[Pkg-samba-maint] [samba] 08/13: Apply patches.
Jelmer Vernooij
jelmer at moszumanska.debian.org
Sun Nov 15 17:07:04 UTC 2015
This is an automated email from the git hooks/post-receive script.
jelmer pushed a commit to branch master
in repository samba.
commit 420b548e59d2d2dcd0abbafcb1ac0bf74c013e0d
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Sun Nov 15 15:13:43 2015 +0000
Apply patches.
---
VERSION | 2 +-
buildtools/wafsamba/samba_utils.py | 2 +-
buildtools/wafsamba/wafsamba.py | 3 +
docs-xml/wscript_build | 2 +-
docs/manpages/net.8 | 4 +-
dynconfig/wscript | 2 +
examples/LDAP/README | 3 +
examples/misc/wall.perl | 2 +-
lib/util/debug.c | 14 ++--
libcli/nbt/wscript_build | 3 +-
nsswitch/wins.c | 2 +-
pidl/lib/Parse/Pidl/Dump.pm | 4 +-
pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/Header.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/Python.pm | 48 +++++++----
pidl/lib/Parse/Pidl/Util.pm | 1 +
pidl/lib/Parse/Pidl/Wireshark/NDR.pm | 6 +-
selftest/target/Samba.pm | 1 +
selftest/target/Samba3.pm | 50 +++++++++++
source3/include/libsmbclient.h | 10 +++
source3/include/local.h | 2 +-
source3/pam_smbpass/README | 2 +-
source3/param/loadparm.c | 2 +-
source3/selftest/tests.py | 6 +-
source4/heimdal_build/krb5-types.h | 14 ----
source4/kdc/wdc-samba4.c | 16 +++-
source4/param/wscript_build | 5 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 2 +-
source4/torture/rpc/rpc.c | 1 +
source4/torture/rpc/schannel.c | 106 ++++++++++++++++++++++++
source4/wscript_build | 3 +-
32 files changed, 258 insertions(+), 66 deletions(-)
diff --git a/VERSION b/VERSION
index 06ca3ff..b8fa0e6 100644
--- a/VERSION
+++ b/VERSION
@@ -123,5 +123,5 @@ SAMBA_VERSION_RELEASE_NICKNAME=
# -> "3.0.0rc2-VendorVersion" #
# #
########################################################
-SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_SUFFIX=Debian
SAMBA_VERSION_VENDOR_PATCH=
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index c1ac7e2..32f3fd0 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -79,7 +79,7 @@ def install_rpath(target):
ret = set()
if bld.env.RPATH_ON_INSTALL:
ret.add(bld.EXPAND_VARIABLES(bld.env.LIBDIR))
- if bld.env.RPATH_ON_INSTALL_PRIVATE and needs_private_lib(bld, target):
+ if bld.env.RPATH_ON_INSTALL_PRIVATE:
ret.add(bld.EXPAND_VARIABLES(bld.env.PRIVATELIBDIR))
return list(ret)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 6f0e11b..da1cf09 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -209,6 +209,9 @@ def SAMBA_LIBRARY(bld, libname, source,
raise Utils.WafError("public library '%s' must have header files" %
libname)
+ if private_library and not vnum:
+ vnum = '0'
+
if target_type == 'PYTHON' or realname or not private_library:
if keep_underscore:
bundled_name = libname
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index fa8fc4d..7c96fa3 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -129,7 +129,7 @@ def SMBDOTCONF_MANPAGE(bld, target):
if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
- SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
+ #SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
bld.SAMBAMANPAGES(manpages)
if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index e02e55b..6c33271 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -1144,9 +1144,9 @@ Something we failed to parse\&. Default action is to "edit" it in interactive an
.RE
.SS "USERSHARE"
.PP
-Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\&.
+Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\&.
.PP
-To set this up, first set up your smb\&.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\&. Set the permissions on /usr/local/samba/lib/usershares to 01770\&. (Owner and group all access, no access for others, plus the sticky bit, which [...]
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below\&.
