shared Repository
More information about the samba-cvs
mailing list