[Pkg-samba-maint] [samba] 02/07: Drop obsolete patch security-2016-04-12-prerequisite-v4-2-regression- fixes.metze01.txt.
Jelmer Vernooij
jelmer at moszumanska.debian.org
Sun Sep 4 14:49:18 UTC 2016
This is an automated email from the git hooks/post-receive script.
jelmer pushed a commit to branch jessie
in repository samba.
commit 876fa5a3a45e1e41ce47f709f02f564776b30c69
Author: Jelmer Vernooij <jelmer at jelmer.uk>
Date: Sun Sep 4 14:35:00 2016 +0000
Drop obsolete patch security-2016-04-12-prerequisite-v4-2-regression- fixes.metze01.txt.
---
VERSION | 2 +-
buildtools/wafsamba/samba_utils.py | 2 +-
buildtools/wafsamba/wafsamba.py | 3 ++
ctdb/web/footer.html | 4 +-
ctdb/wscript | 2 +-
debian/changelog | 2 +
...-prerequisite-v4-2-regression-fixes.metze01.txt | 43 ----------------------
debian/patches/series | 1 -
docs-xml/wscript_build | 2 +-
docs/manpages/net.8 | 4 +-
dynconfig/wscript | 2 +
examples/LDAP/README | 3 ++
examples/misc/wall.perl | 2 +-
lib/ldb/wscript | 2 +-
source3/include/libsmbclient.h | 10 +++++
source3/include/local.h | 2 +-
source3/pam_smbpass/README | 2 +-
source3/pam_smbpass/pam_smb_auth.c | 1 -
source3/param/loadparm.c | 2 +-
source4/heimdal_build/wscript_build | 6 +--
source4/param/wscript_build | 5 ++-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 26 ++++++++++---
wscript | 8 ++--
wscript_build | 9 +++--
24 files changed, 71 insertions(+), 74 deletions(-)
diff --git a/VERSION b/VERSION
index 36439ad..d215664 100644
--- a/VERSION
+++ b/VERSION
@@ -123,5 +123,5 @@ SAMBA_VERSION_RELEASE_NICKNAME=
# -> "3.0.0rc2-VendorVersion" #
# #
########################################################
-SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_SUFFIX=Debian
SAMBA_VERSION_VENDOR_PATCH=
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index 9ac1066..8c42319 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -79,7 +79,7 @@ def install_rpath(target):
ret = set()
if bld.env.RPATH_ON_INSTALL:
ret.add(bld.EXPAND_VARIABLES(bld.env.LIBDIR))
- if bld.env.RPATH_ON_INSTALL_PRIVATE and needs_private_lib(bld, target):
+ if bld.env.RPATH_ON_INSTALL_PRIVATE:
ret.add(bld.EXPAND_VARIABLES(bld.env.PRIVATELIBDIR))
return list(ret)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 39d9605..4126fc1 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -224,6 +224,9 @@ def SAMBA_LIBRARY(bld, libname, source,
raise Utils.WafError("public library '%s' must have header files" %
libname)
+ if private_library and not vnum:
+ vnum = '0'
+
if bundled_name is not None:
pass
elif target_type == 'PYTHON' or realname or not private_library:
diff --git a/ctdb/web/footer.html b/ctdb/web/footer.html
index a9758e8..36e48fc 100644
--- a/ctdb/web/footer.html
+++ b/ctdb/web/footer.html
@@ -2,13 +2,13 @@
</tr>
<TR ALIGN="center">
- <TD><BR><a name="search"></a><img src="/bar1.jpg" WIDTH="493" HEIGHT="26" BORDER="0" alt="=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=">
+ <TD><BR><a name="search"></a><img src="./bar1.jpg" WIDTH="493" HEIGHT="26" BORDER="0" alt="=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=">
<!-- SiteSearch Google -->
<form method="get" action="http://www.google.com/custom">
<table border="0">
<tr><td nowrap="nowrap" valign="top" align="left" height="32">
-<a href="http://www.google.com/"><img src="http://www.google.com/logos/Logo_25wht.gif" border="0" alt="Google" /></a>
+<a href="http://www.google.com/">Google</a>
</td><td nowrap="nowrap">
<input type="hidden" name="domains" value="samba.org" />
<input type="text" name="q" size="31" maxlength="255" value="CTDB " />
diff --git a/ctdb/wscript b/ctdb/wscript
index 771a344..25e311d 100755
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -60,7 +60,7 @@ def set_options(opt):
action="store", dest='ctdb_logdir', default=None)
opt.add_option('--with-socketpath',
help=("path to CTDB daemon socket"),
- action="store_true", dest='ctdb_sockpath', default=False)
+ action="store", dest='ctdb_sockpath', default=None)
def configure(conf):
diff --git a/debian/changelog b/debian/changelog
index 711b647..f0885ba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ samba (2:4.2.14+dfsg-0+deb8u1) UNRELEASED; urgency=high
+ Fixes CVE-2016-2119: Client side SMB2/3 required signing can be downgraded.
