[SCM] Samba Shared Repository - branch v4-19-test updated
Jule Anger
janger at samba.org
Wed Jul 3 09:57:02 UTC 2024
The branch, v4-19-test has been updated
via 2cf809bb1f3 third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
via 86034d86d98 tests/krb5: Add tests for errors produced when logging in with unusable accounts
via 7cc2b7b0288 tests/krb5: Allow creation of disabled accounts for testing
via 2102b619cf6 python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
via 9c64cd3f2e0 tests/krb5: Fix PK-INIT test framework to allow expired password keys
via e65a4281c13 dsdb: Reduce minimum maxPwdAge from 1 day to nil
via a35edbb5302 tests/krb5: Use __slots__ to indicate which attributes are used by classes
via fc8beb134d2 tests/krb5: Add method to perform an armored AS‐REQ
via bb5414a6088 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
via b3519d06b63 auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
via 20fcb8f8bce auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
via b79e3492f80 testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
via bfe5ad43a57 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
via 28fbc8ff19b ctdb/docs: Include ceph rados namespace support in man page
via 0597a2a62ac ctdb/ceph: Add optional namespace support for mutex helper
via ac5efd0302f vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send
via 1af40f29c7e s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
via f525d2fef3d script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision
via 80655e22136 build: Add --vendor-name --vendor-patch-revision options to ./configure
via 7ccbbb4baf1 s4:nbt_server: simulate nmbd and provide unexpected handling
via 9a9dc998926 s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
via a308204aa1b s4:libcli/dgram: make use of socket_address_copy()
via 1d766f29245 s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages
via e2cec0d2800 libcli/nbt: add nbt_name_send_raw()
via 12a6060eed0 s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
via 8b39131deb4 s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}()
via 8c06b437064 s3:libsmb/unexpected: don't use talloc_tos() in async code
via 5de4ae88ced s3:wscript: LIBNMB requires lp_ functions
via 39789dce2dd s3:include: split out fstring.h
via 7e076141857 s3:include: let nameserv.h be useable on its own
via dfa0b1adb87 s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
via 6c86b519936 selftest: Add a python blackbox test for some misc (widelink) DFS tests
via fd58608723f s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
via c29dc6e79b0 s4:dns_server: correctly sign dns update responses with gss-tsig like Windows
via 6d3d87babdc s4:dns_server: dns_verify_tsig should return REFUSED on error
via c7188e17464 s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section
via 288744a74b5 s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
via 7a457c6813d s4:dns_server: use the client provided algorithm for the fake TSIG structure
via cbf10a68e1c s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
via 234503e2375 s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
via 662c4675666 s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED
via 4a7d14efe47 python:tests/dns_tkey: add test_update_tsig_record_access_denied()
via d5c6276f534 s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey
via e50968ed096 python:tests/dns_base: add get_unpriv_creds() helper
via 0ee7660ffe5 python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022
via 4d4b39c102d python:tests/dns_base: let verify_packet() work against Windows
via 4bc0619b1e2 python:tests/dns_tkey: test bad and changing tsig algorithms
via eb18b228d1b python:tests/dns_tkey: add gss.microsoft.com tsig updates
via f984b281c5f python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}()
via e120078e2c3 python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms
via 16c21888ea4 python:tests/dns_base: maintain a dict with tkey related state
via 2741574e32f python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True
via 48be174b021 python:tests/dns_base: pass tkey_trans(expected_rcode)
via a086e96f269 python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
via b1222378a29 python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument
via fdac589752e python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
via 606b7034f5d python:tests/dns_base: add self.assert_echoed_dns_error()
via 313ca15a845 python:tests/dns_base: let dns_transaction_tcp() handle short receives
via 1800543b0ad python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet()
via 1c807412b88 python:tests/dns_base: generate a real signature in bad_sign_packet()
from fecc211af0e BUG 15569 ldb: add missing ABI/pyldb-util-2.8.1.sigs
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit 2cf809bb1f3a6311d8f5e3ba745091e36ca9a943
Author: Jo Sutton <josutton at catalyst.net.nz>
Date: Wed Jun 12 14:42:38 2024 +1200
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
This lets us match the Windows FAST reply when the password is expired.
