[Pkg-samba-maint] [Git][samba-team/samba][master] 2052 commits: VERSION: Bump version up to 4.19.0pre1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Sep 4 21:00:17 BST 2023
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
d6634f29 by Jule Anger at 2023-01-18T16:26:36+00:00
VERSION: Bump version up to 4.19.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6c477502 by Jule Anger at 2023-01-18T16:26:36+00:00
WHATSNEW: Start release notes for Samba 4.19.0pre1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
84f56f2b by Stefan Metzmacher at 2023-01-18T17:25:51+00:00
ldb: change the version to 2.8.0 for Samba 4.19
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jan 18 17:25:51 UTC 2023 on atb-devel-224
- - - - -
872ea49a by Volker Lendecke at 2023-01-19T09:24:15+00:00
kdc: Don't reference ENODATA in platform-independent code
FreeBSD has ENOATTR but not ENODATA, Linux has ENODATA but not ENOATTR for
returning "attr does not exist". With 2eb899de6a2 we settled on ENOATTR to
handle this case.
Alternatively we could
#define ENODATA ENOATTR
on FreeBSD...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: douglas.bagnall at catalyst.net.nz
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 19 09:24:15 UTC 2023 on atb-devel-224
- - - - -
fcecdfa8 by Samuel Cabrero at 2023-01-19T10:20:27+00:00
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
This function already exists in bind9 but takes different arguments, so when
the DLZ is loaded and this function is called bind crashes:
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace
Backtrace:
#0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007f2716c42816 in raise () from /lib64/libc.so.6
#2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6
#3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
#4 0x00007f27176388fc in isc_assertion_failed (file=file at entry=0x7f27173b0df6 "name.c",
line=line at entry=664, type=type at entry=isc_assertiontype_require,
cond=cond at entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
#5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
**** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****
#6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dnsserver_common.c:1346
#7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dlz_bind9.c:1830
#8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
#9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
#10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
#11 0x00007f2717251855 in diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20, warn=warn at entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
#12 0x00007f2717251c8a in dns_diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
#13 0x00007f2717d105aa in do_one_tuple (tuple=tuple at entry=0x7f2706ff8e50, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20, diff=diff at entry=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
#14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
#15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
#16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
type=<optimized out>, covers=<optimized out>,
rr_action=rr_action at entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
#17 0x00007f2717d10e76 in delete_if (predicate=predicate at entry=0x7f2717d0fb10 <true_p>,
db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
#18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
#19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
#20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
#21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
at netmgr/netmgr.c:840
#22 process_netievent (worker=worker at entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
#23 0x00007f271762d197 in process_queue (worker=worker at entry=0x7f2716236560,
type=type at entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
#24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
#25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
#26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
at src/unix/async.c:163
#27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
at src/unix/epoll.c:374
#28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
at src/unix/udp.c:122
#29 uv_run (loop=loop at entry=0x7f2716236570, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:406
#30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
#31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
#32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
#33 0x00007f2716d19344 in clone () from /lib64/libc.so.6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224
- - - - -
370b7772 by Stefan Metzmacher at 2023-01-19T18:47:35+00:00
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91f1567c by Stefan Metzmacher at 2023-01-19T19:46:01+00:00
s3:rpc_server/mdssvc: don't crash mdssvc_tracker_shutdown with NULL glue
If mdssvc_tracker_shutdown() is called without any mds_tracker_connect()
we would crash as mdssvc_tracker_init() don't call
mdssvc_tracker_prepare().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 19 19:46:01 UTC 2023 on atb-devel-224
- - - - -
25389103 by Andreas Schneider at 2023-01-20T09:06:49+00:00
python: Don't use deprecated escape sequences
Certain escape sequences are not valid in Python string literals, and
will eventually result in a SyntaxError.
Follow up patch of 5045382c6dd04b1bae0eaaae823be908213ff079
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 20 09:06:49 UTC 2023 on atb-devel-224
- - - - -
35a32171 by Volker Lendecke at 2023-01-24T08:19:34+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1a66267 by Volker Lendecke at 2023-01-24T08:19:34+00:00
smbd: Save a few lines in smb2srv_open_lookup_replay_cache()
Directly initialize variables, don't leave dangling pointers in TDB_DATA
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
3c779de8 by Volker Lendecke at 2023-01-24T08:19:34+00:00
smbd: Simplify smbXsrv_open_global_verify_record()
Don't depend on the record to be passed in, return NTSTATUS. The two
flags were a bit confusing to me, now NT_STATUS_OK means "found a
valid record with a live process", and NT_STATUS_FATAL_APP_EXIT means
we found a stale record from a crashed smbd
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
2f677674 by Volker Lendecke at 2023-01-24T08:19:34+00:00
smbd: Move smbXsrv_open_global_parse_record() up in smbXsrv_open.c
Avoid a prototype in the next patches
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
132b83d0 by Volker Lendecke at 2023-01-24T08:19:34+00:00
smbd: Simplify smbXsrv_open_global_parse_record()
It does not need a db_record.
