Compare commits
No commits in common. "c8" and "c9" have entirely different histories.
@ -0,0 +1,42 @@
|
|||||||
|
From 18913d384edb8c49c69501fd6db5511312614594 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 27 Oct 2023 12:09:53 +0200
|
||||||
|
Subject: [PATCH] s3:passdb: Do not leak memory in pdb_tdb
|
||||||
|
|
||||||
|
==19938==ERROR: LeakSanitizer: detected memory leaks
|
||||||
|
|
||||||
|
Direct leak of 77 byte(s) in 1 object(s) allocated from:
|
||||||
|
#0 0x7f7d482841f8 in strdup (/lib64/libasan.so.8+0x841f8) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
|
||||||
|
#1 0x7f7d47204846 (bin/shared/libsamba-util.so.0+0x4c846) (BuildId: 43b084eb9013442ac68eb1fc17649f142cbb0f94)
|
||||||
|
#2 0x7f7d40b1d97a in pdb_init_tdbsam ../../source3/passdb/pdb_tdb.c:1361
|
||||||
|
#3 0x7f7d4715f266 (bin/shared/libsamba-passdb.so.0+0x76266) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
|
||||||
|
#4 0x7f7d4715f57a (bin/shared/libsamba-passdb.so.0+0x7657a) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
|
||||||
|
#5 0x7f7d47163700 (bin/shared/libsamba-passdb.so.0+0x7a700) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
|
||||||
|
#6 0x55a9177d3853 in main ../../source3/smbd/server.c:1928
|
||||||
|
#7 0x7f7d434281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Volker Lendecke <vl@samba.org>
|
||||||
|
|
||||||
|
Orabug: 36371906
|
||||||
|
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
source3/passdb/pdb_tdb.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
|
||||||
|
index 4c578f8069d..f9ba193df3b 100644
|
||||||
|
--- a/source3/passdb/pdb_tdb.c
|
||||||
|
+++ b/source3/passdb/pdb_tdb.c
|
||||||
|
@@ -1346,6 +1346,9 @@ static NTSTATUS pdb_init_tdbsam(struct pdb_methods **pdb_method, const char *loc
|
||||||
|
}
|
||||||
|
pfile = tdbfile;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /* Do not leak memory if the init function is called more than once */
|
||||||
|
+ SAFE_FREE(tdbsam_filename);
|
||||||
|
tdbsam_filename = SMB_STRDUP(pfile);
|
||||||
|
if (!tdbsam_filename) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
--
|
@ -0,0 +1,80 @@
|
|||||||
|
From 48493735e2d2091740fe784cf07a4258dfc0b512 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Shaleen Bathla <shaleen.bathla@oracle.com>
|
||||||
|
Date: Wed, 10 Apr 2024 18:31:39 +0530
|
||||||
|
Subject: [PATCH] s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs
|
||||||
|
|
||||||
|
Add missing free for entry variable and its members : key and principal
|
||||||
|
Found definite memory leaks via valgrind as shown below.