Windows clients were upset by the NTSTATUS field in the edata,
apparently interpreting it to mean “insufficient resource”.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(backported from commit fe90576871b5d644b9e888fd7a0b0351feaba750)
[jsutton at samba.org Fixed conflicts in knownfails and
third_party/heimdal/kdc/fast.c]
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Wed Jul 3 09:56:13 UTC 2024 on atb-devel-224
commit 86034d86d98489bdde6777e1632b9deeddd3e414
Author: Jo Sutton <josutton at catalyst.net.nz>
Date: Thu Jun 27 12:29:52 2024 +1200
tests/krb5: Add tests for errors produced when logging in with unusable accounts
Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes
when it shouldn’t in the FAST case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(backported from commit c5ee0b60b20011aeaa60c2f549c2a78269c97c8f)
[jsutton at samba.org Fixed conflicts in selftest/knownfail_heimdal_kdc]
commit 7cc2b7b0288684f0d5444293ecc2562cc94c407f
Author: Jo Sutton <josutton at catalyst.net.nz>
Date: Tue Jun 25 12:51:48 2024 +1200
tests/krb5: Allow creation of disabled accounts for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(backported from commit 6dc6168719cf232ac2c1d747f10aad9b13300c02)
[jsutton at samba.org Fixed conflicting import statements in
python/samba/tests/krb5/kdc_base_test.py]
[jsutton at samba.org Fixed conflicting import statements in
python/samba/tests/krb5/kdc_base_test.py]
commit 2102b619cf68ddcd3d9b3c4e4d6a3381966d4894
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 19 14:37:24 2024 +1300
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(backported from commit b2fe1ea1c6aba116b31a1c803b4e0d36ac1a32ee)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
[jsutton at samba.org Fixed conflicting import statements in
python/samba/tests/krb5/pkinit_tests.py]
[jsutton at samba.org Fixed conflicting import statements in
python/samba/tests/krb5/kdc_base_test.py]
commit 9c64cd3f2e02f88ebd16c6785e0d1fa34926aebb
Author: Jo Sutton <josutton at catalyst.net.nz>
Date: Fri Mar 22 12:58:19 2024 +1300
tests/krb5: Fix PK-INIT test framework to allow expired password keys
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7cc8f455191faacf32efc474c27e99d45ef2e024)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
commit e65a4281c139b7d07560aad8963653b1eb6c70ea
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 17 14:19:31 2024 +1200
dsdb: Reduce minimum maxPwdAge from 1 day to nil
This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 3669479f22f2109a64250ffabd1f6453882d29f1)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
commit a35edbb5302fd83ec24eb731d3078e7a3d064ce8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 30 14:05:17 2023 +1300
tests/krb5: Use __slots__ to indicate which attributes are used by classes
These should help to catch mistaken attempts to set invalid attributes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2b69e1e7c316e634090aad1d97ecadf8cdf529f3)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
commit fc8beb134d247667d9c94900fed3761cd08b796d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 29 13:13:01 2023 +1300
tests/krb5: Add method to perform an armored AS‐REQ
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 849ee959845832b206ae315ab5911c623ea61148)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
commit bb5414a60880a923100584d6c34da23e9b52cfc5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 20:28:25 2024 +0200
auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
We only turn desired into off in the NT4 domain member case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
(cherry picked from commit 5b40cdf6e8885c9db6c5ffa972112f3516e4130a)
commit b3519d06b639118192aeeefec30dc972ed16b08b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:02:05 2024 +0200
auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit eeb60574b6bf1a5209b85a8af843b93300550ba7)
commit 20fcb8f8bced6d8cad7dd371d212a5b29eb88866
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 18:53:48 2024 +0200
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit c715ac5e496ddde119212d3b880ff0e68c2da67b)
commit b79e3492f809af3b50b57f3e85089fed2c8c4ae9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:34:30 2024 +0200
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
This shows that they are ignored for machine accounts as domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit db2c576f329675e8d66e19c336fe04ccba918b4a)
commit bfe5ad43a57101ff0cbd7a5a38bb885fffe0be9b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:11:09 2024 +0200
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit cda8beea45303a77080c64bb2391d22c59672deb)
commit 28fbc8ff19b7068d0e1f8d74aadb1bf8fd9bb5d5
Author: Günther Deschner <gd at samba.org>
Date: Fri Jun 7 14:40:07 2024 +0530
ctdb/docs: Include ceph rados namespace support in man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15665
Document the new optional argument to specify the namespace to be
associated with RADOS objects in a pool.
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Jun 14 07:42:25 UTC 2024 on atb-devel-224
(cherry picked from commit 35f6c3f3d4a5521e6576fcc0dd7dd3bbcea041b2)
commit 0597a2a62ac566a39c7a55334ded0b8b2a4ba433
Author: Günther Deschner <gd at samba.org>
Date: Fri Jun 7 14:39:37 2024 +0530
ctdb/ceph: Add optional namespace support for mutex helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15665
RADOS objects within a pool can be associated to a namespace for
logical separation. librados already provides an API to configure
such a namespace with respect to a context. Make use of it as an
optional argument to the helper binary.
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
(cherry picked from commit d8c52995f68fe088dd2174562faee69ed1c95edd)
commit ac5efd0302fa95de7a2be3498ebb266b2df36f63
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 17 10:41:53 2024 +0200
vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send
If a client for whatever reason calls FSCTL_SRV_COPYCHUNK[_WRITE] without
FSCTL_SRV_REQUEST_RESUME_KEY, we call vfswrap_offload_write_send
before vfswrap_offload_read_send.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jun 17 18:02:27 UTC 2024 on atb-devel-224
(cherry picked from commit 462b74da79c51f9ba6dbd24e603aa904485d5123)
commit 1af40f29c7e57999dca64e94747927a949e85ac5
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 17 11:18:07 2024 +0200
s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
(cherry picked from commit 372476aeb003e9c608cd2c0a78a9c577b57ba8f4)
commit f525d2fef3d755269db3800627704a5b03b244c0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 30 21:13:01 2024 +1200
script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
RN: We have added new options --vendor-name and --vendor-patch-revision arguments
to ./configure to allow distributions and packagers to put their name in the Samba
version string so that when debugging Samba the source of the binary is obvious.