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
f7b50bc0 by Volker Lendecke at 2023-01-24T09:15:26+00:00
smbd: Use smbXsrv_open_global_parse_record() in .._verify_record()
Signed-off-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jan 24 09:15:26 UTC 2023 on atb-devel-224
- - - - -
55a49527 by Andreas Schneider at 2023-01-26T12:15:33+00:00
lib:util: Remove trailing whitespaces from time.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fcf05b1d by Andreas Schneider at 2023-01-26T12:15:33+00:00
lib:util: Print data in ISO 8601 format
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9440cb73 by Andreas Schneider at 2023-01-26T12:15:33+00:00
lib:param: Remove trailing whitespaces from loadparm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ac0e844e by Andreas Schneider at 2023-01-26T12:15:33+00:00
param: Use a higher time resolution for lp_file_list_changed()
It is possible that in our test environment one of the config 'include' files
change more than once per second. To avoid missing a file update we use a
higher time resolution than seconds.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6f0e4d5 by Andreas Schneider at 2023-01-26T12:15:33+00:00
python:tests: Avoid exceptions in cleanup code if a test fails in smb3unix.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
56c6f0b6 by Andreas Schneider at 2023-01-26T13:13:50+00:00
selftest: Only run samba.tests.smb3unix in developer mode
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jan 26 13:13:50 UTC 2023 on atb-devel-224
- - - - -
fd7187da by Andreas Schneider at 2023-01-26T14:10:36+00:00
s3:tests: Add support for SMBD_DONT_LOG_STDOUT=1 in test_chdir_cache.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15291
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c7a3b256 by Andreas Schneider at 2023-01-26T14:10:36+00:00
selftest: Update devel_env.sh for SAMBA_DCERPCD_DONT_LOG_STDOUT=1
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipen at redhat.com>
- - - - -
13d2db03 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
debug: Fix whitespaces in debug.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e3e687b6 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
debug: Call depth: Interface
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ba3b1b0 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
debug: Call depth: Print ", depth=..." in the debug header
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3b1b37b1 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
debug: Call depth: Indent the debug text
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6c12115 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
s3:winbind: Activate the call depth tracking in main winbindd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4b6e8e1c by Pavel Filipenský at 2023-01-26T14:10:36+00:00
s3:winbind: Deactivate call depth tracking in child winbindd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
51d559d8 by Pavel Filipenský at 2023-01-26T14:10:36+00:00
s3:winbind: Move tevent_req_create() before debug macros to have the right call depth
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c2f8fde9 by Pavel Filipenský at 2023-01-26T15:07:57+00:00
s3:test: Test winbind call depth trace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jan 26 15:07:57 UTC 2023 on atb-devel-224
- - - - -
2a104556 by Noel Power at 2023-01-26T16:03:49+00:00
s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs
In a cluster setup samba-bgqd async callback
cups_pcap_load_async can access messaging_ctdb_fde_ev associated
with already destructed global_ctdb_ctx_destructor
==26053== Invalid read of size 8
==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301)
==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd
==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141)
==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4157380: messaging_reinit (messages.c:646)
==26053== by 0x416C01E: reinit_after_fork (util.c:488)
==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Block was alloc'd at
==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783)
==26053== by 0x40B1B23: __talloc (talloc.c:825)
==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982)
==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421)
==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93)
==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75)
==26053== by 0x415702A: messaging_init_internal (messages.c:563)
==26053== by 0x41572FD: messaging_init (messages.c:622)
==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62)
==26053== by 0x12273B: main (samba-bgqd.c:271)
==26053==
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Jan 26 16:03:49 UTC 2023 on atb-devel-224
- - - - -
96154a26 by Michael Tokarev at 2023-01-26T20:46:11+00:00
spelling fixes for 4.18 (errror implemenation proces Controler)
One of changes is somewhat interesting, it is "tfork waiter proces"
process title in tfork.c. I wonder why no one noticed this before.
There's another similar process title in there, "tfork waiter process(%d)".
Hopefully no one does grep for "proces$" (and there's no reason to).
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 26 20:46:11 UTC 2023 on atb-devel-224
- - - - -
7e0eb0f3 by Jeremy Allison at 2023-01-27T08:30:35+00:00
s3:lib: Change file_modtime() to return an error code and a struct timespec.
Removes need for external stat() code when checking for timechange.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 27 08:30:35 UTC 2023 on atb-devel-224
- - - - -
e40faf7a by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo show command list policies
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
d6194600 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: Move create_directory_hier to a common file
This is in preparation for needing it here later.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0f8d7ca by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: Move smb_connection to a common file
This is in preparation for needing it here later.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee37e3cd by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load/remove commands
These commands allow the setting of various group
policies on the sysvol.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
dc672533 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: Test gpo load/remove commands
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
ea619d70 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load/remove bytes
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
00e40f9f by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load/remove increment GPT.INI
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
a3452147 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load extension names
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
e7737d6b by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load add Registry ext by default
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
6f373603 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load set ntacl with SYSVOL file creation
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
e6032703 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo load provide option for replace vs merge
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
3b0d78a3 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: gpo show/load handle utf-16-le strings
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
a4530c15 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: Test gpo show/load handling of utf-16-le strings
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Tested-by: Kees van Vloten <keesvanvloten at gmail.com>
- - - - -
a15208f6 by David Mulder at 2023-01-30T09:00:39+00:00
samba-tool: Use ntstatus constants in gpo commands
Replace all the hard coded instances of ntstatus
codes in the samba-tool gpo commands with
constants from samba.ntstatus.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41aa379a by Joseph Sutton at 2023-01-30T09:00:39+00:00
python: Replace calls to deprecated methods
These aliases are deprecated and have been removed in Python 3.12.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6712c70 by Andreas Schneider at 2023-01-30T10:00:27+00:00
script:autobuild: Make sure we can send a failure mail
We should not run into an exception if the file doesn't exist.
Traceback (most recent call last):
File "script/autobuild.py", line 1781, in <module>
email_failure(-1, 'rebase', 'rebase', 'rebase',
File "script/autobuild.py", line 1677, in email_failure
f = open("%s/%s.stdout" % (gitroot, failed_tag), 'r')
FileNotFoundError: [Errno 2] No such file or directory:
'samba-autobuild/rebase.stdout'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jan 30 10:00:27 UTC 2023 on atb-devel-224
- - - - -
d43adae8 by Andrew Bartlett at 2023-01-31T12:50:32+00:00
s4-dsdb: Rework dsdb_find_dn_by_guid() to use GUID_buf_string()
This avoids a talloc_strdup() and so a failure path.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2c7bb587 by Andrew Bartlett at 2023-01-31T12:50:32+00:00
s4-dsdb: Add tests of SamDB.get_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bee45e6b by Andrew Bartlett at 2023-01-31T12:50:32+00:00
s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a150a2dc by Andrew Bartlett at 2023-01-31T12:50:32+00:00
s4-selftest/drs Allow some DRS tests to operate against an IP
This is not comprehensive, but makes some manual test runs easier by
avoiding the need for DNS names to resolve.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3204d135 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-selftest/drs Allow re-run of DRS tests after failed cleanup
Using a random base is a useful start, even if the better solution also includes a self.AddCleanup()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
70faccae by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
539221dd by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7c433885 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7032b86c by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Schedule SD propegation only after successful rename
This avoids needing to anticipate errors that the rename might give
while allowing the dsdb_find_nc_root() routine to become stricter.