|
||||||
|
|
||||||
|
Leak 1 :
|
||||||
|
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
|
||||||
|
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
|
||||||
|
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
|
||||||
|
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
|
||||||
|
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
|
||||||
|
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
|
||||||
|
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
|
||||||
|
==1686== by 0x127F45: process_request_send (winbindd.c:502)
|
||||||
|
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
|
||||||
|
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
|
||||||
|
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
|
||||||
|
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
|
||||||
|
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
|
||||||
|
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
|
||||||
|
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
|
||||||
|
==1686== by 0x1232F3: main (winbindd.c:1718)
|
||||||
|
|
||||||
|
Leak 2 :
|
||||||
|
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
|
||||||
|
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
|
||||||
|
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
|
||||||
|
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
|
||||||
|
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
|
||||||
|
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
|
||||||
|
==1686== by 0x127F45: process_request_send (winbindd.c:502)
|
||||||
|
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
|
||||||
|
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
|
||||||
|
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
|
||||||
|
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
|
||||||
|
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
|
||||||
|
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
|
||||||
|
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
|
||||||
|
==1686== by 0x1232F3: main (winbindd.c:1718)
|
||||||
|
|
||||||
|
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
|
||||||
|
|
||||||
|
Orabug: 36566309
|
||||||
|
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
|
||||||
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
||||||
|
---
|
||||||
|
source3/winbindd/winbindd_pam.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
|
||||||
|
index 6c890c8acd5..e7d64189b7e 100644
|
||||||
|
--- a/source3/winbindd/winbindd_pam.c
|
||||||
|
+++ b/source3/winbindd/winbindd_pam.c
|
||||||
|
@@ -3433,12 +3433,17 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
|
||||||
|
NULL, /* client_principal */
|
||||||
|
0, /* tgs_authtime */
|
||||||
|
p_pac_data);
|
||||||
|
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
|
||||||
|
if (NT_STATUS_IS_OK(status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- k5ret = smb_krb5_kt_free_entry(krbctx, &entry);
|
||||||
|
k5ret = krb5_kt_next_entry(krbctx, keytab, &entry, &cursor);
|
||||||
|
}
|
||||||
|
+ if (k5ret != 0 && k5ret != KRB5_KT_END) {
|
||||||
|
+ DEBUG(1, ("Failed to get next entry: %s\n",
|
||||||
|
+ error_message(k5ret)));
|
||||||
|
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
k5ret = krb5_kt_end_seq_get(krbctx, keytab, &cursor);
|
||||||
|
if (k5ret) {
|
@ -1,7 +1,7 @@
|
|||||||
From 3c29fc78029e1274f931e171c9e04c19ad0182c1 Mon Sep 17 00:00:00 2001
|
From 3c29fc78029e1274f931e171c9e04c19ad0182c1 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 17 Aug 2023 01:05:54 +0300
|
Date: Thu, 17 Aug 2023 01:05:54 +0300
|
||||||
Subject: [PATCH 01/28] gp: Support more global trust directories
|
Subject: [PATCH 01/25] gp: Support more global trust directories
|
||||||
|
|
||||||
In addition to the SUSE global trust directory, add support for RHEL and
|
In addition to the SUSE global trust directory, add support for RHEL and
|
||||||
Debian-based distributions (including Ubuntu).
|
Debian-based distributions (including Ubuntu).
|
||||||
@ -60,13 +60,13 @@ index 312c8ddf467..1b90ab46e90 100644
|
|||||||
# Symlink the certs to global trust dir
|
# Symlink the certs to global trust dir
|
||||||
dst = os.path.join(global_trust_dir, os.path.basename(src))
|
dst = os.path.join(global_trust_dir, os.path.basename(src))
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 063606e8ec83a58972df47eb561ab267f8937ba4 Mon Sep 17 00:00:00 2001
|
From 063606e8ec83a58972df47eb561ab267f8937ba4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 17 Aug 2023 01:09:28 +0300
|
Date: Thu, 17 Aug 2023 01:09:28 +0300
|
||||||
Subject: [PATCH 02/28] gp: Support update-ca-trust helper
|
Subject: [PATCH 02/25] gp: Support update-ca-trust helper
|
||||||
|
|
||||||
This is used on RHEL/Fedora instead of update-ca-certificates. They
|
This is used on RHEL/Fedora instead of update-ca-certificates. They
|
||||||
behave similarly so it's enough to change the command name.
|
behave similarly so it's enough to change the command name.
|
||||||
@ -104,13 +104,13 @@ index 1b90ab46e90..cefdafa21b2 100644
|
|||||||
Popen([update]).wait()
|
Popen([update]).wait()
|
||||||
# Setup Certificate Auto Enrollment
|
# Setup Certificate Auto Enrollment
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 3b548bf280ca59ef12a7af10a9131813067a850a Mon Sep 17 00:00:00 2001
|
From 3b548bf280ca59ef12a7af10a9131813067a850a Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 11 Aug 2023 18:46:42 +0300
|
Date: Fri, 11 Aug 2023 18:46:42 +0300
|
||||||
Subject: [PATCH 03/28] gp: Change root cert extension suffix
|
Subject: [PATCH 03/25] gp: Change root cert extension suffix
|
||||||
|
|
||||||
On Ubuntu, certificates must end in '.crt' in order to be considered by
|
On Ubuntu, certificates must end in '.crt' in order to be considered by
|
||||||
the `update-ca-certificates` helper.