.PP
The usershare commands are:
.RS 4
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 6410c38..cc94f91 100755
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -254,6 +254,8 @@ dynconfig = {
'SMB_PASSWD_FILE' : {
'STD-PATH': '${PRIVATE_DIR}/smbpasswd',
'FHS-PATH': '${PRIVATE_DIR}/smbpasswd',
+ 'OPTION': '--with-smbpasswd-file',
+ 'HELPTEXT': 'Where to put the smbpasswd file',
'DELAY': True,
},
}
diff --git a/examples/LDAP/README b/examples/LDAP/README
index f6ce3a9..a918acf 100644
--- a/examples/LDAP/README
+++ b/examples/LDAP/README
@@ -69,6 +69,9 @@ in Samba releases.
The smbldap-tools package can be downloaded individually from
https://gna.org/projects/smbldap-tools/
+On Debian systems, the smbldap-tools exists as a separate package
+and is not included in LDAP examples.
+
!==
!== end of README
!==
diff --git a/examples/misc/wall.perl b/examples/misc/wall.perl
index 9303658..72d6e89 100644
--- a/examples/misc/wall.perl
+++ b/examples/misc/wall.perl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
#@(#) smb-wall.pl Description:
#@(#) A perl script which allows you to announce whatever you choose to
diff --git a/lib/util/debug.c b/lib/util/debug.c
index cf42d36..084f590 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -478,15 +478,17 @@ void setup_logging(const char *prog_name, enum debug_logtype new_logtype)
if (state.logtype == DEBUG_FILE) {
#ifdef WITH_SYSLOG
- const char *p = strrchr_m( prog_name,'/' );
- if (p)
- prog_name = p + 1;
+ if (prog_name) {
+ const char *p = strrchr_m( prog_name,'/' );
+ if (p)
+ prog_name = p + 1;
#ifdef LOG_DAEMON
- openlog( prog_name, LOG_PID, SYSLOG_FACILITY );
+ openlog( prog_name, LOG_PID, SYSLOG_FACILITY );
#else
- /* for old systems that have no facility codes. */
- openlog( prog_name, LOG_PID );
+ /* for old systems that have no facility codes. */
+ openlog( prog_name, LOG_PID );
#endif
+ }
#endif
}
}
diff --git a/libcli/nbt/wscript_build b/libcli/nbt/wscript_build
index c4a9428..090789c 100755
--- a/libcli/nbt/wscript_build
+++ b/libcli/nbt/wscript_build
@@ -20,7 +20,8 @@ bld.SAMBA_LIBRARY('cli-nbt',
bld.SAMBA_BINARY('nmblookup' + bld.env.suffix4,
source='tools/nmblookup.c',
manpages='man/nmblookup4.1',
- deps='samba-hostconfig samba-util cli-nbt popt POPT_SAMBA netif LIBCLI_RESOLVE'
+ deps='samba-hostconfig samba-util cli-nbt popt POPT_SAMBA netif LIBCLI_RESOLVE',
+ install=False
)
bld.SAMBA_PYTHON('python_netbios',
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index d63968b..16ba7c4 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -52,7 +52,7 @@ static void nss_wins_init(void)
lp_set_cmdline("log level", "0");
TimeInit();
- setup_logging("nss_wins",False);
+ setup_logging(NULL,False);
lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
load_interfaces();
}
diff --git a/pidl/lib/Parse/Pidl/Dump.pm b/pidl/lib/Parse/Pidl/Dump.pm
index bf5811c..4e623db 100644
--- a/pidl/lib/Parse/Pidl/Dump.pm
+++ b/pidl/lib/Parse/Pidl/Dump.pm
@@ -39,7 +39,7 @@ sub DumpProperties($)
my $res = "";
foreach my $d ($props) {
- foreach my $k (keys %{$d}) {
+ foreach my $k (sort(keys %{$d})) {
if ($k eq "in") {
$res .= "[in] ";
next;
@@ -244,7 +244,7 @@ sub DumpInterfaceProperties($)
my($res);
$res .= "[\n";
- foreach my $k (keys %{$data}) {