[abartlet at samba.org adapted to 4.20 still having the seperate LDB build system
from commit 72112d4814eb3872016c1168c477531be835a1f9]
commit 80655e221365799e37f70eef55fd92fd3ddcfde4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 30 10:50:12 2024 +1200
build: Add --vendor-name --vendor-patch-revision options to ./configure
These options are for packagers and vendors to set so that when
Samba developers are debugging an issue, we know exactly which
package is in use, and so have an idea if any patches have been
applied.
This is included in the string that a Samba backtrace gives,
as part of the PANIC message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
REF: https://lists.samba.org/archive/samba-technical/2024-May/138992.html
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 651fb94c374c7f84405d960a9e0a0fd7fcb285dd)
commit 7ccbbb4baf1380ead6d7cb2d66694cccba7d5d85
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 12:34:48 2024 +0100
s4:nbt_server: simulate nmbd and provide unexpected handling
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.
This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 796f33c05a0ca337b675b5d4d127f7c53b22528f)
commit 9a9dc9989266ae2b6d40295376b1fa72e9bde3ba
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 13:49:21 2024 +0100
s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bfb10774b65af65f9c438a5d3e87529b1fcf46a1)
commit a308204aa1b431466b1fd12e6a69e411fea82f19
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 17:47:45 2024 +0100
s4:libcli/dgram: make use of socket_address_copy()
This avoids talloc_reference...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 77f4f1c7dbaa2bb04d59d908923f6d11fd514da2)
commit 1d766f29245f668f9b22f4b8376f3ea43ff36ede
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 16:42:16 2024 +0100
s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 11861bcfc3054894bc445e631ae03befb4865db8)
commit e2cec0d2800caf9ef9a4509063200371ba62388c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 17:47:13 2024 +0100
libcli/nbt: add nbt_name_send_raw()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cca373b806e01fc57bd5316d3f8a17578b4b6531)
commit 12a6060eed043fe5423bb14fbe9ffa76b69d8ceb
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 17:29:46 2024 +0100
s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
In 2024 we always want an active directory response...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2b66663c75cdb3bc1b6bc5b1736dd9d35b094b42)
commit 8b39131deb4b70382f968ee6bae32e604f716675
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 11:38:19 2024 +0100
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}()
This will allow source4/nbt_server to make use of
nb_packet_server_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 696505a1efbcc9803a287d8c267fed9d04bf8885)
commit 8c06b437064a5880202a46e137b71a57d329fc51
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 13:49:43 2024 +0100
s3:libsmb/unexpected: don't use talloc_tos() in async code
It's not needed and it requires the caller to setup a
stackframe...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f90cf0822d6e66426d72f92bd585119066e2a9c3)
commit 5de4ae88cedcbe584961ac575ebeddb75342286c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 16:37:34 2024 +0100
s3:wscript: LIBNMB requires lp_ functions
We need to make this explicit in order to let LIBNMB be used
in source4 code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 011f68ae5ddc3fae8b453744aeb95766d885915e)
commit 39789dce2dd7125c73fa45478eb21652d3e18fe3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 16:53:29 2024 +0100
s3:include: split out fstring.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 105247c90007474947e2314b63be72fb21f09811)
commit 7e076141857f77e376bfff9261df3779fe808f14
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 14:15:47 2024 +0100
s3:include: let nameserv.h be useable on its own
A lot of stuff is private to nmbd and can
be moved from nameserv.h.
This allows move required types from smb.h to
nameserv.h, so that this can be standalone.
Including it from smb.h is not a huge problem
as nmbd internals are gone from nameserv.h.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7f96c21029e3b94d38bd871c79cabf872ad77fae)
commit dfa0b1adb872f9c34b6fb1f4f84a06f5dd6802bc
Author: Noel Power <noel.power at suse.com>
Date: Fri Jun 7 19:35:47 2024 +0100
s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
This patch also removes known fail for existing test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 11 19:31:40 UTC 2024 on atb-devel-224
(cherry picked from commit 788ef8f07c75d5e6eca5b8f18d93d96f31574267)
[noel.power at suse.com backported to Samba 4.19 changed test of errno
after return from widelink_openat to ENOENT because ELOOP isn't set
for msdfs links in 4.19, ENOENT is set instead. Also minor change
to use 4.19 create_open_symlink_err fn instead of read_symlink_reparse]
commit 6c86b5199366ab3b6b3e2f38937e0a79a34c2d84
Author: Noel Power <noel.power at suse.com>
Date: Tue Jun 11 11:19:50 2024 +0100
selftest: Add a python blackbox test for some misc (widelink) DFS tests
On master attempting to chdir into a nested dfs link
e.g. cd dfslink (works)
cd dfslink/another_dfslink (fails)
[1] Add a test for this scenario (nested chdir)
[2] Add test for enumerating a dfs link in root of dfs share
[3] Add a test to check case insensitive chdir into dfs link on widelink
enabled share
Add knownfails for tests 1 and 3
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
(cherry picked from commit 7f1de90f72d6e8287aec6ab1d9f7776b7df624e5)
[noel.power at suse.com backported to Samba 4.19 changed knownfails because
test_ci_chdir doen't fail in 4.19 but test_enumerate_dfs_link does]
commit fd58608723f9f76dc3d80d16d88d865aba916e59
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu May 30 14:52:22 2024 +0200
s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
If the client does not have permissions to update the record,
but the record already has the data the update tries to apply,
it's a no-op that should result in success instead of failing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 6 03:18:16 UTC 2024 on atb-devel-224
(cherry picked from commit ed61c57e02309b738e73fb12877a0a565b627724)
commit c29dc6e79b031c6e807d64b04f2061a558b80ef1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu May 30 14:39:28 2024 +0200
s4:dns_server: correctly sign dns update responses with gss-tsig like Windows
This means we no longer generate strange errors/warnings
in the Windows event log nor in the nsupdate -g output.