|
the `update-ca-certificates` helper.
|
||||||
@ -138,13 +138,13 @@ index cefdafa21b2..c562722906b 100644
|
|||||||
w.write(cert)
|
w.write(cert)
|
||||||
root_certs.append(dest)
|
root_certs.append(dest)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 7592ed5032836dc43f657f66607a0a4661edcdb4 Mon Sep 17 00:00:00 2001
|
From 7592ed5032836dc43f657f66607a0a4661edcdb4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:06:43 +0300
|
Date: Fri, 18 Aug 2023 17:06:43 +0300
|
||||||
Subject: [PATCH 04/28] gp: Test with binary content for certificate data
|
Subject: [PATCH 04/25] gp: Test with binary content for certificate data
|
||||||
|
|
||||||
This fails all GPO-related tests that call `gpupdate --rsop`.
|
This fails all GPO-related tests that call `gpupdate --rsop`.
|
||||||
|
|
||||||
@ -216,13 +216,13 @@ index 00000000000..0aad59607c2
|
|||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 7f7b235bda9e85c5ea330e52e734d1113a884571 Mon Sep 17 00:00:00 2001
|
From 7f7b235bda9e85c5ea330e52e734d1113a884571 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:20:11 +0300
|
Date: Wed, 16 Aug 2023 12:20:11 +0300
|
||||||
Subject: [PATCH 05/28] gp: Convert CA certificates to base64
|
Subject: [PATCH 05/25] gp: Convert CA certificates to base64
|
||||||
|
|
||||||
I don't know whether this applies universally, but in our case the
|
I don't know whether this applies universally, but in our case the
|
||||||
contents of `es['cACertificate'][0]` are binary, so cleanly converting
|
contents of `es['cACertificate'][0]` are binary, so cleanly converting
|
||||||
@ -289,13 +289,13 @@ index 0aad59607c2..00000000000
|
|||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 49cc74015a603e80048a38fe635cd1ac28938ee4 Mon Sep 17 00:00:00 2001
|
From 49cc74015a603e80048a38fe635cd1ac28938ee4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:16:23 +0300
|
Date: Fri, 18 Aug 2023 17:16:23 +0300
|
||||||
Subject: [PATCH 06/28] gp: Test adding new cert templates enforces changes
|
Subject: [PATCH 06/25] gp: Test adding new cert templates enforces changes
|
||||||
|
|
||||||
Ensure that cepces-submit reporting additional templates and re-applying
|
Ensure that cepces-submit reporting additional templates and re-applying
|
||||||
will enforce the updated policy.
|
will enforce the updated policy.
|
||||||
@ -422,13 +422,13 @@ index 00000000000..4edc1dce730
|
|||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 4c0906bd79f030e591701234bc54bc749a42d686 Mon Sep 17 00:00:00 2001
|
From 4c0906bd79f030e591701234bc54bc749a42d686 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:37:17 +0300
|
Date: Wed, 16 Aug 2023 12:37:17 +0300
|
||||||
Subject: [PATCH 07/28] gp: Template changes should invalidate cache
|
Subject: [PATCH 07/25] gp: Template changes should invalidate cache
|
||||||
|
|
||||||
If certificate templates are added or removed, the autoenroll extension
|
If certificate templates are added or removed, the autoenroll extension
|
||||||
should react to this and reapply the policy. Previously this wasn't
|
should react to this and reapply the policy. Previously this wasn't
|
||||||
@ -487,13 +487,13 @@ index 4edc1dce730..00000000000
|
|||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From e61f30dc2518d5a1c239f090baea4a309307f3f8 Mon Sep 17 00:00:00 2001
|
From e61f30dc2518d5a1c239f090baea4a309307f3f8 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:26:59 +0300
|
Date: Fri, 18 Aug 2023 17:26:59 +0300
|
||||||
Subject: [PATCH 08/28] gp: Test disabled enrollment unapplies policy
|
Subject: [PATCH 08/25] gp: Test disabled enrollment unapplies policy
|
||||||
|
|
||||||
For this we need to stage a Registry.pol file with certificate
|
For this we need to stage a Registry.pol file with certificate
|
||||||
autoenrollment enabled, but with checkboxes unticked.