+ foreach my $k (sort(keys %{$data})) {
$first || ($res .= ",\n"); $first = 0;
$res .= "$k($data->{$k})";
}
diff --git a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
index 8142b35..aa913f1 100644
--- a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
+++ b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
@@ -59,7 +59,7 @@ sub HeaderProperties($$)
my($props,$ignores) = @_;
my $ret = "";
- foreach my $d (keys %{$props}) {
+ foreach my $d (sort(keys %{$props})) {
next if (grep(/^$d$/, @$ignores));
if($props->{$d} ne "1") {
$ret.= "$d($props->{$d}),";
diff --git a/pidl/lib/Parse/Pidl/Samba4/Header.pm b/pidl/lib/Parse/Pidl/Samba4/Header.pm
index 49c5afa..e9b7bee 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Header.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Header.pm
@@ -38,7 +38,7 @@ sub HeaderProperties($$)
my($props,$ignores) = @_;
my $ret = "";
- foreach my $d (keys %{$props}) {
+ foreach my $d (sort(keys %{$props})) {
next if (grep(/^$d$/, @$ignores));
if($props->{$d} ne "1") {
$ret.= "$d($props->{$d}),";
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
index fed94cd..11954f0 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
@@ -259,7 +259,7 @@ sub HeaderProperties($$)
my($props,$ignores) = @_;
my $ret = "";
- foreach my $d (keys %{$props}) {
+ foreach my $d (sort(keys %{$props})) {
next if (grep(/^$d$/, @$ignores));
if($props->{$d} ne "1") {
$ret.= "$d($props->{$d}),";
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 39884ab..95c680b 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -22,9 +22,11 @@ $VERSION = '0.01';
sub new($) {
my ($class) = @_;
- my $self = { res => "", res_hdr => "", tabs => "", constants => {},
+ my $self = { res => "", res_hdr => "", tabs => "",
+ constants => [], constants_uniq => {},
module_methods => [], module_objects => [], ready_types => [],
- module_imports => {}, type_imports => {},
+ module_imports => [], module_imports_uniq => {},
+ type_imports => [], type_imports_uniq => {},
patch_type_calls => [], prereadycode => [],
postreadycode => []};
bless($self, $class);
@@ -94,7 +96,11 @@ sub register_constant($$$$)
{
my ($self, $name, $type, $value) = @_;
- $self->{constants}->{$name} = [$type, $value];
+ unless (defined $self->{constants_uniq}->{$name}) {
+ my $h = {"key" => $name, "val" => [$type, $value]};
+ push @{$self->{constants}}, $h;
+ $self->{constants_uniq}->{$name} = $h;
+ }
}
sub EnumAndBitmapConsts($$$)
@@ -805,8 +811,11 @@ sub register_module_import($$)
$var_name =~ s/\./_/g;
$var_name = "dep_$var_name";
- $self->{module_imports}->{$var_name} = $module_path;
-
+ unless (defined $self->{module_imports_uniq}->{$var_name}) {
+ my $h = { "key" => $var_name, "val" => $module_path};
+ push @{$self->{module_imports}}, $h;
+ $self->{module_imports_uniq}->{$var_name} = $h;
+ }
return $var_name;
}
@@ -815,8 +824,10 @@ sub import_type_variable($$$)
my ($self, $module, $name) = @_;
$self->register_module_import($module);
- unless (defined($self->{type_imports}->{$name})) {
- $self->{type_imports}->{$name} = $module;
+ unless (defined $self->{type_imports_uniq}->{$name}) {
+ my $h = { "key" => $name, "val" => $module};
+ push @{$self->{type_imports}}, $h;
+ $self->{type_imports_uniq}->{$name} = $h;
}
return "$name\_Type";
}