Note: this is a only difference between gss-tsig and
the legacy gss.microsoft.com algorithms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 76fec2668e73b9d15447abee551d5c04148aaf27)
commit 6d3d87babdc8bfa72ee30f7b102155b49ba24748
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu May 30 14:42:53 2024 +0200
s4:dns_server: dns_verify_tsig should return REFUSED on error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit db350bc573b378fb0615bdd8592cc9c62f6db146)
commit c7188e1746422ea97c316a130c61962e9b187e7b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu May 30 14:41:21 2024 +0200
s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5906ed94f2c5c68e83c63e7c201534eeb323cfe7)
commit 288744a74b5bbc99c40c6a66eda58efde6545d7d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:38:24 2024 +0200
s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ae7538af04435658d2ba6dcab109beecb6c5f13e)
commit 7a457c6813d35c6a5c21df474b32bd9b24bb94d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:38:24 2024 +0200
s4:dns_server: use the client provided algorithm for the fake TSIG structure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bd0235cd515d5602ed9501bfc810a2487364ea10)
commit cbf10a68e1c1b67cab3d5862461075d28ae176bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:38:24 2024 +0200
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3467d1491490830d61d16cb6278051daf48466fc)
commit 234503e23759a8984bac63826e0104788473bbdb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:38:24 2024 +0200
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fa0f23e69eaf4f475bc9dc9aa0e23c7bd5208250)
commit 662c467566638ed6b4ac56beaa71bcd396c82501
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:36:40 2024 +0200
s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a56627b0d125ef7b456bebe307087f324f1f0422)
commit 4a7d14efe475459f7ff1b84d1bdaab2baff5e104
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 11:40:51 2024 +0200
python:tests/dns_tkey: add test_update_tsig_record_access_denied()
This demonstrates that access_denied is only generated if the client
really generates a change in the database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 708a6fae6978e1462e1a53f4ee08f11b51a5637a)
commit d5c6276f5342a1b4d7f004157b45f2f81335805f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 11:39:56 2024 +0200
s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 753428a3b6c488c4aacea04d2ddb9ea73244695a)
commit e50968ed096920a7794993db968ef9dfa7db11ae
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 11:39:56 2024 +0200
python:tests/dns_base: add get_unpriv_creds() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 88457da00d4110b419f7a7ccabcd542fa77e463f)
commit 0ee7660ffe56a6da590bf655b00948fb8bdc4db3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:17:54 2024 +0200
python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 848318338b2972f331e067bf1c8d6c7dac0748c8)
commit 4d4b39c102d3f4114343559644d3fd589ce0c69e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:17:54 2024 +0200
python:tests/dns_base: let verify_packet() work against Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8324d0739dfdd0a081c403e298a9038ee7df681f)
commit 4bc0619b1e2a529881691e28b8efabe0e56abd21
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 17:26:39 2024 +0200
python:tests/dns_tkey: test bad and changing tsig algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit de4ed363d378f2065a4634f94af80ea0e3965c96)
commit eb18b228d1b2994c205592963b30c6a55ab6538c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 17:18:34 2024 +0200
python:tests/dns_tkey: add gss.microsoft.com tsig updates
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b9b03ca503c43c7ee06df6c331839bd47f9eac8c)
commit f984b281c5fbe06328cc758a870baed175b46796
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 14:15:45 2024 +0200
python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}()
Also test using the additional record in the answers section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3c7cb85eaf8371be55a371601cc354440dab7a94)
commit e120078e2c3bea0435f8435e7b00ec8e31a0fbb6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 16:41:12 2024 +0200
python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 740bda87a80b97816d892e8f7aae28759f6916ec)
commit 16c21888ea4c2d5d9d77374cb05efdad622a984f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 14:10:52 2024 +0200
python:tests/dns_base: maintain a dict with tkey related state
This will allow tests to backup the whole state
and mix them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b0af60e7850e656ef98edeac657c66b853080dab)
commit 2741574e32f839eec1f3fdb582817492050ae055