+ Various fixes for regressions introduced by the 4.2.10 security fixes.
Closes: #820965, #827141
+ * Drop obsolete patch security-2016-04-12-prerequisite-v4-2-regression-
+ fixes.metze01.txt.
-- Jelmer Vernooij <jelmer at debian.org> Sun, 04 Sep 2016 14:21:35 +0000
diff --git a/debian/patches/security-2016-04-12-prerequisite-v4-2-regression-fixes.metze01.txt b/debian/patches/security-2016-04-12-prerequisite-v4-2-regression-fixes.metze01.txt
deleted file mode 100644
index 4ec00b7..0000000
--- a/debian/patches/security-2016-04-12-prerequisite-v4-2-regression-fixes.metze01.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-From 96331b20e36350056ffb9f52570c3ec7558e4c77 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze at samba.org>
-Date: Fri, 8 Apr 2016 10:05:38 +0200
-Subject: [PATCH] s3:libads: sasl wrapped LDAP connections against with
- kerberos and arcfour-hmac-md5
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
-(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
-that prevents things like 'net ads join' from working against a Windows 2003 domain.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
-
-Signed-off-by: Stefan Metzmacher <metze at samba.org>
-Reviewed-by: Günther Deschner <gd at samba.org>
----
- source3/libads/sasl.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
-index 4fcd733..22aa9cf 100644
---- a/source3/libads/sasl.c
-+++ b/source3/libads/sasl.c
-@@ -312,7 +312,13 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
- ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
-
- ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
-- ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
-+ /*
-+ * Note that we have to truncate this to 0x2C
-+ * (taken from a capture with LDAP unbind), as the
-+ * signature size is not constant for Kerberos with
-+ * arcfour-hmac-md5.
-+ */
-+ ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C);
- ads->ldap.in.max_wrapped = max_wrapped;
- status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security);
- if (!ADS_ERR_OK(status)) {
---
-1.9.1
-
diff --git a/debian/patches/series b/debian/patches/series
index b6a028a..829ca2b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,7 +17,6 @@ Fix-privacy-breach-on-google.com.patch
decrease-min-ldb-version.patch
backupkey.patch
fix_pam_smbpass.patch
-security-2016-04-12-prerequisite-v4-2-regression-fixes.metze01.txt
disable-socketwrapper.diff
sockets-with-htons.patch
unprivate-samba-debug.patch
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 9c5e3ab..c4d0e71 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -134,7 +134,7 @@ def SMBDOTCONF_MANPAGE(bld, target):
if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
- SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
+ #SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
bld.SAMBAMANPAGES(manpages)
if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index b65464d..c830c02 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -1060,9 +1060,9 @@ Something we failed to parse\&. Default action is to "edit" it in interactive an
.RE
.SS "USERSHARE"
.PP
-Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\&.
+Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\&.
.PP
-To set this up, first set up your smb\&.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\&. Set the permissions on /usr/local/samba/lib/usershares to 01770\&. (Owner and group all access, no access for others, plus the sticky bit, which [...]
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below\&.
.PP
The usershare commands are:
.RS 4
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 6410c38..cc94f91 100755
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -254,6 +254,8 @@ dynconfig = {
'SMB_PASSWD_FILE' : {
'STD-PATH': '${PRIVATE_DIR}/smbpasswd',
'FHS-PATH': '${PRIVATE_DIR}/smbpasswd',
+ 'OPTION': '--with-smbpasswd-file',
+ 'HELPTEXT': 'Where to put the smbpasswd file',
'DELAY': True,
},
}
diff --git a/examples/LDAP/README b/examples/LDAP/README
index f6ce3a9..a918acf 100644
--- a/examples/LDAP/README
+++ b/examples/LDAP/README
@@ -69,6 +69,9 @@ in Samba releases.
The smbldap-tools package can be downloaded individually from
https://gna.org/projects/smbldap-tools/
+On Debian systems, the smbldap-tools exists as a separate package
+and is not included in LDAP examples.