|
autoenrollment enabled, but with checkboxes unticked.
|
||||||
@ -588,13 +588,13 @@ index 00000000000..83bc9f0ac1f
|
|||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 7757b9b48546d71e19798d1260da97780caa99c3 Mon Sep 17 00:00:00 2001
|
From 7757b9b48546d71e19798d1260da97780caa99c3 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:33:59 +0300
|
Date: Wed, 16 Aug 2023 12:33:59 +0300
|
||||||
Subject: [PATCH 09/28] gp: Send list of keys instead of dict to remove
|
Subject: [PATCH 09/25] gp: Send list of keys instead of dict to remove
|
||||||
|
|
||||||
`cache_get_all_attribute_values` returns a dict whereas we need to pass
|
`cache_get_all_attribute_values` returns a dict whereas we need to pass
|
||||||
a list of keys to `remove`. These will be interpolated in the gpdb search.
|
a list of keys to `remove`. These will be interpolated in the gpdb search.
|
||||||
@ -634,13 +634,13 @@ index 83bc9f0ac1f..00000000000
|
|||||||
@@ -1 +0,0 @@
|
@@ -1 +0,0 @@
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 4e9b2e6409c5764ec0e66cc6c90b08e70f702e7c Mon Sep 17 00:00:00 2001
|
From 4e9b2e6409c5764ec0e66cc6c90b08e70f702e7c Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Tue, 9 Jan 2024 08:50:01 +0100
|
Date: Tue, 9 Jan 2024 08:50:01 +0100
|
||||||
Subject: [PATCH 10/28] python:gp: Print a nice message if cepces-submit can't
|
Subject: [PATCH 10/25] python:gp: Print a nice message if cepces-submit can't
|
||||||
be found
|
be found
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
|
||||||
@ -691,13 +691,13 @@ index 64c35782ae8..08d1a7348cd 100644
|
|||||||
|
|
||||||
def getca(ca, url, trust_dir):
|
def getca(ca, url, trust_dir):
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From fb3aefff51c02cf8ba3f8dfeb7d3f971e8d4902a Mon Sep 17 00:00:00 2001
|
From fb3aefff51c02cf8ba3f8dfeb7d3f971e8d4902a Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Mon, 8 Jan 2024 18:05:08 +0200
|
Date: Mon, 8 Jan 2024 18:05:08 +0200
|
||||||
Subject: [PATCH 11/28] gpo: Test certificate policy without NDES
|
Subject: [PATCH 11/25] gpo: Test certificate policy without NDES
|
||||||
|
|
||||||
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
|
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
|
||||||
cert auto-enroll can use the certificate from the LDAP request.
|
cert auto-enroll can use the certificate from the LDAP request.
|
||||||
@ -895,13 +895,13 @@ index 00000000000..f1e590bc7d8
|
|||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 1a9af36177c7491687c75df151474bb10285f00e Mon Sep 17 00:00:00 2001
|
From 1a9af36177c7491687c75df151474bb10285f00e Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 18 Jan 2024 20:23:24 +0200
|
Date: Thu, 18 Jan 2024 20:23:24 +0200
|
||||||
Subject: [PATCH 12/28] gpo: Decode base64 root cert before importing
|
Subject: [PATCH 12/25] gpo: Decode base64 root cert before importing
|
||||||
|
|
||||||
The reasoning behind this is described in the previous commit message,
|
The reasoning behind this is described in the previous commit message,
|
||||||
but essentially this should either be wrapped in certificate blocks and
|
but essentially this should either be wrapped in certificate blocks and
|
||||||
@ -948,13 +948,13 @@ index f1e590bc7d8..00000000000
|
|||||||
@@ -1 +0,0 @@
|
@@ -1 +0,0 @@
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From f5fc88f9ae255f4dc135580f0fa4a02f5addc390 Mon Sep 17 00:00:00 2001
|
From f5fc88f9ae255f4dc135580f0fa4a02f5addc390 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 19 Jan 2024 11:36:19 +0200
|
Date: Fri, 19 Jan 2024 11:36:19 +0200
|
||||||
Subject: [PATCH 13/28] gpo: Do not get templates list on first run
|
Subject: [PATCH 13/25] gpo: Do not get templates list on first run
|
||||||
|
|
||||||
This is a visual fix and has no impact on functionality apart from
|
This is a visual fix and has no impact on functionality apart from
|
||||||
cleaner log messages.