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 14:14:11 2024 +0200
python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1b1e7e06cf6ebd283de73c351267d53b42663d2f)
commit 48be174b0216adc1de4aaa1a29ed7210189c1223
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 16:07:53 2024 +0200
python:tests/dns_base: pass tkey_trans(expected_rcode)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 27d92fa808c6617353c36fdb230504e880f4925b)
commit a086e96f2692a313b97ce37c781ea97ff5c15d84
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 14:08:13 2024 +0200
python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
It's possible to put the additional into the answers section,
so we should be able to test that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cd747307d845f3cff723a7916aeeb31458f19202)
commit b1222378a29974109c2b20623770b93a93a8e726
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:17:54 2024 +0200
python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f8dfa9b33bdedffbe2e3b6e229ffae4beb3c712e)
commit fdac589752ef86cca11b6569ae5a30978d5fda7e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:35:58 2024 +0200
python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
Failed DNS updates just echo the request flaged as response,
all other elements are unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6e997f93d53ac45af79aec030bad73f51bdc5629)
commit 606b7034f5d5ee45285e50534184c654245c8ad0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:35:58 2024 +0200
python:tests/dns_base: add self.assert_echoed_dns_error()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ce591464cb12ab00a5d5752a7cea5f909c3c3f1b)
commit 313ca15a84576f8b877d2673bba9560bb068a058
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 31 08:07:24 2024 +0200
python:tests/dns_base: let dns_transaction_tcp() handle short receives
With socket_wrapper we only get 1500 byte chunks...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c741d0f3969abe821e8ee2a10f848159eb2749fe)
commit 1800543b0adc9027c6d6420c08344334ad0fefa5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:16:40 2024 +0200
python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c594cbad4af97031bb7b5b0eb2fb228b00acf646)
commit 1c807412b88e5c2a125f4860ece0488a3d9f7c1e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed May 29 13:11:24 2024 +0200
python:tests/dns_base: generate a real signature in bad_sign_packet()
We just destroy the signature bytes but keep the header unchanged.
This makes it easier to look at it in wireshark.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ae23d512a724650ae2de1178ac43deff8266aa56)
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 5 +
auth/credentials/credentials.h | 1 +
auth/credentials/credentials_secrets.c | 31 +-
auth/credentials/tests/test_creds.c | 37 +-
buildtools/wafsamba/samba_version.py | 5 +
ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml | 4 +-
ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c | 50 ++-
libcli/nbt/libnbt.h | 3 +
libcli/nbt/nbtsocket.c | 44 +++
python/samba/tests/blackbox/misc_dfs_widelink.py | 86 +++++
python/samba/tests/dns_base.py | 213 ++++++++----
python/samba/tests/dns_tkey.py | 325 ++++++++++++++++--
python/samba/tests/join.py | 2 +-
python/samba/tests/krb5/kdc_base_test.py | 28 +-
python/samba/tests/krb5/kdc_tgs_tests.py | 117 +++++++
python/samba/tests/krb5/lockout_tests.py | 210 ++++++++++-
python/samba/tests/krb5/pkinit_tests.py | 15 +-
python/samba/tests/krb5/raw_testcase.py | 57 ++-
python/samba/tests/krb5/rfc4120_constants.py | 1 +
script/autobuild.py | 3 +-
selftest/knownfail_mit_kdc | 5 +
selftest/target/Samba4.pm | 2 +
lib/util/unix_match.h => source3/include/fstring.h | 14 +-
source3/include/includes.h | 5 +-
source3/include/nameserv.h | 380 ++------------------
source3/include/smb.h | 26 +-
source3/libsmb/clidgram.c | 6 +-
source3/libsmb/dsgetdcname.c | 5 +
source3/libsmb/namequery.c | 7 +-
source3/libsmb/nmblib.c | 6 +
source3/libsmb/nmblib.h | 2 +
source3/libsmb/unexpected.c | 18 +-
source3/libsmb/unexpected.h | 2 +
source3/modules/vfs_default.c | 6 +
source3/nmbd/nmbd.h | 382 +++++++++++++++++++++
source3/nmbd/nmbd_packets.c | 1 +
source3/smbd/files.c | 18 +
source3/wscript_build | 1 +
source4/dns_server/dns_crypto.c | 49 ++-
source4/dns_server/dns_query.c | 27 +-
source4/dns_server/dns_update.c | 11 +
source4/dns_server/dnsserver_common.c | 2 +
source4/dsdb/samdb/ldb_modules/operational.c | 4 +-
source4/libcli/dgram/dgramsocket.c | 40 ++-
source4/libcli/dgram/libdgram.h | 3 +
source4/nbt_server/dgram/request.c | 56 ++-
source4/nbt_server/interfaces.c | 29 ++
source4/nbt_server/nbt_server.c | 143 ++++++++
source4/nbt_server/nbt_server.h | 2 +
source4/nbt_server/wscript_build | 2 +-