The problem is that dsdb_find_nc_root() will soon do a real search and
so fail more often, but these failures will give "wrong" error codes.
We do not need to do this work if the operation fails, so put this in
the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0444be4 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID
This allows lookup of a DN with a GUID only or GUID and string,
possibly not yet in the database, yet still getting the correct result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f501b23 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8e112242 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()
Reuse the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e96dfc74 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root()
This reuses the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aee2039e by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root()
This make this funciton the gatekeeper between the wire format and the
internal struct ldb_dn, checking if the DN exists and which NC
it belongs to along the way, and presenting only a DB-returned
DN for internal processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
73f3ece8 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values
We want to totally ignore the string DN if there is a GUID,
as clients like "Microsoft Azure AD connect cloud sync" will
set a literal "DummyDN" string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cbe18353 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d5a2af3f by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()
This will allow the logic here to be tighened up and shared
in the next few commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
adb77614 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass
This should avoid a user being able to specify the GUID of a different
type of object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09ec6a1d by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET
We need to find the RODC per the destination_dsa_guid to mark the secrets as
having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter
in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under
the CN=Configuration partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
115a3a10 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity
This allows our new tests to pass as these need to be checked first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1838f349 by Andrew Bartlett at 2023-01-31T12:50:33+00:00
s4-drsuapi: Clarify role of drs_security_access_check_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f2978bb by Andrew Bartlett at 2023-01-31T13:43:54+00:00
s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224
- - - - -
4d83e9fc by Pavel Filipenský at 2023-02-02T14:53:38+00:00
s3:utils: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
65e9b409 by Pavel Filipenský at 2023-02-02T15:46:52+00:00
s3:utils: Fix UNUSED_VALUE
Reported by RedHat internal Covscan
Since cb8a0d9 we no longer stop traversing the list if encryption_flag
or signing_flags are unknown.
Assignment "result = -1;" is always overwritten by
"result = traverse_connections_*()" and is a dead code.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Feb 2 15:46:52 UTC 2023 on atb-devel-224
- - - - -
15b1afc9 by Samuel Thibault at 2023-02-02T17:30:39+00:00
replace: provide PIPE_BUF on GNU/Hurd
There is no hardcoded PIPE_BUF pipe limitation on GNU/Hurd, but POSIX
provides a minimum value that we can use.
Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
488aa227 by Stefan Metzmacher at 2023-02-02T17:30:39+00:00
replace: remove unused configure checks for port_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae77854a by Stefan Metzmacher at 2023-02-02T17:30:39+00:00
tevent: remove the already removed tevent_port.c also from the build
This fixes a regression introduced by 147a317b7b92e60c5940d875dbd7aef19824834e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d80f28b0 by Stefan Metzmacher at 2023-02-02T18:27:08+00:00
tevent: version 0.14.1
- Build fix for GNU/Hurd
- Build fix for Solaris, after removal
of ports backend (bug #15298)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 2 18:27:08 UTC 2023 on atb-devel-224
- - - - -
1dd0cd2f by Ralph Boehme at 2023-02-02T20:14:36+00:00
mdssvc: fix kMDScopeArray parsing
In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams"
request has changed from
string: kMDScopeArray
sl_array_t(#1): {
string: /foo/bar
}
to:
string: kMDScopeArray
sl_array_t(#1): {
sl_array_t(#1): {
string: /foo/bar
}
}
With this patch we check both encodings. Bug fixed according to user feedback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299
RN: Spotlight doesn't work with latest macOS Ventura
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
851127f5 by Rob van der Linde at 2023-02-02T21:15:54+00:00
Python: remove pydoctor
Removes:
* waf pydoctor
* waf wafdocs
* make pydoctor
There is no "make wafdocs" it only appears to be in wscript.
The reasoning being is these are broken and appear to not have been run for some time.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 2 21:15:54 UTC 2023 on atb-devel-224
- - - - -
3eee4415 by David Mulder at 2023-02-03T02:27:32+00:00
gp: samba-tool gpo cse register/unregister/list
Add samba-tool commands for managing registration
of Client Side Extensions.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5723737e by David Mulder at 2023-02-03T02:27:32+00:00
gp: Test samba-tool gpo cse register/unregister/list
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38d0147f by Douglas Bagnall at 2023-02-03T02:27:32+00:00
ldb/pyldb: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ddbe69af by Douglas Bagnall at 2023-02-03T02:27:32+00:00
s4/ndr/py_misc: remove python 2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
310eafdb by Douglas Bagnall at 2023-02-03T02:27:32+00:00
s4/ndr/py_security: remove python 2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5555e0e by Douglas Bagnall at 2023-02-03T02:27:32+00:00
tdb/pytdb: remove py ifdefs
This already would not compile with Python 2, because Py_TPFLAGS_HAVE_ITER
is not defined
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0ef6ca9 by Douglas Bagnall at 2023-02-03T02:27:32+00:00
tdb/pytdb: remove useless HAVE_ITER non-flag
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f2f3b00 by Douglas Bagnall at 2023-02-03T02:27:32+00:00
tevent/pytevent: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2a2eeb6 by Douglas Bagnall at 2023-02-03T02:27:32+00:00
tevent/pytevent: remove no-op define
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e26a01a4 by Douglas Bagnall at 2023-02-03T03:27:54+00:00
pidl: avoid py compile issues with --pidl-developer
We get these warnings-as-errors:
librpc/gen_ndr/py_netlogon.c:61903:53: error: stray ‘\’ in program
61903 | PyErr_Format(PyExc_TypeError, "Expected type %s",\ //<PIDL> Parse::Pidl::Samba4::Python::ConvertObjectFromPythonData lib/Parse/Pidl/Samba4/Python.pm:2005
but the '\' is unnecessary and unconventional anyway, since we're in a
function argument list.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 3 03:27:54 UTC 2023 on atb-devel-224
- - - - -
7f123bbd by Pavel Filipenský at 2023-02-06T22:51:31+00:00
auth/credentials: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2cc5b074 by Pavel Filipenský at 2023-02-06T22:51:31+00:00
auth/credentials: Fix unitialized data
Fixing Red Hat internal covscan report:
Field "salt_data.magic" is uninitialized when calling "smb_krb5_create_key_from_string".