|
cleaner log messages.
|
||||||
@ -997,13 +997,13 @@ index cd5e54f1110..559c903e1a2 100644
|
|||||||
if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
|
if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
|
||||||
self.unapply(guid, attribute, old_val)
|
self.unapply(guid, attribute, old_val)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From e8a6219181f2af87813b53fd09684650c1aa6f90 Mon Sep 17 00:00:00 2001
|
From e8a6219181f2af87813b53fd09684650c1aa6f90 Mon Sep 17 00:00:00 2001
|
||||||
From: David Mulder <dmulder@samba.org>
|
From: David Mulder <dmulder@samba.org>
|
||||||
Date: Fri, 5 Jan 2024 08:47:07 -0700
|
Date: Fri, 5 Jan 2024 08:47:07 -0700
|
||||||
Subject: [PATCH 14/28] gp: Skip site GP list if no site is found
|
Subject: [PATCH 14/25] gp: Skip site GP list if no site is found
|
||||||
|
|
||||||
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
|
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
|
||||||
search returns ERROR_NO_SITENAME, the GP site
|
search returns ERROR_NO_SITENAME, the GP site
|
||||||
@ -1065,13 +1065,13 @@ index 617ef79350c..babd8f90748 100644
|
|||||||
# (L)ocal
|
# (L)ocal
|
||||||
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
|
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From d0d1a890d6f2466691fa4ee663232ee0bd1c3776 Mon Sep 17 00:00:00 2001
|
From d0d1a890d6f2466691fa4ee663232ee0bd1c3776 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 14:14:30 +0100
|
Date: Mon, 22 Jan 2024 14:14:30 +0100
|
||||||
Subject: [PATCH 15/28] python:gp: Avoid path check for cepces-submit
|
Subject: [PATCH 15/25] python:gp: Avoid path check for cepces-submit
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1111,13 +1111,13 @@ index 559c903e1a2..7325d5132cf 100644
|
|||||||
'%s --server=%s --auth=%s' % (cepces_submit,
|
'%s --server=%s --auth=%s' % (cepces_submit,
|
||||||
ca['hostname'], auth)],
|
ca['hostname'], auth)],
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 7f6c9a4945635c6eb8ada2255bd0febbf0f4e540 Mon Sep 17 00:00:00 2001
|
From 7f6c9a4945635c6eb8ada2255bd0febbf0f4e540 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 14:07:47 +0100
|
Date: Mon, 22 Jan 2024 14:07:47 +0100
|
||||||
Subject: [PATCH 16/28] python:gp: Improve logging for certificate enrollment
|
Subject: [PATCH 16/25] python:gp: Improve logging for certificate enrollment
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1171,13 +1171,13 @@ index 7325d5132cf..a25a9678587 100644
|
|||||||
getcert = which('getcert')
|
getcert = which('getcert')
|
||||||
cepces_submit = find_cepces_submit()
|
cepces_submit = find_cepces_submit()
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 5321d5b5bd24d7659743576f2e12a7dc0a93a828 Mon Sep 17 00:00:00 2001
|
From 5321d5b5bd24d7659743576f2e12a7dc0a93a828 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:04:36 +0100
|
Date: Mon, 22 Jan 2024 15:04:36 +0100
|
||||||
Subject: [PATCH 17/28] python:gp: Do not print an error, if CA already exists
|
Subject: [PATCH 17/25] python:gp: Do not print an error, if CA already exists
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1217,13 +1217,13 @@ index a25a9678587..0b23cd688db 100644
|
|||||||
for template in supported_templates:
|
for template in supported_templates:
|
||||||
attrs = fetch_template_attrs(ldb, template)
|
attrs = fetch_template_attrs(ldb, template)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 6a7a8a4090b8cdb8e71f4ad590260ceeda253ce2 Mon Sep 17 00:00:00 2001
|
From 6a7a8a4090b8cdb8e71f4ad590260ceeda253ce2 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:05:02 +0100
|
Date: Mon, 22 Jan 2024 15:05:02 +0100
|
||||||