source4/selftest/tests.py | 14 +-
source4/torture/smb2/ioctl.c | 64 ++++
testprogs/blackbox/test_ldap_token.sh | 115 +++++++
testprogs/blackbox/test_trust_token.sh | 5 +-
third_party/heimdal/kdc/fast.c | 13 +-
wscript | 20 ++
56 files changed, 2160 insertions(+), 562 deletions(-)
create mode 100644 python/samba/tests/blackbox/misc_dfs_widelink.py
copy lib/util/unix_match.h => source3/include/fstring.h (76%)
create mode 100755 testprogs/blackbox/test_ldap_token.sh
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 7a00279b8b4..30ebef8f4dc 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -146,6 +146,11 @@ _PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct
return creds->kerberos_state;
}
+_PUBLIC_ enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds)
+{
+ return creds->kerberos_state_obtained;
+}
+
_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *creds)
{
return creds->forced_sasl_mech;
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index c5ffe536e07..d3979495901 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -267,6 +267,7 @@ const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cr
const char *cli_credentials_get_self_service(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds);
const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 8469d6e116f..906f3ff1a21 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -370,13 +370,17 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
- enum credentials_use_kerberos use_kerberos =
- CRED_USE_KERBEROS_DISABLED;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
+ enum credentials_use_kerberos use_kerberos =
+ cli_credentials_get_kerberos_state(cred);
+ enum credentials_obtained use_kerberos_obtained =
+ cli_credentials_get_kerberos_state_obtained(cred);
+ bool is_ad = false;
+
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
switch (server_role) {
@@ -388,13 +392,28 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
FALL_THROUGH;
case ROLE_ACTIVE_DIRECTORY_DC:
case ROLE_IPA_DC:
- use_kerberos = CRED_USE_KERBEROS_DESIRED;
+ is_ad = true;
break;
}
+
+ if (use_kerberos != CRED_USE_KERBEROS_DESIRED || is_ad) {
+ /*
+ * Keep an explicit selection
+ *
+ * For AD domains we also keep
+ * CRED_USE_KERBEROS_DESIRED
+ */
+ } else if (use_kerberos_obtained <= CRED_SMB_CONF) {
+ /*
+ * Disable kerberos by default within
+ * an NT4 domain.
+ */
+ cli_credentials_set_kerberos_state(cred,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SMB_CONF);
+ }
}
- cli_credentials_set_kerberos_state(cred,
- use_kerberos,
- CRED_SPECIFIED);
+
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index 2cb2e6d0e34..e79f08982ad 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -227,6 +227,8 @@ static void torture_creds_krb5_state(void **state)
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
struct loadparm_context *lp_ctx = NULL;
+ enum credentials_obtained kerberos_state_obtained;
+ enum credentials_use_kerberos kerberos_state;
bool ok;
lp_ctx = loadparm_init_global(true);
@@ -234,18 +236,27 @@ static void torture_creds_krb5_state(void **state)
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
- assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_UNINITIALISED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_set_conf(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_guess(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
assert_non_null(creds->ccache);
@@ -253,15 +264,21 @@ static void torture_creds_krb5_state(void **state)
CRED_USE_KERBEROS_REQUIRED,
CRED_SPECIFIED);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
ok = cli_credentials_set_kerberos_state(creds,
CRED_USE_KERBEROS_DISABLED,
CRED_SMB_CONF);
assert_false(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
}
diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py
index 31103e0f8c4..576168f5723 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -253,6 +253,11 @@ def samba_version_file(version_file, path, env=None, is_install=True):
print("Failed to parse line %s from %s" % (line, version_file))
raise
+ if "SAMBA_VERSION_VENDOR_SUFFIX" in env:
+ version_dict["SAMBA_VERSION_VENDOR_SUFFIX"] = env.SAMBA_VERSION_VENDOR_SUFFIX
+ if "SAMBA_VERSION_VENDOR_PATCH" in env:
+ version_dict["SAMBA_VERSION_VENDOR_PATCH"] = str(env.SAMBA_VERSION_VENDOR_PATCH)
+
return SambaVersion(version_dict, path, env=env, is_install=is_install)
diff --git a/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml b/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
index dd3dbabdd50..b6ad452a9ec 100644
--- a/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
+++ b/ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
@@ -29,12 +29,14 @@
<manvolnum>5</manvolnum></citerefentry>:
</para>