+
!==
!== end of README
!==
diff --git a/examples/misc/wall.perl b/examples/misc/wall.perl
index 9303658..72d6e89 100644
--- a/examples/misc/wall.perl
+++ b/examples/misc/wall.perl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
#@(#) smb-wall.pl Description:
#@(#) A perl script which allows you to announce whatever you choose to
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 18e315b..d5c5c4c 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -2,7 +2,7 @@
APPNAME = 'ldb'
VERSION = '1.1.20'
-SYSTEM_VERSION = '1.1.24'
+SYSTEM_VERSION = '1.1.20'
blddir = 'bin'
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 42e41f7..778617d 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -80,6 +80,16 @@ extern "C" {
#include <fcntl.h>
#include <utime.h>
+ /* Debian bug #221618 */
+#ifdef _LARGEFILE64_SOURCE
+#undef _LARGEFILE64_SOURCE
+#endif
+#define _LARGEFILE64_SOURCE 1
+#ifdef _FILE_OFFSET_BITS
+#undef _FILE_OFFSET_BITS
+#endif
+#define _FILE_OFFSET_BITS 64
+
#define SMBC_BASE_FD 10000 /* smallest file descriptor returned */
#define SMBC_WORKGROUP 1
diff --git a/source3/include/local.h b/source3/include/local.h
index 5f52d9c..4c12163 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -88,7 +88,7 @@
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
#endif
/* the size of the uid cache used to reduce valid user checks */
diff --git a/source3/pam_smbpass/README b/source3/pam_smbpass/README
index 6cdb76f..d1ced49 100644
--- a/source3/pam_smbpass/README
+++ b/source3/pam_smbpass/README
@@ -37,7 +37,7 @@ Options recognized by this module are as follows:
smbconf=<file> - specify an alternate path to the smb.conf
file.
-See the samples/ directory for example PAM configurations using this
+See the examples/ directory for example PAM configurations using this
module.
Thanks go to the following people:
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 1b8ae5e..0a119bc 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -189,7 +189,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
_pam_get_data(pamh, "smb_setcred_return", &pretval);
if(pretval) {
retval = *pretval;
- SAFE_FREE(pretval);
}
pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index e805fa4..42f2bea 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -812,7 +812,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
TALLOC_FREE(s);
lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
- Globals.usershare_max_shares = 0;
+ Globals.usershare_max_shares = 100;
/* By default disallow sharing of directories not owned by the sharer. */
Globals.usershare_owner_only = true;
/* By default disallow guest access to usershares. */
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index 0eb1e38..633fec9 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -843,7 +843,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name="HEIMDAL_ERRORLIST",
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py',
+ source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt-table ../heimdal/lib/wind/stringprep.py',
target = '../heimdal/lib/wind/errorlist_table.c ../heimdal/lib/wind/errorlist_table.h'
)
@@ -865,7 +865,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name = 'HEIMDAL_BIDI_TABLE',
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt',
+ source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt-table',
target = '../heimdal/lib/wind/bidi_table.h ../heimdal/lib/wind/bidi_table.c'
)
@@ -873,7 +873,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name = 'HEIMDAL_MAP_TABLE',
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[2].abspath()}' '${SRC[2].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt',
+ source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt-table',
target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c'
)
diff --git a/source4/param/wscript_build b/source4/param/wscript_build
index 2ad753b..6fa1c4c 100644
--- a/source4/param/wscript_build
+++ b/source4/param/wscript_build
@@ -18,7 +18,7 @@ bld.SAMBA_MODULE('share_classic',
source='share_classic.c',
subsystem='share',
init_function='share_classic_init',
- deps='samba-util'
+ deps='samba-util samba-hostconfig'
)
@@ -26,7 +26,8 @@ bld.SAMBA_MODULE('share_ldb',
source='share_ldb.c',
subsystem='share',
init_function='share_ldb_init',
- deps='ldbsamba auth_system_session'
+ deps='ldbsamba auth_system_session',
+ internal_module=False,