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bd5b093c by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:libsmb: Remove unused variable 'i'
namecache.c:129:9: error: variable 'i' set but not used
[-Werror,-Wunused-but-set-variable]
size_t i, count;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91e7351d by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:smbd: Don't assign variable to itself
source3/smbd/msdfs.c:367:14: error: explicitly assigning value of variable of
type 'char *' to itself [-Werror,-Wself-assign]
servicename = servicename;
~~~~~~~~~~~ ^ ~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f266e9e2 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:rpcsrv:eventlog: Remove unused variable
source3/rpc_server/eventlog/srv_eventlog_nt.c:634:11: error: variable
'num_records_read' set but not used [-Werror,-Wunused-but-set-variable]
uint32_t num_records_read = 0;
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b7fcfa5 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:winbind: Remove unused variable
source3/winbindd/winbindd_ads.c:1399:6: error: variable 'ret_count' set but not
used [-Werror,-Wunused-but-set-variable]
int ret_count;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0b46f3c by Andreas Schneider at 2023-02-06T22:51:31+00:00
s4:samdb: Remove trailing whitespaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7bc74af by Andreas Schneider at 2023-02-06T22:51:31+00:00
s4:samdb: Remove unused variable
source4/dsdb/samdb/ldb_modules/acl.c:1646:49: error: variable 'rep_val_cnt' set
but not used [-Werror,-Wunused-but-set-variable]
unsigned int del_val_cnt = 0, add_val_cnt = 0, rep_val_cnt = 0;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
981dcccf by Andreas Schneider at 2023-02-06T22:51:31+00:00
nsswitch: Fix getting data out of pam_get_data()
nsswitch/pam_winbind.c:3360:24: error: cast from 'time_t **' (aka 'long **') to
'const void **' must have all intermediate pointers const qualified to be safe
[-Werror,-Wcast-qual]
(const void **)&pwdlastset_update);
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1379b0e1 by Andreas Schneider at 2023-02-06T22:51:31+00:00
lib:ldb-samba: Correctly handle search scope
lib/ldb-samba/ldb_ildap.c:482:47: error: implicit conversion from enumeration
type 'enum ldb_scope' to different enumeration type 'enum ldap_scope'
[-Werror,-Wenum-conversion]
msg->r.SearchRequest.scope = req->op.search.scope;
~ ~~~~~~~~~~~~~~~^~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a77c56e4 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:printing: Remove trailing whitespaces in vlp.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54413a49 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:printing: Remove unused variable
source3/printing/tests/vlp.c:144:19: error: variable 'job_count' set but not
used [-Werror,-Wunused-but-set-variable]
int i, num_jobs, job_count = 0;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea723fb7 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:modules: Ignore -Wunused-but-set-variable for autogenerated code
source3/modules/getdate.c:1192:9: error: variable 'yynerrs' set but not used
[-Werror,-Wunused-but-set-variable]
int yynerrs;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c462a0b7 by Andreas Schneider at 2023-02-06T22:51:31+00:00
s4:modules: Move structs with dynamic arrays to end of struct
source3/modules/vfs_io_uring.c:70:22: error: field 'cqe' with variable sized
type 'struct io_uring_cqe' not at the end of a struct or class is a GNU
extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
struct io_uring_cqe cqe;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5447d7fb by Andreas Schneider at 2023-02-06T22:51:31+00:00
s3:modules: Initialize pointer with NULL
source3/modules/vfs_glusterfs.c:827:6: error: variable 'glfd' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (pglfd == NULL) {
^~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:853:6: note: uninitialized use occurs here
if (glfd == NULL) {
^~~~
source3/modules/vfs_glusterfs.c:827:2: note: remove the 'if' if its condition is
always true
if (pglfd == NULL) {
^~~~~~~~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:763:17: note: initialize the variable 'glfd' to
silence this warning
glfs_fd_t *glfd;
^
= NULL
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a94adedd by Andreas Schneider at 2023-02-06T22:51:32+00:00
s3:netapi: Remove unused variables
source3/lib/netapi/tests/netfile.c:40:22: error: variable 'i2' set but not used
[-Werror,-Wunused-but-set-variable]
struct FILE_INFO_2 *i2 = NULL;
^
source3/lib/netapi/tests/netfile.c:41:22: error: variable 'i3' set but not used
[-Werror,-Wunused-but-set-variable]
struct FILE_INFO_3 *i3 = NULL;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e57fa881 by Andreas Schneider at 2023-02-06T22:51:32+00:00
s3:utils: Remove unused variable
source3/utils/log2pcaphex.c:138:13: error: variable 'i' set but not used
[-Werror,-Wunused-but-set-variable]
static int i = 0;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3d7df58 by Andreas Schneider at 2023-02-06T22:51:32+00:00
s3:torture: Remove unused variable
source3/torture/test_smb1_dfs.c:3264:11: error: variable 'accessmode' set but
not used [-Werror,-Wunused-but-set-variable]
uint16_t accessmode = 0;
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
024571a7 by Andreas Schneider at 2023-02-06T23:49:04+00:00
waf: Add support for MemorySanitizer
This currently only works with binaries. As there is no shared library for
MSAN it only is statically linked against binaries. This means if we have e.g.
a python script trying to load ldb, it will fail with undefined symbols.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 6 23:49:04 UTC 2023 on atb-devel-224
- - - - -
449163b2 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Declare supported encryption types of service account
If SID compression support is disabled for a created account,
msDS-SupportedEncryptionTypes will be set to a value that includes the
RESOURCE_SID_COMPRESSION_DISABLED bit, but no actual encryption type
bits. Since stricter encryption type handling was introduced to address
CVE-2022-37966, this combination has been interpreted as an expression
of no encryption type support, and trying to make a Kerberos request to
a service with such a combination of bits will fail with
ERR_ETYPE_NOSUPP.