Subject: [PATCH 18/28] python:gp: Do not print an error if template already
|
Subject: [PATCH 18/25] python:gp: Do not print an error if template already
|
||||||
exists
|
exists
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1264,13 +1264,13 @@ index 0b23cd688db..db681cb6f69 100644
|
|||||||
data['templates'].append(nickname)
|
data['templates'].append(nickname)
|
||||||
if update is not None:
|
if update is not None:
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 43dc3d5d833bc1db885eb45402decd3225a7c946 Mon Sep 17 00:00:00 2001
|
From 43dc3d5d833bc1db885eb45402decd3225a7c946 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:05:24 +0100
|
Date: Mon, 22 Jan 2024 15:05:24 +0100
|
||||||
Subject: [PATCH 19/28] python:gp: Log an error if update fails
|
Subject: [PATCH 19/25] python:gp: Log an error if update fails
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1301,13 +1301,13 @@ index db681cb6f69..c8ad2039dc6 100644
|
|||||||
log.warn('certmonger and cepces must be installed for ' +
|
log.warn('certmonger and cepces must be installed for ' +
|
||||||
'certificate auto enrollment to work')
|
'certificate auto enrollment to work')
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From d8276d6a098d10f405b8f24c4dfb82af4496607c Mon Sep 17 00:00:00 2001
|
From d8276d6a098d10f405b8f24c4dfb82af4496607c Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:46:24 +0100
|
Date: Mon, 22 Jan 2024 15:46:24 +0100
|
||||||
Subject: [PATCH 20/28] python:gp: Improve working of log messages to avoid
|
Subject: [PATCH 20/25] python:gp: Improve working of log messages to avoid
|
||||||
confusion
|
confusion
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1354,13 +1354,13 @@ index c8ad2039dc6..2b7f7d22c2b 100644
|
|||||||
log.warn('Installing the server certificate only.')
|
log.warn('Installing the server certificate only.')
|
||||||
der_certificate = base64.b64decode(ca['cACertificate'])
|
der_certificate = base64.b64decode(ca['cACertificate'])
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 585357bf0d8889747a2769c2451ee34766087d95 Mon Sep 17 00:00:00 2001
|
From 585357bf0d8889747a2769c2451ee34766087d95 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 29 Jan 2024 17:46:30 +0100
|
Date: Mon, 29 Jan 2024 17:46:30 +0100
|
||||||
Subject: [PATCH 21/28] python:gp: Fix logging with gp
|
Subject: [PATCH 21/25] python:gp: Fix logging with gp
|
||||||
|
|
||||||
This allows enable INFO level logging with: `samba-gpupdate -d3`
|
This allows enable INFO level logging with: `samba-gpupdate -d3`
|
||||||
|
|
||||||
@ -1396,13 +1396,13 @@ index a74a8707d50..c3de32825db 100644
|
|||||||
logger.setLevel(logging.CRITICAL)
|
logger.setLevel(logging.CRITICAL)
|
||||||
if log_level == 1:
|
if log_level == 1:
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 14ceb0b5f2f954bbabdaf78b8185fc515e3c8294 Mon Sep 17 00:00:00 2001
|
From c188f44cf1037f751763db853ab3758d564c0bcd Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
||||||
Subject: [PATCH 22/28] docs-xml: Add parameter all_groupmem to idmap_ad
|
Subject: [PATCH 22/25] docs-xml: Add parameter all_groupmem to idmap_ad
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1438,13 +1438,13 @@ index b364bbfa231..de6d36afe95 100644
|
|||||||
<listitem><para>This parameter is a list of OUs from
|
<listitem><para>This parameter is a list of OUs from
|
||||||
which objects will not be mapped via the ad idmap
|
which objects will not be mapped via the ad idmap
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From ac4184c8c3220263cb6f1a46a012533ed1c4e047 Mon Sep 17 00:00:00 2001
|
From 270121c01a04e81704c33e1ce72fe3679dc55911 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