<screen format="linespecific">
-cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object]
+cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object] [Timeout] [-n Namespace]
Cluster: Ceph cluster name (e.g. ceph)
User: Ceph cluster user name (e.g. client.admin)
Pool: Ceph RADOS pool name
Object: Ceph RADOS object name
+Timeout: Ceph RADOS lock duration in seconds (optional)
+Namespace: Ceph RADOS pool namespace (optional)
</screen>
<para>
The Ceph cluster <parameter>Cluster</parameter> must be up and running,
diff --git a/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c b/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
index 7d868a38b23..46566c97a83 100644
--- a/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
+++ b/ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
@@ -42,9 +42,18 @@
static char *progname = NULL;
+static void usage(void)
+{
+ fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
+ "<RADOS pool> <RADOS object> "
+ "[lock duration secs] [-n RADOS namespace]\n",
+ progname);
+}
+
static int ctdb_mutex_rados_ctx_create(const char *ceph_cluster_name,
const char *ceph_auth_name,
const char *pool_name,
+ const char *namespace,
rados_t *_ceph_cluster,
rados_ioctx_t *_ioctx)
{
@@ -87,6 +96,10 @@ static int ctdb_mutex_rados_ctx_create(const char *ceph_cluster_name,
return ret;
}
+ if (namespace != NULL) {
+ rados_ioctx_set_namespace(ioctx, namespace);
+ }
+
*_ceph_cluster = ceph_cluster;
*_ioctx = ioctx;
@@ -145,6 +158,7 @@ struct ctdb_mutex_rados_state {
const char *ceph_cluster_name;
const char *ceph_auth_name;
const char *pool_name;
+ const char *namespace;
const char *object;
uint64_t lock_duration_s;
int ppid;
@@ -295,15 +309,13 @@ static int ctdb_mutex_rados_mgr_reg(rados_t ceph_cluster)
int main(int argc, char *argv[])
{
int ret;
+ int opt;
struct ctdb_mutex_rados_state *cmr_state;
progname = argv[0];
- if ((argc != 5) && (argc != 6)) {
- fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
- "<RADOS pool> <RADOS object> "
- "[lock duration secs]\n",
- progname);
+ if (argc < 5) {
+ usage();
ret = -EINVAL;
goto err_out;
}
@@ -325,15 +337,36 @@ int main(int argc, char *argv[])
cmr_state->ceph_auth_name = argv[2];
cmr_state->pool_name = argv[3];
cmr_state->object = argv[4];
- if (argc == 6) {
+
+ optind = 5;
+ while ((opt = getopt(argc, argv, "n:")) != -1) {
+ switch(opt) {
+ case 'n':
+ cmr_state->namespace = optarg;
+ break;
+ default:
+ usage();
+ ret = -EINVAL;
+ goto err_ctx_cleanup;
+ }
+ }
+
+ if (argv[optind] != NULL) {
/* optional lock duration provided */
char *endptr = NULL;
- cmr_state->lock_duration_s = strtoull(argv[5], &endptr, 0);
- if ((endptr == argv[5]) || (*endptr != '\0')) {
+ cmr_state->lock_duration_s = strtoull(argv[optind], &endptr, 0);
+ if ((endptr == argv[optind]) || (*endptr != '\0')) {
fprintf(stdout, CTDB_MUTEX_STATUS_ERROR);
ret = -EINVAL;
goto err_ctx_cleanup;
}
+ if (argv[++optind] != NULL) {
+ /* incorrect count or format for optional arguments */
+ usage();
+ ret = -EINVAL;
+ goto err_ctx_cleanup;
+ }
+
} else {
cmr_state->lock_duration_s
= CTDB_MUTEX_CEPH_LOCK_DURATION_SECS_DEFAULT;
@@ -398,6 +431,7 @@ int main(int argc, char *argv[])
ret = ctdb_mutex_rados_ctx_create(cmr_state->ceph_cluster_name,
cmr_state->ceph_auth_name,
cmr_state->pool_name,
+ cmr_state->namespace,
&cmr_state->ceph_cluster,
&cmr_state->ioctx);
if (ret < 0) {
diff --git a/libcli/nbt/libnbt.h b/libcli/nbt/libnbt.h
index 204484be73f..6a30c9fedb5 100644
--- a/libcli/nbt/libnbt.h
+++ b/libcli/nbt/libnbt.h
@@ -331,6 +331,9 @@ NTSTATUS nbt_set_unexpected_handler(struct nbt_name_socket *nbtsock,
void (*handler)(struct nbt_name_socket *, struct nbt_name_packet *,
struct socket_address *),
void *private_data);
+NTSTATUS nbt_name_send_raw(struct nbt_name_socket *nbtsock,
+ struct socket_address *dest,
+ const DATA_BLOB pkt_blob);
NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
struct socket_address *dest,
struct nbt_name_packet *request);
diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c
index 47e73cf2e8d..b2945ad912f 100644
--- a/libcli/nbt/nbtsocket.c
+++ b/libcli/nbt/nbtsocket.c
@@ -448,6 +448,50 @@ failed:
return NULL;
}
+/*
+ send off a nbt name packet
+*/
+_PUBLIC_ NTSTATUS nbt_name_send_raw(struct nbt_name_socket *nbtsock,
+ struct socket_address *dest,
+ const DATA_BLOB pkt_blob)
+{
+ struct nbt_name_request *req;
+
+ req = talloc_zero(nbtsock, struct nbt_name_request);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
+ req->nbtsock = nbtsock;
+ req->dest = socket_address_copy(req, dest);
+ if (req->dest == NULL) {
+ goto failed;
+ }
+ req->state = NBT_REQUEST_SEND;
+ /*
+ * We don't expect a response so
+ * just pretent it is a request,
+ * but we really don't care about the
+ * content.