@@ -1366,25 +1377,25 @@ sub Parse($$$$$)
$self->pidl("{");
$self->indent;
$self->pidl("PyObject *m;");
- foreach (keys %{$self->{module_imports}}) {
- $self->pidl("PyObject *$_;");
+ foreach my $h (@{$self->{module_imports}}) {
+ $self->pidl("PyObject *$h->{'key'};");
}
$self->pidl("");
- foreach (keys %{$self->{module_imports}}) {
- my $var_name = $_;
- my $module_path = $self->{module_imports}->{$var_name};
+ foreach my $h (@{$self->{module_imports}}) {
+ my $var_name = $h->{'key'};
+ my $module_path = $h->{'val'};
$self->pidl("$var_name = PyImport_ImportModule(\"$module_path\");");
$self->pidl("if ($var_name == NULL)");
$self->pidl("\treturn;");
$self->pidl("");
}
- foreach (keys %{$self->{type_imports}}) {
- my $type_var = "$_\_Type";
- my $module_path = $self->{type_imports}->{$_};
+ foreach my $h (@{$self->{type_imports}}) {
+ my $type_var = "$h->{'key'}\_Type";
+ my $module_path = $h->{'val'};
$self->pidl_hdr("static PyTypeObject *$type_var;\n");
- my $pretty_name = PrettifyTypeName($_, $module_path);
+ my $pretty_name = PrettifyTypeName($h->{'key'}, $module_path);
my $module_var = "dep_$module_path";
$module_var =~ s/\./_/g;
$self->pidl("$type_var = (PyTypeObject *)PyObject_GetAttrString($module_var, \"$pretty_name\");");
@@ -1415,9 +1426,10 @@ sub Parse($$$$$)
$self->pidl("if (m == NULL)");
$self->pidl("\treturn;");
$self->pidl("");
- foreach my $name (keys %{$self->{constants}}) {
+ foreach my $h (@{$self->{constants}}) {
+ my $name = $h->{'key'};
my $py_obj;
- my ($ctype, $cvar) = @{$self->{constants}->{$name}};
+ my ($ctype, $cvar) = @{$h->{'val'}};
if ($cvar =~ /^[0-9]+$/ or $cvar =~ /^0x[0-9a-fA-F]+$/) {
$py_obj = "PyInt_FromLong($cvar)";
} elsif ($cvar =~ /^".*"$/) {
diff --git a/pidl/lib/Parse/Pidl/Util.pm b/pidl/lib/Parse/Pidl/Util.pm
index 006718d..421cb8f 100644
--- a/pidl/lib/Parse/Pidl/Util.pm
+++ b/pidl/lib/Parse/Pidl/Util.pm
@@ -43,6 +43,7 @@ unless we actually need it
sub MyDumper($)
{
require Data::Dumper;
+ $Data::Dumper::Sortkeys = 1;
my $s = shift;
return Data::Dumper::Dumper($s);
}
diff --git a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm
index 1aa44c3..6f8e58b 100644
--- a/pidl/lib/Parse/Pidl/Wireshark/NDR.pm
+++ b/pidl/lib/Parse/Pidl/Wireshark/NDR.pm
@@ -916,7 +916,7 @@ sub ProcessInterface($$)
$self->Interface($x);
$self->pidl_code("\n".DumpFunctionTable($x));
- foreach (keys %{$return_types{$x->{NAME}}}) {
+ foreach (sort(keys %{$return_types{$x->{NAME}}})) {
my ($type, $desc) = @{$return_types{$x->{NAME}}->{$_}};
my $dt = $self->find_type($type);
$dt or die("Unable to find information about return type `$type'");
@@ -1155,7 +1155,7 @@ sub DumpHfDeclaration($)
$res = "\n/* Header field declarations */\n";
- foreach (keys %{$self->{conformance}->{header_fields}})
+ foreach (sort(keys %{$self->{conformance}->{header_fields}}))
{
$res .= "static gint $_ = -1;\n";
}
@@ -1182,7 +1182,7 @@ sub DumpHfList($)
my ($self) = @_;
my $res = "\tstatic hf_register_info hf[] = {\n";
- foreach (values %{$self->{conformance}->{header_fields}})
+ foreach (sort {$a->{INDEX} cmp $b->{INDEX}} values %{$self->{conformance}->{header_fields}})
{
$res .= "\t{ &$_->{INDEX},
{ ".make_str($_->{NAME}).", ".make_str($_->{FILTER}).", $_->{FT_TYPE}, $_->{BASE_TYPE}, $_->{VALSSTRING}, $_->{MASK}, ".make_str_or_null($_->{BLURB}).", HFILL }},