||||||
Subject: [PATCH 23/28] s3:winbindd: Improve performance of lookup_groupmem()
|
Subject: [PATCH 23/25] s3:winbindd: Improve performance of lookup_groupmem()
|
||||||
in idmap_ad
|
in idmap_ad
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1521,13 +1521,13 @@ index d7a665abbc6..e625aa6473f 100644
|
|||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From d0e2002efcc37055b35c351a6b936e6ab89fad32 Mon Sep 17 00:00:00 2001
|
From 4f9f3c9b8d5d229c0c1da17af3a457b1b49ae353 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
||||||
Subject: [PATCH 24/28] selftest: Add "winbind expand groups = 1" to
|
Subject: [PATCH 24/25] selftest: Add "winbind expand groups = 1" to
|
||||||
setup_ad_member_idmap_ad
|
setup_ad_member_idmap_ad
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1537,7 +1537,7 @@ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
|||||||
|
|
||||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
(backported from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
(cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
||||||
---
|
---
|
||||||
selftest/target/Samba3.pm | 1 +
|
selftest/target/Samba3.pm | 1 +
|
||||||
1 file changed, 1 insertion(+)
|
1 file changed, 1 insertion(+)
|
||||||
@ -1555,13 +1555,13 @@ index 44ac4a5901a..606c65f8ab1 100755
|
|||||||
|
|
||||||
my $ret = $self->provision(
|
my $ret = $self->provision(
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From 9625b6aed981aa4e70fe11d9d1acdb54db7591a3 Mon Sep 17 00:00:00 2001
|
From 569d942a39154bcf1267339bbb79253ac8c89416 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
||||||
Subject: [PATCH 25/28] tests: Add a test for "all_groups=no" to
|
Subject: [PATCH 25/25] tests: Add a test for "all_groups=no" to
|
||||||
test_idmap_ad.sh
|
test_idmap_ad.sh
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1628,160 +1628,5 @@ index 7ae112ada71..1d4bd395ba9 100755
|
|||||||
changetype: delete
|
changetype: delete
|
||||||
EOF
|
EOF
|
||||||
--
|
--
|
||||||
2.45.2
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
From e5890e63c35a4a5af29ae16e6dd734c4a3a304cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:51:53 +0200
|
|
||||||
Subject: [PATCH 26/28] s3:libads: Allow get_kdc_ip_string() to lookup the KDCs
|
|
||||||
IP
|
|
||||||
|
|
||||||
Remove the requirement to provide an IP address. We should look up the
|
|
||||||
IP of the KDC and use it for the specified realm/workgroup.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb)
|
|
||||||
---
|
|
||||||
source3/libads/kerberos.c | 30 +++++++++++++++---------------
|
|
||||||
1 file changed, 15 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
|
||||||
index 50f4a6de3c6..ddf97c11973 100644
|
|
||||||
--- a/source3/libads/kerberos.c
|
|
||||||
+++ b/source3/libads/kerberos.c
|
|
||||||
@@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
|
||||||
char *kdc_str = NULL;
|
|
||||||
char *canon_sockaddr = NULL;
|
|
||||||
|
|
||||||
- SMB_ASSERT(pss != NULL);
|
|
||||||
-
|
|
||||||
- canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
|
||||||
- if (canon_sockaddr == NULL) {
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
+ if (pss != NULL) {
|
|
||||||
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
|
||||||
+ if (canon_sockaddr == NULL) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- kdc_str = talloc_asprintf(frame,
|
|
||||||
- "\t\tkdc = %s\n",
|
|
||||||
- canon_sockaddr);
|
|
||||||
- if (kdc_str == NULL) {
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
+ kdc_str = talloc_asprintf(frame,
|
|
||||||
+ "\t\tkdc = %s\n",
|
|
||||||
+ canon_sockaddr);
|
|
||||||