To allow us to make Kerberos requests to test service accounts again, we
must set some actual encryption type bits.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7104fd8 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4:torture: Zero-initialise netr_NetworkInfo structure
This ensures that no members contain garbage data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2debc394 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4:torture: Skip over asserted identity SIDs when comparing groups
We've already tested for the existence of these SIDs, and the assumption
that they are always the last element in a PAC is false. We must check
all the SIDs in each array, skipping over ones that were found to be
asserted identity SIDS.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0011bcd by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth.idl: Add auth_SidAttr type
This type incorporates, alongside a SID, a group attributes member,
through which attributes from a PAC or the AD database can be conveyed
into the completed PAC. A useful benefit this provides is the ability to
distinguish and exclude domain-local groups, which only belong in
service tickets, from the PAC of a TGT.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ef6e7db by Joseph Sutton at 2023-02-08T00:03:39+00:00
libcli/security: Add auth_SidAttr utility functions
These functions are modelled on add_sid_to_array() and
add_sid_to_array_unique(). They differ in that they operate not on an
array of dom_sid, but of auth_SidAttr, and take an additional 'attrs'
parameter of type uint32_t.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53d72c87 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4-dsdb: Add samdb_result_dom_sid_attrs()
This function is modelled on samdb_result_dom_sid(). It allocates,
rather than a dom_sid, an auth_SidAttr object, which we can pass to
other functions accepting an auth_SidAttr.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7050e057 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Store group attributes in auth_user_info_dc
Group expansion, performed in dsdb_expand_nested_groups(), now
incorporates a check of the type of each group. Those that are resource
groups receive the SE_GROUP_RESOURCE bit in the attributes which are now
carried alongside each group SID.
Whereas before, in auth_convert_user_info_dc_sambaseinfo() and
auth_convert_user_info_dc_saminfo6(), we invariantly used the flag
combination SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_ENABLED to set attributes in the PAC, we now take the correct
attributes from user_info_dc.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
673ee782 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4:torture: Assert that group attributes match
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94cda2df by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Exclude resource groups from a TGT
Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7b76764 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Remove early return from make_user_info_dc_pac()
'rg' is never NULL, so this codepath is never taken. But if it were, we
would return early and entirely neglect filling in the UPN_DNS_INFO from
the 'pac_upn_dns_info' parameter. So remove the early return.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d846db4 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Only process resource groups if NETLOGON_RESOURCE_GROUPS flag is set
MS-PAC section 2.5 states that if the resource_groups member is
non-NULL, or resource_groups.groups.count is not zero, the
NETLOGON_RESOURCE_GROUPS flag MUST be set. Thus, there's no need to
process resource groups if the flag is not set.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6dab2ecd by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4-dsdb: Check for talloc failure in dsdb_expand_nested_groups()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c00fe707 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4-dsdb: Make sid_list_match() static
It's not used anywhere other than this file.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c21d5bf6 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4: Add 'const' to some parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ec34d29 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Remove tests of KDCs without resource SID compression support
As part of mitigations of CVE-2022-37966, we no longer regard the
msDS-SupportedEncryptionTypes attribute of the KDC when determining its
supported encryption types. Thus, these tests that try to disable SID
compression support by setting this attribute run to no purpose.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7831634b by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Improve assertion failure message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11aa940f by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Add some more test cases for PAC group handling
Change some of the attributes in TGS-REQ PACs to ensure they are handled
correctly.
Add a test of a PAC containing resource SIDs for a service without
resource SID compression support, ensuring the SIDs are correctly
removed.
Add a Samba 4.17 compatibility test for a service with resource SID
compression support.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd4af421 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Allow changing the SID of a user's PAC
This lets us simulate a ticket of a user from another domain.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0245a588 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Add group tests simulating PACs from a trusted domain
Crucially, in these tests the user's domain and its SID are different
from our domain and its SID. These tests will assert that in such a case
resource groups are added to the PAC and handled correctly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a362f99 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Allow setting or resetting PAC flags
This lets us test what happens when the flags in the PAC, such as
NETLOGON_RESOURCE_GROUPS, are given "interesting" values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61e4ad69 by Joseph Sutton at 2023-02-08T00:03:39+00:00
tests/krb5: Add tests of NETLOGON_RESOURCE_GROUPS flag handling
This lets us test what happens in TGS-REQ exchanges to the KDC, when the
flags and resource groups are simply passed through into the new PAC,
regardless of what value the flags hold.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5043bbed by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4:torture: Make use of torture_assert_sid_equal()
This macro produces a slightly more useful message if the assertion
fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8aef16bb by Joseph Sutton at 2023-02-08T00:03:39+00:00
named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14d94460 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Pass through entire PAC flags value in auth_user_info
Besides the NETLOGON_GUEST bit indicating whether the user has been
authenticated, we now carry all of the other bits as well. This lets us
match Windows' behaviour of simply passing these bits through to an
updated PAC when processing a TGS-REQ.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3fdb2d0 by Joseph Sutton at 2023-02-08T00:03:39+00:00
s4:kdc: Add resource SID compression
The domain-local groups that are added to the PAC of a service ticket
are now, if the service doesn't disclaim support for SID compression,
placed into the resource groups structure in PAC_LOGON_INFO.
In a TGS exchange directed to a KDC, rather than to a service, the
resource groups structure is simply copied into the updated PAC without
any processing being done.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5147f011 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Shorten long SID flags combinations
The combination MANDATORY | ENABLED_BY_DEFAULT | ENABLED is very
commonly used, and introducing a shorter alias for it makes the code
clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e20067c5 by Joseph Sutton at 2023-02-08T00:03:39+00:00
auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
618d9582 by Joseph Sutton at 2023-02-08T00:03:40+00:00
ldap: Cut down on string substitution
Constant strings can be inserted directly into format strings, reducing
the amount of string substitution to be performed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c17e46a2 by Joseph Sutton at 2023-02-08T00:03:40+00:00
ldap: Make use of LDB_OID_COMPARATOR constants
These constants allow one to tell at a glance what search operation is
being performed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24512acc by Joseph Sutton at 2023-02-08T00:03:40+00:00
s4-dsdb: Simplify search expression
We want to find objects for which the groupType attribute has at least
one of GROUP_TYPE_ACCOUNT_GROUP and GROUP_TYPE_UNIVERSAL_GROUP set. For
this the OR comparator is perfectly suited. It produces a true result if
at least one set bit is shared between both operands.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e00eeed9 by Joseph Sutton at 2023-02-08T00:03:40+00:00
auth: Align integer types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96485d8e by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Add tests for the primary group
Primary groups are handled differently from normal groups of which a
user is simply a member. Of particular note is the case where a
domain-local group is made a primary group; a case normally disallowed
by Windows, but not by Samba. Therefore we want tests for it.