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 217511a..2674c7f 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -156,6 +156,7 @@ sub get_interface($)
$interfaces{"localktest6"} = 7;
$interfaces{"maptoguest"} = 8;
+ $interfaces{"locals3dc9"} = 9;
# 11-16 used by selftest.pl for client interfaces
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index ba01154..a63c1dc 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -153,6 +153,8 @@ sub setup_env($$$)
if ($envname eq "s3dc") {
return $self->setup_s3dc("$path/s3dc");
+ } elsif ($envname eq "s3dc_schannel") {
+ return $self->setup_s3dc_schannel("$path/s3dc_schannel");
} elsif ($envname eq "simpleserver") {
return $self->setup_simpleserver("$path/simpleserver");
} elsif ($envname eq "maptoguest") {
@@ -217,6 +219,54 @@ sub setup_s3dc($$)
return $vars;
}
+sub setup_s3dc_schannel($$)
+{
+ my ($self, $path) = @_;
+
+ print "PROVISIONING S3DC WITH SERVER SCHANNEL ...";
+
+ my $pdc_options = "
+ domain master = yes
+ domain logons = yes
+ lanman auth = yes
+
+ rpc_server:epmapper = external
+ rpc_server:spoolss = external
+ rpc_server:lsarpc = external
+ rpc_server:samr = external
+ rpc_server:netlogon = external
+ rpc_server:register_embedded_np = yes
+
+ rpc_daemon:epmd = fork
+ rpc_daemon:spoolssd = fork
+ rpc_daemon:lsasd = fork
+
+ server schannel = yes
+";
+
+ my $vars = $self->provision($path,
+ "LOCALS3DC9",
+ "locals3dc9pass",
+ $pdc_options);
+
+ $vars or return undef;
+
+ if (not $self->check_or_start($vars, "yes", "yes", "yes")) {
+ return undef;
+ }
+
+ $vars->{DC_SERVER} = $vars->{SERVER};
+ $vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
+ $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
+ $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME};
+ $vars->{DC_USERNAME} = $vars->{USERNAME};
+ $vars->{DC_PASSWORD} = $vars->{PASSWORD};
+
+ $self->{vars}->{s3dc_schannel} = $vars;
+
+ return $vars;
+}
+
sub setup_member($$$)
{
my ($self, $prefix, $s3dcvars) = @_;
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 42e41f7..778617d 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -80,6 +80,16 @@ extern "C" {
#include <fcntl.h>
#include <utime.h>
+ /* Debian bug #221618 */
+#ifdef _LARGEFILE64_SOURCE
+#undef _LARGEFILE64_SOURCE
+#endif
+#define _LARGEFILE64_SOURCE 1
+#ifdef _FILE_OFFSET_BITS
+#undef _FILE_OFFSET_BITS
+#endif
+#define _FILE_OFFSET_BITS 64
+
#define SMBC_BASE_FD 10000 /* smallest file descriptor returned */
#define SMBC_WORKGROUP 1
diff --git a/source3/include/local.h b/source3/include/local.h
index 5ea7960..fba4045 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -93,7 +93,7 @@
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
#endif
/* the size of the uid cache used to reduce valid user checks */
diff --git a/source3/pam_smbpass/README b/source3/pam_smbpass/README
index 6cdb76f..d1ced49 100644
--- a/source3/pam_smbpass/README
+++ b/source3/pam_smbpass/README
@@ -37,7 +37,7 @@ Options recognized by this module are as follows:
smbconf=<file> - specify an alternate path to the smb.conf
file.
-See the samples/ directory for example PAM configurations using this
+See the examples/ directory for example PAM configurations using this
module.