+ if (kdc_str == NULL) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
|
||||||
- if (!ok) {
|
|
||||||
- goto out;
|
|
||||||
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
|
||||||
+ if (!ok) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From 96a1ecd8db249fa03db60259cf76fdef9c1bd749 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:53:51 +0200
|
|
||||||
Subject: [PATCH 27/28] s3:libads: Do not fail if we don't get an IP passed
|
|
||||||
down
|
|
||||||
|
|
||||||
The IP should be optional and we should look it up if not provided.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2)
|
|
||||||
---
|
|
||||||
source3/libads/kerberos.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
|
||||||
index ddf97c11973..f74d8eb567c 100644
|
|
||||||
--- a/source3/libads/kerberos.c
|
|
||||||
+++ b/source3/libads/kerberos.c
|
|
||||||
@@ -704,7 +704,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (domain == NULL || pss == NULL) {
|
|
||||||
+ if (domain == NULL) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From 4934642b7a7d92c6d81ba25ef6e4b66e3805f708 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:54:24 +0200
|
|
||||||
Subject: [PATCH 28/28] s3:winbind: Fix idmap_ad creating an invalid local
|
|
||||||
krb5.conf
|
|
||||||
|
|
||||||
In case of a trusted domain, we are providing the realm of the primary
|
|
||||||
trust but specify the KDC IP of the trusted domain. This leads to
|
|
||||||
Kerberos ticket requests to the trusted domain KDC which doesn't know
|
|
||||||
about the machine account. However we need a ticket from our primary
|
|
||||||
trust KDC.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee)
|
|
||||||
---
|
|
||||||
source3/winbindd/idmap_ad.c | 11 +++++++++--
|
|
||||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
|
|
||||||
index 5c9fe07db95..b8002825161 100644
|
|
||||||
--- a/source3/winbindd/idmap_ad.c
|
|
||||||
+++ b/source3/winbindd/idmap_ad.c
|
|
||||||
@@ -320,7 +320,10 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
|
||||||
struct tldap_context **pld)
|
|
||||||
{
|
|
||||||
struct netr_DsRGetDCNameInfo *dcinfo;
|
|
||||||
- struct sockaddr_storage dcaddr;
|
|
||||||
+ struct sockaddr_storage dcaddr = {
|
|
||||||
+ .ss_family = AF_UNSPEC,
|
|
||||||
+ };
|
|
||||||
+ struct sockaddr_storage *pdcaddr = NULL;
|
|
||||||
struct cli_credentials *creds;
|
|
||||||
struct loadparm_context *lp_ctx;
|
|
||||||
struct tldap_context *ld;
|
|
||||||
@@ -362,9 +365,13 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
|
||||||
* create_local_private_krb5_conf_for_domain() can deal with
|
|
||||||
* sitename==NULL
|
|
||||||
*/
|
|
||||||
+ if (strequal(domname, lp_realm()) || strequal(domname, lp_workgroup()))
|
|
||||||
+ {
|
|
||||||
+ pdcaddr = &dcaddr;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
ok = create_local_private_krb5_conf_for_domain(
|
|
||||||
- lp_realm(), lp_workgroup(), sitename, &dcaddr);
|
|
||||||
+ lp_realm(), lp_workgroup(), sitename, pdcaddr);
|
|
||||||
TALLOC_FREE(sitename);
|
|
||||||
if (!ok) {
|
|
||||||
DBG_DEBUG("Could not create private krb5.conf\n");
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
@ -18,9 +18,6 @@
|
|||||||
load printers = yes
|
load printers = yes
|
||||||
cups options = raw
|
cups options = raw
|
||||||
|
|
||||||
# Install samba-usershares package for support
|
|
||||||
include = /etc/samba/usershares.conf
|
|
||||||
|
|
||||||
[homes]
|
[homes]
|
||||||
comment = Home Directories
|
comment = Home Directories
|
||||||
valid users = %S, %D%w%S
|
valid users = %S, %D%w%S
|
||||||
|
854
SPECS/samba.spec
854
SPECS/samba.spec
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user