[SCM] Samba Shared Repository - branch v4-20-stable updated
Jule Anger
janger at samba.org
Mon Mar 11 15:02:46 UTC 2024
The branch, v4-20-stable has been updated
via 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release.
via f485def8104 WHATSNEW: Add release notes for Samba 4.20.0rc4.
via 03b6dae6630 python:gp: Implement client site lookup in site_dn_for_machine()
via e51e72dd14a librpc:idl: Make netlogon_samlogon_response public
via a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4...
from 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 9 +++++-
librpc/idl/nbt.idl | 2 +-
librpc/ndr/ndr_nbt.c | 2 +-
librpc/ndr/ndr_nbt.h | 2 +-
python/samba/gp/gpclass.py | 68 ++++++++++++++++++++++++++++++----------------
6 files changed, 57 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index efcf3f379e6..fcee8581107 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f540dc555c0..dd80f116a10 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the third release candidate of Samba 4.20. This is *not*
+This is the fourth release candidate of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -214,6 +214,13 @@ smb.conf changes
acl claims evaluation new AD DC only
+CHANGES SINCE 4.20.0rc3
+=======================
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15588: samba-gpupdate: Correctly implement site support.
+
+
CHANGES SINCE 4.20.0rc2
=======================
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index 11814e7970e..46be2eae7e2 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -490,7 +490,7 @@ interface nbt
[case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex;
} netlogon_samlogon_response_union;
- typedef [nopush,nopull] struct {
+ typedef [nopush,nopull,noprint,public] struct {
uint32 ntver;
[switch_is(ntver)] netlogon_samlogon_response_union data;
} netlogon_samlogon_response;
diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c
index eb186810785..6f54198ffbc 100644
--- a/librpc/ndr/ndr_nbt.c
+++ b/librpc/ndr/ndr_nbt.c
@@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r)
+_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r)
{
ndr_print_struct(ndr, name, "netlogon_samlogon_response");
if (r == NULL) { ndr_print_null(ndr); return; }
diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h
index c38422fff6b..00ee8a17364 100644
--- a/librpc/ndr/ndr_nbt.h
+++ b/librpc/ndr/ndr_nbt.h
@@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_
uint32_t nt_version_flags);
enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, ndr_flags_type ndr_flags, const struct netlogon_samlogon_response *r);
enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, ndr_flags_type ndr_flags, struct netlogon_samlogon_response *r);
-void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r);
+void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r);
#endif /* _LIBRPC_NDR_NDR_NBT_H */
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 26c2386847e..08be472e707 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -49,7 +49,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.dcerpc import security
import samba.security
-from samba.dcerpc import netlogon
+from samba.dcerpc import nbt
from datetime import datetime
@@ -611,12 +611,6 @@ def get_dc_hostname(creds, lp):
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_dns_name
-def get_dc_netbios_hostname(creds, lp):
- net = Net(creds=creds, lp=lp)
- cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
- nbt.NBT_SERVER_DS))
- return cldap_ret.pdc_name
-
""" Fetch a list of GUIDs for applicable GPOs """
@@ -787,24 +781,52 @@ def merge_with_system_token(token_1):
# There are no claims in the system token, so it is safe not to merge the claims
return token_1
+
def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname):
# [MS-GPOL] 3.2.5.1.4 Site Search
- config_context = samdb.get_config_basedn()
- try:
- c = netlogon.netlogon("ncacn_np:%s[seal]" % dc_hostname, lp, creds)
- site_name = c.netr_DsRGetSiteName(hostname)
- return 'CN={},CN=Sites,{}'.format(site_name, config_context)
- except WERRORError:
- # Fallback to the old method found in ads_site_dn_for_machine
- nb_hostname = get_dc_netbios_hostname(creds, lp)
- res = samdb.search(config_context, ldb.SCOPE_SUBTREE,
- "(cn=%s)" % nb_hostname, ['dn'])
- if res.count != 1:
- raise ldb.LdbError(ldb.ERR_NO_SUCH_OBJECT,
- 'site_dn_for_machine: no result')
- dn = res.msgs[0]['dn']
- site_dn = dn.parent().parent()
- return site_dn
+
+ # The netr_DsRGetSiteName() needs to run over local rpc, however we do not
+ # have the call implemented in our rpc_server.
+ # What netr_DsRGetSiteName() actually does is an ldap query to get
+ # the sitename, we can do the same.
+
+ # NtVer=(NETLOGON_NT_VERSION_IP|NETLOGON_NT_VERSION_WITH_CLOSEST_SITE|
+ # NETLOGON_NT_VERSION_5EX) [0x20000014]
+ expr = "(&(DnsDomain=%s.)(User=%s)(NtVer=\\14\\00\\00\\20))" % (
+ samdb.domain_dns_name(),
+ hostname)
+ res = samdb.search(
+ base='',
+ scope=ldb.SCOPE_BASE,
+ expression=expr,
+ attrs=["Netlogon"])
+ if res.count != 1:
+ raise RuntimeError('site_dn_for_machine: No result')
+
+ samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response,
+ bytes(res.msgs[0]['Netlogon'][0]))
+ if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX,
+ (nbt.NETLOGON_NT_VERSION_1
+ | nbt.NETLOGON_NT_VERSION_5EX)]:
+ raise RuntimeError('site_dn_for_machine: Invalid NtVer in '
+ + 'netlogon_samlogon_response')
+
+ # We want NETLOGON_NT_VERSION_5EX out of the union!
+ samlogon_response.ntver = nbt.NETLOGON_NT_VERSION_5EX
+ samlogon_response_ex = samlogon_response.data
+
+ client_site = "Default-First-Site-Name"
+ if (samlogon_response_ex.client_site
+ and len(samlogon_response_ex.client_site) > 1):
+ client_site = samlogon_response_ex.client_site
+
+ site_dn = samdb.get_config_basedn()
+ site_dn.add_child("CN=Sites")
+ site_dn.add_child("CN=%s" % (client_site))
+
+ return site_dn
+
+
def get_gpo_list(dc_hostname, creds, lp, username):
"""Get the full list of GROUP_POLICY_OBJECTs for a given username.
--
Samba Shared Repository
More information about the samba-cvs
mailing list