Thanks go to the following people:
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bed39a4..e3c31c8 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1017,7 +1017,7 @@ static void init_globals(bool reinit_globals)
string_set(&Globals.szUsersharePath, s);
SAFE_FREE(s);
string_set(&Globals.szUsershareTemplateShare, "");
- Globals.iUsershareMaxShares = 0;
+ Globals.iUsershareMaxShares = 100;
/* By default disallow sharing of directories not owned by the sharer. */
Globals.bUsershareOwnerOnly = true;
/* By default disallow guest access to usershares. */
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 786b52a..fbc1e11 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -274,7 +274,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh
"rpc.samr.passwords.pwdlastset", "rpc.samr.large-dc", "rpc.samr.machine.auth",
"rpc.samr.priv", "rpc.samr.passwords.validate",
"rpc.netlogon.admin",
- "rpc.schannel", "rpc.schannel2", "rpc.bench-schannel1", "rpc.join", "rpc.bind"]
+ "rpc.schannel", "rpc.schannel2", "rpc.bench-schannel1", "rpc.schannel_anon_setpw", "rpc.join", "rpc.bind"]
local = ["local.nss-wrapper", "local.ndr"]
@@ -361,6 +361,10 @@ for t in tests:
elif t == "smb2.notify":
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --signing=required')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required')
+ elif t == "rpc.schannel_anon_setpw":
+ plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$%', description="anonymous password set")
+ plansmbtorture4testsuite(t, "s3dc_schannel", '//$SERVER_IP/tmp -U$%', description="anonymous password set (schannel enforced server-side)")
+ plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$%', description="anonymous password set")
else:
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
diff --git a/source4/heimdal_build/krb5-types.h b/source4/heimdal_build/krb5-types.h
deleted file mode 100644
index 4f55a80..0000000
--- a/source4/heimdal_build/krb5-types.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/* krb5-types.h -- this file was generated for i686-pc-linux-gnu by
- $Id: bits.c,v 1.23 2005/01/05 15:22:02 lha Exp $ */
-
-#ifndef __krb5_types_h__
-#define __krb5_types_h__
-
-#include "replace.h"
-#include "system/network.h"
-
-typedef socklen_t krb5_socklen_t;
-typedef int krb5_socket_t;
-typedef ssize_t krb5_ssize_t;
-
-#endif /* __krb5_types_h__ */
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 2f4945c..705fe3b 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -128,7 +128,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
talloc_free(mem_ctx);
return EINVAL;
}
-
+
if (is_in_db) {
/* Now check the KDC signature, fetching the correct key based on the enc type */
ret = kdc_check_pac(context, pac_srv_sig->signature, pac_kdc_sig, krbtgt);
@@ -217,7 +217,7 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
hdb_entry_ex *client_ex, const char *client_name,
hdb_entry_ex *server_ex, const char *server_name,
KDC_REQ *req,
- krb5_data *e_data)
+ METHOD_DATA *md)
{
struct samba_kdc_entry *kdc_entry;
bool password_change;
@@ -239,11 +239,19 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
return ENOMEM;
}
- if (e_data) {
+ if (md) {
+ int ret;
+ krb5_data kd;
DATA_BLOB data;
samba_kdc_build_edata_reply(nt_status, &data);
- *e_data = fill_krb5_data(data.data, data.length);
+ kd = fill_krb5_data(data.data, data.length);
+ ret = krb5_padata_add(context, md,
+ KRB5_PADATA_FX_ERROR,
+ kd.data, kd.length);
+ if (ret) {
+ krb5_data_free(&kd);
+ }
}
return samba_kdc_map_policy_err(nt_status);
diff --git a/source4/param/wscript_build b/source4/param/wscript_build
index 4585a83..3b845b7 100644
--- a/source4/param/wscript_build
+++ b/source4/param/wscript_build
@@ -18,7 +18,7 @@ bld.SAMBA_MODULE('share_classic',
source='share_classic.c',
subsystem='share',
init_function='share_classic_init',
- deps='samba-util'
+ deps='samba-util samba-hostconfig'
)
@@ -26,7 +26,8 @@ bld.SAMBA_MODULE('share_ldb',
source='share_ldb.c',
subsystem='share',
init_function='share_ldb_init',
- deps='ldbsamba auth_system_session'
+ deps='ldbsamba auth_system_session',
+ internal_module=False,
)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 87799db..dac3678 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -972,7 +972,7 @@ static WERROR create_req(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request *re
static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_call, struct ldb_context *ldb_ctx, const char *dn)
{
- struct heim_octet_string data;
+ heim_octet_string data;
WERROR w_err;
RSA *rsa;
hx509_context hctx;
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 2ec55b6..f20e0e9 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -496,6 +496,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_simple_test(suite, "schannel", torture_rpc_schannel);
torture_suite_add_simple_test(suite, "schannel2", torture_rpc_schannel2);
torture_suite_add_simple_test(suite, "bench-schannel1", torture_rpc_schannel_bench1);
+ torture_suite_add_simple_test(suite, "schannel_anon_setpw", torture_rpc_schannel_anon_setpw);
torture_suite_add_suite(suite, torture_rpc_srvsvc(suite));
torture_suite_add_suite(suite, torture_rpc_svcctl(suite));
torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite));
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index e0862d2..057c517 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -543,6 +543,83 @@ static bool test_schannel(struct torture_context *tctx,
return true;
}
+/*
+ * Purpose of this test is to demonstrate that a netlogon server carefully deals
+ * with anonymous attempts to set passwords, in particular when the server
+ * enforces the use of schannel. This test makes most sense to be run in an
+ * environment where the netlogon server enforces use of schannel.