Our testing framework must be able to set the user's primary group, and
to clean up afterwards; to set the primary group RID of a PAC; and to
check that the primary group RID is as expected in the PAC returned to
us.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39e24135 by Joseph Sutton at 2023-02-08T00:03:40+00:00
s4:torture: Remove assertion that primary group is not duplicated in user_info_dc
This assertion is one we will be breaking shortly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e213629 by Joseph Sutton at 2023-02-08T00:03:40+00:00
s4-dsdb: Use correct primary group SID in token group test
This test will thereby continue to pass when we correct the handling of
primary groups.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c3a8fa2 by Joseph Sutton at 2023-02-08T00:03:40+00:00
auth: Correct primary group handling
Heretofore we have treated the primary group SID specially, storing it
in a fixed position as the second element of the user_info_dc->sids
array, and filtering out other copies in the PAC_LOGON_INFO base
structure. This filtering has made it difficult to distinguish between
the case where the primary group is a universal or global group, located
in the base RIDs, and the case where it is a domain-local group, missing
from the base RIDs; especially since the attributes of a domain-local
primary group are lost by being stored in the PAC. Domain-local primary
groups are normally disallowed by Windows, but are allowed by Samba, and
so it is reasonable to support them with at least some measure of
consistency.
The second element of user_info_dc->sids is still reserved for the
primary group's SID, but we no longer filter out any other copies in the
array. The first two elements are no more than the SIDs of the user and
the primary group respectively; and the remaining SIDs are as if taken
without modification from arrays of SIDs in the PAC. user_info_dc->sids
should therefore become a more faithful representation of the SIDs in
the PAC. After adding resource SIDs to it with
dsdb_expand_resource_groups(), we should have a result that more closely
and in more cases matches that of Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f2f3162 by Joseph Sutton at 2023-02-08T00:03:40+00:00
selftest: Expect setting domain-local group as primary group to fail
This will no longer be allowed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2dc8370 by Joseph Sutton at 2023-02-08T00:03:40+00:00
s4/dsdb/samldb: Disallow setting a domain-local group as a primary group
Windows also disallows this. Note that changing a primary group to a
domain-local group is allowed by both Windows and Samba.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f44943b2 by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Move _test_samlogon() to base class
We'll want to make use of it in the group tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f38d4a33 by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Allow tests to set SamLogon validation level
We'll want to test various levels to ensure they all behave as expected.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
718da904 by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Return validation structure from _test_samlogon()
This lets us check the groups that are returned.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69074841 by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Test groups returned by SamLogon
Levels NetlogonValidationSamInfo2 and NetlogonValidationSamInfo4 behave
as might be expected, so we pass those tests. NetlogonValidationSamInfo
returns no resource groups and doesn't set the NETLOGON_EXTRA_SIDS flag,
and we fail its test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5a6b001 by Joseph Sutton at 2023-02-08T00:03:40+00:00
auth: Discard non-base SIDs when creating SamInfo2
Our SamLogon tests are now all passing.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77036bba by Joseph Sutton at 2023-02-08T00:03:40+00:00
tests/krb5: Use consistent ordering for etypes
The 'etype' field in a Kerberos request is ordered. Make this fact
clearer by using a tuple or an array to represent etypes rather than a
set.
get_default_enctypes() now returns encryption types in order of
strength. As a consequence, the encryption type chosen by the MIT KDC
matches up with that chosen by Windows, and more tests begin to pass.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f09f06a by Joseph Sutton at 2023-02-08T00:03:40+00:00
auth: Free empty SID arrays
In the unlikely event that these arrays are empty, they can be freed
early.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
075bd6b9 by Andrew Bartlett at 2023-02-08T01:05:47+00:00
s4-auth: Free user_info_dc in KDC caller to authsam_update_user_info_dc()
It is up to the caller to choose if it wants to clean up the user_info_dc
memory early, we do so only in the KDC as was allocated on a context
provided to samba_kdc_update_pac_blob(), whereas auth_winbind uses
a locally managed tevent state as the memory context.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 8 01:05:47 UTC 2023 on atb-devel-224
- - - - -
ff98ddf0 by David Mulder at 2023-02-10T19:35:34+00:00
gp: Log ext failure with file and line number
Rather than dumping a traceback when there is a
failure, simply log the file name, line number
and the error message instead. This is much
cleaner.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5b7fc5b6 by David Mulder at 2023-02-10T20:31:37+00:00
gp: gp_sudoers_ext warn w/out visudo installed
Rather than print an ugly error message from
Popen, display a warning to the user if visudo
is missing.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Fri Feb 10 20:31:37 UTC 2023 on atb-devel-224
- - - - -
e8abe52d by Jeremy Allison at 2023-02-11T08:48:05+00:00
s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
- - - - -
a93d93a9 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use generate_nonce_buffer() in smbXsrv_open_global_allocate()
We don't need anything cryptographic for persistent file handle ids
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fafebc46 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Move smbXsrv_open_global_verify_record() down in smbXsrv_open.c
Avoid prototypes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
95e3ad7e by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Simplify smbXsrv_open_global_store()
Avoid the dependency on global->db_rec. This makes the callers more
verbose, but it makes the data dependencies much more obvious. This
will enable removing smbXsrv_open_global0->db_rec at some point.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
84d22dc5 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Make smbXsrv_open_global_allocate() store the record
Micro-step towards using dbwrap_do_locked()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bfede670 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use dbwrap_do_locked() in smbXsrv_open_global_allocate()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
26b29ecb by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use dbwrap_do_locked() in smbXsrv_open_update()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62a66331 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use dbwrap_do_locked() in smbXsrv_open_close()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a69950db by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use dbwrap_do_locked() in smbXsrv_open_cleanup()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ca872ad6 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: let smbXsrv_open_cleanup() delete broken records
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fede6b9f by Stefan Metzmacher at 2023-02-13T09:53:38+00:00
smbd: rename 'op' into 'global' in smbXsrv_open_cleanup_fn()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1bd16bc6 by Volker Lendecke at 2023-02-13T09:53:38+00:00
smbd: Use dbwrap_do_locked() in smb2srv_open_recreate()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc4e11d0 by Volker Lendecke at 2023-02-13T10:49:43+00:00
smbd: Remove smbXsrv_open_global0->db_rec
The only user by now was net serverid wipedbs, and there it was easy to replace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Feb 13 10:49:43 UTC 2023 on atb-devel-224
- - - - -
58cdcce5 by Pavel Filipenský at 2023-02-13T18:45:21+00:00
Add gitleaks configuration file to avoid false positives
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Feb 13 18:45:21 UTC 2023 on atb-devel-224
- - - - -
54a8da86 by John Mulligan at 2023-02-13T20:04:38+00:00
vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls
Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use
pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and
asserts (on a debug build) or returns -1 (non debug build).