)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 4037d18..6f2f1b5 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -227,9 +227,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS) {
talloc_free(tmp_mem);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else if (res->count == 0) {
+ }
+ if (res->count == 0) {
+ talloc_free(tmp_mem);
return NT_STATUS_RESOURCE_NAME_NOT_FOUND;
- } else if (res->count > 1) {
+ }
+ if (res->count > 1) {
DEBUG(2, ("Secret %s collision\n", name));
talloc_free(tmp_mem);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -311,6 +314,7 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
hx509_context hctx;
RSA *rsa;
struct hx509_private_key_ops *ops;
+ hx509_private_key privkey = NULL;
hx509_context_init(&hctx);
ops = hx509_find_private_alg(&_hx509_signature_rsa_with_var_num.algorithm);
@@ -319,13 +323,14 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
return NT_STATUS_INTERNAL_ERROR;
}
- if (hx509_private_key_init(pk, ops, NULL) != 0) {
+ if (hx509_private_key_init(&privkey, ops, NULL) != 0) {
hx509_context_free(&hctx);
return NT_STATUS_NO_MEMORY;
}
rsa = RSA_new();
if (rsa ==NULL) {
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -333,52 +338,62 @@ static NTSTATUS get_pk_from_raw_keypair_params(TALLOC_CTX *ctx,
rsa->n = reverse_and_get_bignum(ctx, &(keypair->modulus));
if (rsa->n == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->d = reverse_and_get_bignum(ctx, &(keypair->private_exponent));
if (rsa->d == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->p = reverse_and_get_bignum(ctx, &(keypair->prime1));
if (rsa->p == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->q = reverse_and_get_bignum(ctx, &(keypair->prime2));
if (rsa->q == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->dmp1 = reverse_and_get_bignum(ctx, &(keypair->exponent1));
if (rsa->dmp1 == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->dmq1 = reverse_and_get_bignum(ctx, &(keypair->exponent2));
if (rsa->dmq1 == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->iqmp = reverse_and_get_bignum(ctx, &(keypair->coefficient));
if (rsa->iqmp == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
rsa->e = reverse_and_get_bignum(ctx, &(keypair->public_exponent));
if (rsa->e == NULL) {
RSA_free(rsa);
+ hx509_private_key_free(&privkey);
hx509_context_free(&hctx);
return NT_STATUS_INVALID_PARAMETER;
}
+ *pk = privkey;
+
hx509_private_key_assign_rsa(*pk, rsa);
hx509_context_free(&hctx);
@@ -1403,7 +1418,7 @@ static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_c
struct GUID *guid)
{
NTSTATUS status;
- DATA_BLOB guid_binary, lsa_secret;
+ DATA_BLOB lsa_secret;
char *secret_name;
char *guid_string;
enum ndr_err_code ndr_err;
@@ -1425,7 +1440,8 @@ static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_c
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("Error while fetching secret %s\n", secret_name));
return WERR_INVALID_DATA;
- } else if (guid_binary.length == 0) {
+ }
+ if (lsa_secret.length == 0) {
/* RODC case, we do not have secrets locally */
DEBUG(1, ("Unable to fetch value for secret %s, are we an undetected RODC?\n",
secret_name));
diff --git a/wscript b/wscript
index 28528be..2b97a0d 100644
--- a/wscript
+++ b/wscript
@@ -148,10 +148,12 @@ def configure(conf):
conf.RECURSE('lib/ntdb')
conf.RECURSE('lib/util/charset')
conf.RECURSE('source4/auth')
- conf.RECURSE('lib/nss_wrapper')
+ if conf.CONFIG_GET('ENABLE_SELFTEST'):
+ conf.RECURSE('lib/nss_wrapper')
conf.RECURSE('nsswitch')
- conf.RECURSE('lib/socket_wrapper')
- conf.RECURSE('lib/uid_wrapper')
+ if conf.CONFIG_GET('ENABLE_SELFTEST'):
+ conf.RECURSE('lib/socket_wrapper')
+ conf.RECURSE('lib/uid_wrapper')
conf.RECURSE('lib/subunit/c')
conf.RECURSE('libcli/smbreadline')
conf.RECURSE('lib/crypto')
diff --git a/wscript_build b/wscript_build
index d7dea54..a6a6556 100644
--- a/wscript_build
+++ b/wscript_build
@@ -70,9 +70,12 @@ bld.RECURSE('source4/lib/messaging')
bld.RECURSE('source4/lib/events')
bld.RECURSE('source4/lib/cmdline')
bld.RECURSE('source4/lib/http')
-bld.RECURSE('lib/socket_wrapper')
-bld.RECURSE('lib/nss_wrapper')
-bld.RECURSE('lib/uid_wrapper')
+if bld.CONFIG_GET('SOCKET_WRAPPER'):
+ bld.RECURSE('lib/socket_wrapper')
+if bld.CONFIG_GET('NSS_WRAPPER'):
+ bld.RECURSE('lib/nss_wrapper')
+if bld.CONFIG_GET('UID_WRAPPER'):
+ bld.RECURSE('lib/uid_wrapper')
if bld.CHECK_FOR_THIRD_PARTY():
bld.RECURSE('third_party/zlib')
bld.RECURSE('third_party/popt')
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list