[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri May 19 01:24:02 UTC 2023
The branch, master has been updated
via f1a204d3154 gp: sshd policy correctly sort policy
via de009c194c1 tests: Replace iconv(1) UTF-16LE conversion with a python3 call
via ce31acf28d3 selftest: Report "unknown environment" if setup returns "UNKNOWN"
via e480868509e build:waf: Check value of GNU_TLS_* with detected env
via 25b2c07a9d7 build:wafsamba: Allow lib for CHECK_VALUEOF()
from 303d2109f63 s4:kdc: Check lifetime of correct ticket
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f1a204d315473f5d87363259004358e2c0c5f450
Author: David Mulder <dmulder at samba.org>
Date: Thu May 18 11:28:46 2023 +0200
gp: sshd policy correctly sort policy
The sshd_config man page says that key value
pairs 'the first obtained value will be used'.
So we need to sort policies from last to first.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 19 01:23:19 UTC 2023 on atb-devel-224
commit de009c194c148ab0d38b6b82e0b4e8c900a6627c
Author: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Date: Fri May 12 14:53:10 2023 +0900
tests: Replace iconv(1) UTF-16LE conversion with a python3 call
GNU libiconv and its iconv(1) do NOT define 'utf16le' as
an alias of 'UTF-16LE' encoding.
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ce31acf28d3c4474b21aa2d8a2b7acc3d751ad92
Author: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Date: Sat May 13 22:30:04 2023 +0900
selftest: Report "unknown environment" if setup returns "UNKNOWN"
Samba*::setup_*() may return the string "UNKNOWN".
```
$ ./configure --with-ads ...
...
$ make
...
$ make test
...
Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at /.../samba-4.18.2/selftest/target/Samba.pm line 131.
```
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e480868509ead997f954d939225bc0219397293a
Author: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Date: Tue May 9 16:54:16 2023 +0900
build:waf: Check value of GNU_TLS_* with detected env
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 25b2c07a9d7fd921dcae0b4e94d9f735d076f303
Author: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Date: Tue May 9 16:52:04 2023 +0900
build:wafsamba: Allow lib for CHECK_VALUEOF()
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_autoconf.py | 3 ++-
python/samba/gp/vgp_openssh_ext.py | 18 +++++++++++++-----
selftest/target/Samba.pm | 4 ++++
source3/script/tests/test_rpcclient_pw_nt_hash.sh | 2 +-
wscript_configure_system_gnutls | 4 ++--
5 files changed, 22 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 75d5f4acbcc..8541d003e2a 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -364,7 +364,7 @@ def CHECK_SIGN(conf, v, headers=None):
return False
@conf
-def CHECK_VALUEOF(conf, v, headers=None, define=None):
+def CHECK_VALUEOF(conf, v, headers=None, define=None, lib=None):
'''check the value of a variable/define'''
ret = True
v_define = define
@@ -376,6 +376,7 @@ def CHECK_VALUEOF(conf, v, headers=None, define=None):
execute=True,
define_ret=True,
quote=False,
+ lib=lib,
headers=headers,
local_include=False,
msg="Checking value of %s" % v):
diff --git a/python/samba/gp/vgp_openssh_ext.py b/python/samba/gp/vgp_openssh_ext.py
index be9139d5be8..bf865e78375 100644
--- a/python/samba/gp/vgp_openssh_ext.py
+++ b/python/samba/gp/vgp_openssh_ext.py
@@ -31,6 +31,16 @@ intro = b'''
'''
+# For each key value pair in sshd_config, the first obtained value will be
+# used. We must insert config files in reverse, so that the last applied policy
+# takes precedence.
+def select_next_conf(directory):
+ configs = [re.match(r'(\d+)', f) for f in os.listdir(directory)]
+ conf_ids = [int(m.group(1)) for m in configs if m]
+ conf_ids.append(9000000000) # The starting node
+ conf_id = min(conf_ids)-1
+ return os.path.join(directory, '%010d_gp.conf' % conf_id)
+
class vgp_openssh_ext(gp_xml_ext, gp_file_applier):
def __str__(self):
return 'VGP/Unix Settings/OpenSSH'
@@ -72,13 +82,11 @@ class vgp_openssh_ext(gp_xml_ext, gp_file_applier):
if not os.path.isdir(cfg_dir):
os.mkdir(cfg_dir, 0o640)
def applier_func(cfg_dir, raw):
- f = NamedTemporaryFile(prefix='gp_',
- delete=False,
- dir=cfg_dir)
+ filename = select_next_conf(cfg_dir)
+ f = open(filename, 'wb')
f.write(intro)
f.write(raw.getvalue())
- os.chmod(f.name, 0o640)
- filename = f.name
+ os.chmod(filename, 0o640)
f.close()
return [filename]
self.apply(gpo.name, attribute, value_hash, applier_func,
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 4f0f29df5cf..29a612aab8b 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -127,6 +127,10 @@ sub setup_env($$$)
warn("failed to start up environment '$envname'");
return undef;
}
+ if ($env eq "UNKNOWN") {
+ warn("unknown environment '$envname'");
+ return undef;
+ }
$target->{vars}->{$envname} = $env;
$target->{vars}->{$envname}->{target} = $target;
diff --git a/source3/script/tests/test_rpcclient_pw_nt_hash.sh b/source3/script/tests/test_rpcclient_pw_nt_hash.sh
index 24d81519c4c..c1e3660e578 100755
--- a/source3/script/tests/test_rpcclient_pw_nt_hash.sh
+++ b/source3/script/tests/test_rpcclient_pw_nt_hash.sh
@@ -15,7 +15,7 @@ PASSWORD="$2"
SERVER="$3"
RPCCLIENT="$4"
-HASH=$(echo -n $PASSWORD | iconv -t utf16le | $PYTHON -c 'import sys, binascii, samba, samba.crypto; sys.stdout.buffer.write(binascii.hexlify(samba.crypto.md4_hash_blob(sys.stdin.buffer.read(1000))))')
+HASH=$(echo -n $PASSWORD | $PYTHON -c 'import sys, binascii, samba, samba.crypto; sys.stdout.buffer.write(binascii.hexlify(samba.crypto.md4_hash_blob(sys.stdin.buffer.read(1000).decode().encode("UTF-16LE"))))')
RPCCLIENTCMD="$RPCCLIENT $SERVER --pw-nt-hash -U$USERNAME%$HASH -c queryuser"
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index 176585c4ce4..2461eb2ed78 100644
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -76,12 +76,12 @@ conf.CHECK_CODE(fragment,
msg='Checking for gnutls fips mode support')
del os.environ['GNUTLS_FORCE_FIPS_MODE']
-if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
+if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h', lib='gnutls'):
conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
else:
Logs.warn('No gnutls support for AES CFB8')
-if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'):
+if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h', lib='gnutls'):
conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
else:
Logs.warn('No gnutls support for AES CMAC')
--
Samba Shared Repository
More information about the samba-cvs
mailing list