Prior to these changes running ls on the root of the share failed.
Logging from the failure case:
```
openat_pathref_fsp: smb_fname [.]
openat_pathref_fullname: smb_fname [.]
fsp_new: allocated files structure (1 used)
file_name_hash: //. hash 0x3dfcc1c2
check_reduced_name: check_reduced_name [.] [/]
cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //.
check_reduced_name realpath [.] -> [//.]
check_reduced_name: . reduced to //.
cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0)
cephwrap_openat: [CEPH] open(...) = 10
cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp
[CEPH] fstat(0x55604da9a030, -1)
fsp_get_io_fd: fsp [.] is a path referencing fsp
cephwrap_fstat: [CEPH] fstat(...) = -9
fd_openat: name ., flags = 04000 mode = 00, fd = 10. NT_STATUS_INVALID_HANDLE
openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
```
This change also seems to match the recommendations in the `When to use
fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt
document.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Gunther Deschner <gdeschne at redhat.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224
- - - - -
6e856074 by Volker Lendecke at 2023-02-13T20:28:33+00:00
smbd: Use ISDOT() in dptr_create()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bbf2b11 by Volker Lendecke at 2023-02-13T20:28:33+00:00
lib: Simplify ms_has_wild() with strpbrk()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8846b090 by Volker Lendecke at 2023-02-13T20:28:33+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1d348fd by Volker Lendecke at 2023-02-13T20:28:33+00:00
smbd: Simplify struct dptr_struct
We can access the file name via "dir_hnd"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5c19e6ca by Volker Lendecke at 2023-02-13T20:28:33+00:00
smbd: Simplify SeekDir() with an early return
Review with git show -w
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a49edcd0 by Volker Lendecke at 2023-02-13T20:28:33+00:00
smbd: Remove dptr_struct->spid
This was only set but never read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a040c7f by Volker Lendecke at 2023-02-13T20:28:33+00:00
smbd: Remove dptr_struct->expect_close
This was only set but never read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5d864737 by Volker Lendecke at 2023-02-13T21:23:43+00:00
vfs: Fix whitespace in vfs_aixacl_util.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 13 21:23:43 UTC 2023 on atb-devel-224
- - - - -
029dddfb by Martin Schwenke at 2023-02-14T07:44:30+00:00
ctdb-scripts: Reformat script with "shfmt -w -p -i 0 -fn"
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9a04ca1e by Martin Schwenke at 2023-02-14T07:44:30+00:00
ctdb-scripts: Do not replace commas with spaces in "smb ports" list
The list changed back to space-separated in commit
93448f4be92d4e018aaf2f9705f0351360b2ed0f, so simplify the code a
little.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
238056e5 by Martin Schwenke at 2023-02-14T08:43:53+00:00
ctdb-scripts: Avoid using testparm to process its own output
When testparm processes the output of "testparm -v" (which includes
default values) it appears to do global checks (or some other sort of
initialisation logic) for all specified values. This includes a DNS
lookup for the node's hostname, as a side-effect of a libldap
ldap_set_option() call when processing "ldap debug level". If DNS
servers are down then this can induce timeouts, possibly resulting in
monitor timeouts.
Avoid this by using sed to extract configuration values from the
testparm cache file.
This is already shown to work when retrieving share paths, where
testparm is basically used as cat. Update the sed pattern to avoid
matching empty values on the right-hand side of the equals ('=') -
this avoids the default empty path value (and "smb ports" never has an
empty value).
Corresponding test changes:
* 50.samba.monitor.111.sh no longer expects a failure from being
unable to set smb ports, since testparm is no longer used in that
code path.
* smb ports needs to be set in fake smb.conf so it is in the default
output and can be extracted using sed.
* Although testparm --parameter-name is no longer used in
50.samba.script, update the stub implementation (in case it is ever
used again) to extract from fake smb.conf, since "smb ports" is now
set there. The change from $parameter to $param allows a long line
to stay below 80 columns.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Feb 14 08:43:53 UTC 2023 on atb-devel-224
- - - - -
240c031e by Andreas Schneider at 2023-02-15T08:12:35+00:00
lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8441c03c by Andreas Schneider at 2023-02-15T09:05:56+00:00
lib:ldb: Print a debug message in case we have a corrupted MDB
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 15 09:05:56 UTC 2023 on atb-devel-224
- - - - -
206dcf7d by baixiangcpp at 2023-02-16T12:13:05+00:00
lib:util: File descriptor being closed repeatedly.