+ */
+ req->is_reply = true;
+
+ req->encoded = data_blob_dup_talloc(req, pkt_blob);
+ if (req->encoded.length != pkt_blob.length) {
+ goto failed;
+ }
+
+ talloc_set_destructor(req, nbt_name_request_destructor);
+
+ DLIST_ADD_END(nbtsock->send_queue, req);
+
+ TEVENT_FD_WRITEABLE(nbtsock->fde);
+
+ return NT_STATUS_OK;
+
+failed:
+ talloc_free(req);
+ return NT_STATUS_NO_MEMORY;
+}
+
/*
send off a nbt name reply
diff --git a/python/samba/tests/blackbox/misc_dfs_widelink.py b/python/samba/tests/blackbox/misc_dfs_widelink.py
new file mode 100644
index 00000000000..7948590d710
--- /dev/null
+++ b/python/samba/tests/blackbox/misc_dfs_widelink.py
@@ -0,0 +1,86 @@
+# Blackbox tests for DFS (widelink)
+#
+# Copyright (C) Noel Power noel.power at suse.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from samba.tests import BlackboxTestCase, BlackboxProcessError
+from samba.samba3 import param as s3param
+
+from samba.credentials import Credentials
+
+import os
+
+class DfsWidelinkBlockboxTestBase(BlackboxTestCase):
+
+ def setUp(self):
+ super().setUp()
+ self.lp = s3param.get_context()
+ self.server = os.environ["SERVER"]
+ self.user = os.environ["USER"]
+ self.passwd = os.environ["PASSWORD"]
+ self.creds = Credentials()
+ self.creds.guess(self.lp)
+ self.creds.set_username(self.user)
+ self.creds.set_password(self.passwd)
+ self.testdir = os.getenv("TESTDIR", "msdfs-share-wl")
+ self.share = os.getenv("SHARE", "msdfs-share-wl")
+ self.dirpath = os.path.join(os.environ["LOCAL_PATH"],self.testdir)
+ # allow a custom teardown function to be defined
+ self.cleanup = None
+ self.cleanup_args = []
+
+ def tearDown(self):
+ try:
+ if (self.cleanup):
+ self.cleanup(self.cleanup_args)
+ except Exception as e:
+ print("remote remove failed: %s" % str(e))
+
+ def build_test_cmd(self, cmd, args):
+ cmd = [cmd, "-U%s%%%s" % (self.user, self.passwd)]
+ cmd.extend(args)
+ return cmd
+
+ def test_ci_chdir(self):
+ parent_dir = "msdfs-src1"
+ dirs = [parent_dir, parent_dir.upper()]
+ # try as named dir first then try upper-cased version
+ for adir in dirs:
+ smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % (self.server, self.share), "-c", "cd %s" % (adir)])
+ try:
+ out_str = self.check_output(smbclient_args)
+ except BlackboxProcessError as e:
+ print(str(e))
+ self.fail(str(e))
+
+ def test_nested_chdir(self):
+ parent_dir = "dfshop1"
+ child_dir = "dfshop2"
+ smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % (self.server, self.share), "-c", "cd %s/%s" % (parent_dir,child_dir)])
+ try:
+ out_str = self.check_output(smbclient_args)
+ except BlackboxProcessError as e:
+ print(str(e))
+ self.fail(str(e))
+
+ def test_enumerate_dfs_link(self):
+ smbclient_args = self.build_test_cmd("smbclient", ["//%s/%s" % (self.server, self.share), "-c", "dir"])
+ try:
+ out_str = self.check_output(smbclient_args)
+ except BlackboxProcessError as e:
+ print(str(e))
+ self.fail(str(e))
+ out_str = out_str.decode()
+ self.assertIn("msdfs-src1", out_str)
diff --git a/python/samba/tests/dns_base.py b/python/samba/tests/dns_base.py
index b92371e9cdd..79c73b37a95 100644
--- a/python/samba/tests/dns_base.py
+++ b/python/samba/tests/dns_base.py
@@ -20,6 +20,7 @@ from samba.tests import TestCaseInTempDir
from samba.dcerpc import dns, dnsp
from samba import gensec, tests
from samba import credentials
+from samba import NTSTATUSError
import struct
import samba.ndr as ndr
import random
@@ -76,6 +77,24 @@ class DNSTest(TestCaseInTempDir):
self.assertEqual(p_opcode, opcode, "Expected OPCODE %s, got %s" %
(opcode, p_opcode))
+ def assert_dns_flags_equals(self, packet, flags):
+ "Helper function to check opcode"
+ p_flags = packet.operation & (~(dns.DNS_OPCODE|dns.DNS_RCODE))
+ self.assertEqual(p_flags, flags, "Expected FLAGS %02x, got %02x" %
+ (flags, p_flags))
+
+ def assert_echoed_dns_error(self, request, response, response_p, rcode):
+
+ request_p = ndr.ndr_pack(request)
+
+ self.assertEqual(response.id, request.id)
+ self.assert_dns_rcode_equals(response, rcode)
+ self.assert_dns_opcode_equals(response, request.operation & dns.DNS_OPCODE)
+ self.assert_dns_flags_equals(response,
+ (request.operation | dns.DNS_FLAG_REPLY) & (~(dns.DNS_OPCODE|dns.DNS_RCODE)))
+ self.assertEqual(len(response_p), len(request_p))
+ self.assertEqual(response_p[4:], request_p[4:])
+
def make_name_packet(self, opcode, qid=None):
"Helper creating a dns.name_packet"
--
Samba Shared Repository
More information about the samba-cvs
mailing list