+ */
+
+static bool test_schannel_anonymous_setPassword(struct torture_context *tctx,
+ uint32_t dcerpc_flags,
+ bool use2)
+{
+ struct test_join *join_ctx;
+ NTSTATUS status, result;
+ const char *binding = torture_setting_string(tctx, "binding", NULL);
+ struct dcerpc_binding *b;
+ struct dcerpc_pipe *p = NULL;
+ struct cli_credentials *credentials;
+ bool ok = true;
+
+ credentials = cli_credentials_init(NULL);
+ torture_assert(tctx, credentials != NULL, "Bad credentials");
+ cli_credentials_set_anonymous(credentials);
+
+ status = dcerpc_parse_binding(tctx, binding, &b);
+ torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
+
+ status = dcerpc_pipe_connect_b(tctx,
+ &p,
+ b,
+ &ndr_table_netlogon,
+ credentials,
+ tctx->ev,
+ tctx->lp_ctx);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel");
+
+ if (use2) {
+ struct netr_ServerPasswordSet2 r = {};
+ struct netr_Authenticator credential = {};
+ struct netr_Authenticator return_authenticator = {};
+ struct netr_CryptPassword new_password = {};
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+ r.in.secure_channel_type = 0;
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.in.new_password = &new_password;
+ r.out.return_authenticator = &return_authenticator;
+
+ status = dcerpc_netr_ServerPasswordSet2_r(p->binding_handle, tctx, &r);
+ result = r.out.result;
+ } else {
+ struct netr_ServerPasswordSet r = {};
+ struct netr_Authenticator credential = {};
+ struct netr_Authenticator return_authenticator = {};
+ struct samr_Password new_password = {};
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+ r.in.secure_channel_type = 0;
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.in.new_password = &new_password;
+ r.out.return_authenticator = &return_authenticator;
+
+ status = dcerpc_netr_ServerPasswordSet_r(p->binding_handle, tctx, &r);
+ result = r.out.result;
+ }
+
+ torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet failed");
+
+ if (NT_STATUS_IS_OK(result)) {
+ torture_fail(tctx, "unexpectedly received NT_STATUS_OK");
+ }
+
+ return ok;
+}
/*
@@ -586,6 +663,35 @@ bool torture_rpc_schannel(struct torture_context *torture)
return ret;
}
+bool torture_rpc_schannel_anon_setpw(struct torture_context *torture)
+{
+ bool ret = true;
+ bool ok;
+ uint32_t dcerpc_flags = DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_AUTO;
+
+ ok = test_schannel_anonymous_setPassword(torture,
+ dcerpc_flags,
+ true);
+ if (!ok) {
+ torture_comment(torture,
+ "Failed with dcerpc_flags=0x%x\n",
+ dcerpc_flags);
+ ret = false;
+ }
+
+ ok = test_schannel_anonymous_setPassword(torture,
+ dcerpc_flags,
+ false);
+ if (!ok) {
+ torture_comment(torture,
+ "Failed with dcerpc_flags=0x%x\n",
+ dcerpc_flags);
+ ret = false;
+ }
+
+ return ret;
+}
+
/*
test two schannel connections
*/
diff --git a/source4/wscript_build b/source4/wscript_build
index af71e80..1dd1356 100644
--- a/source4/wscript_build
+++ b/source4/wscript_build
@@ -2,7 +2,8 @@
bld.SAMBA_BINARY('client/smbclient' + bld.env.suffix4,
source='client/client.c',
- deps='samba-hostconfig SMBREADLINE samba-util LIBCLI_SMB RPC_NDR_SRVSVC LIBCLI_LSA popt POPT_SAMBA POPT_CREDENTIALS smbclient-raw param_options dcerpc'
+ deps='samba-hostconfig SMBREADLINE samba-util LIBCLI_SMB RPC_NDR_SRVSVC LIBCLI_LSA popt POPT_SAMBA POPT_CREDENTIALS smbclient-raw param_options dcerpc',
+ install=False
)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list