In file_load()/file_lines_load(), the file's fd is obtained using
open(), and in fd_load() the fd is converted to a FILE* using
fdopen(). However, after fclose(), the fd is closed again using
close().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311
Signed-off-by: baixiangcpp baixiangcpp at gmail.com
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224
- - - - -
2edd028f by Douglas Bagnall at 2023-02-17T13:59:29+00:00
s4/wmi: begone
We don't use this and will never use this.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0eb459ed by Douglas Bagnall at 2023-02-17T14:52:26+00:00
talloc: remove Python 2 #if clauses
Also fix an obsolete related comment.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb 17 14:52:26 UTC 2023 on atb-devel-224
- - - - -
93c7bbf4 by Andreas Schneider at 2023-02-20T21:58:32+00:00
testprogs: Use random usernames for kinit tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5595765d by Andreas Schneider at 2023-02-20T21:58:32+00:00
testprogs: Use random usernames for export keytab tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3b80b65 by Andreas Schneider at 2023-02-20T21:58:32+00:00
testprogs: Use random user names for kpasswd tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a78c38e1 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Correctly escape $ in user_edit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bcdba95 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Use a random username for user_edit.sh tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af1324e3 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Correctly escape $ in contact_edit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e846a9df by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Use a random username for contact_edit.sh test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ff1ccc6 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Correctly escape $ in computer_edit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae315397 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Use a random machine name for computer_edit.sh test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af27b1d3 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Make sure we do not run into issues with already existing users
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_getpwent(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 1044, in test_getpwent
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'mockbuild': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountName 'mockbuild' already in use!> <>
]:
UNEXPECTED(failure): samba.tests.samba_tool.user.samba.tests.samba_tool.user.UserCmdTestCase.test_list(ad_dc_ntvfs:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/user.py", line 69, in setUp
self.assertCmdSuccess(result, out, err)
File "/builddir/build/BUILD/samba-4.18.0rc2/bin/python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add user 'sambatool1': - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071:
samldb: samAccountNa me 'sambatool1' already in use!> <>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
804fb072 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Fix domain_backup test with Python 3.11
Traceback (most recent call last):
File "bin/python/samba/tests/domain_backup.py", line 615, in test_backup_restore_with_conf
self._test_backup_restore_with_conf()
File "bin/python/samba/tests/domain_backup.py", line 244, in _test_backup_restore_with_conf
self.restore_backup(backup_file, ["--configfile=" + smbconf])
File "bin/python/samba/tests/domain_backup.py", line 421, in restore_backup
self.run_cmd(args)
File "bin/python/samba/tests/domain_backup.py", line 384, in run_cmd
self.cleanup_tempdir()
File "bin/python/samba/tests/domain_backup.py", line 370, in cleanup_tempdir
shutil.rmtree(filepath)
File "/usr/lib64/python3.11/shutil.py", line 732, in rmtree
_rmtree_safe_fd(fd, path, onerror)
File "/usr/lib64/python3.11/shutil.py", line 635, in _rmtree_safe_fd
onerror(os.scandir, path, sys.exc_info())
File "/usr/lib64/python3.11/shutil.py", line 631, in _rmtree_safe_fd
with os.scandir(topfd) as scandir_it:
^^^^^^^^^^^^^^^^^
NotADirectoryError: [Errno 20] Not a directory:
'st/tmp/tmp7usvex3t/samba-backup-2023-02-08T10-13-18.461113.tar.bz2'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4dba61e by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Tell dns.resolver to not read /etc/resolv.conf
We explicitly set the nameserver in the next line. Also the file
/etc/resolv.conf might not exist on the system (e.g in Fedora mockbuild).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69442ae1 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Add missing result checks for samba_tool.gpo tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4307072 by Andreas Schneider at 2023-02-20T21:58:32+00:00
python:tests: Make sure we delete the OU for movetest
UNEXPECTED(failure): samba.tests.samba_tool.group.samba.tests.samba_tool.group.GroupCmdTestCase.test_move(ad_dc_default:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "python/samba/tests/samba_tool/group.py", line 341, in test_move
self.assertCmdSuccess(result, out, err)
File "python/samba/tests/samba_tool/base.py", line 97, in assertCmdSuccess
self.assertIsNone(exit, msg=msg.replace("\n]\n", "\n] \n"))
AssertionError: -1 is not None : exit[-1] stdout[] stderr[ERROR(ldb): Failed to
add ou "OU=movetest,DC=addom,DC=samba,DC=example,DC=com" - Entry
OU=movetest,DC=addom,DC=samba,DC=example,DC=com already exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0996ef8 by Helmut Grohne at 2023-02-20T21:58:32+00:00
Skip running a C program during cross compilation
When passing --cross-compile, one has to specify a --cross-answers file
and this test cannot be performed anyway, so skip it already.
Signed-off-by: Helmut Grohne <helmut at subdivi.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c051eac by Samuel Cabrero at 2023-02-20T22:58:44+00:00
selftests: Make sure print queue is empty before printing_var_exp test ends
Although "lpq cache time" is 0 in the test environment the
"print_queue_length()" function can still return cached results. This is
because the print_queue_length() function calls print_queue_update(),
which just sends MSG_PRINTER_UPDATE to the samba-bgqd daemon and returns
without waiting for the daemon to update it.
This behavior causes problems in the selftests between
samba3.blackbox.printing_var_exp and samba3.rpc.spoolss.printserver
because when the later enumerates the printers at different levels and
compares the results the number of jobs can differ depending if samba-bgqd
updates the cache in between print_queue_update() and
get_queue_status() in the print_queue_length() function:
test: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc)
time: 2023-02-17 13:07:34.043842Z
Testing EnumPrinters level 0
Testing EnumPrinters level 1
Testing EnumPrinters level 2
Checking EnumPrinters level 0 printer print_var_exp (ref print_var_exp)
time: 2023-02-17 13:07:34.285992Z
failure: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc) [
Exception: Exception: ../../source4/torture/rpc/spoolss.c:1132: cur->info0.cjobs was 1 (0x1), expected 0 (0x0): invalid value
To fix it, make sure the queue is empty before printing_var_exp test
ends.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 20 22:58:44 UTC 2023 on atb-devel-224
- - - - -
e9db5297 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: Fix some typos in selftest tests.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
739ebf46 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: pep8: too many blank lines
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ecb628dd by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: remove unused import
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2388db93 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: specify env rather than picking it up from loop
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1368e359 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: make two samba-tool drs tests generic
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3687ab31 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: fix flapping samba-tool drs showrepl test
Test should have been using "schema_pair_dc", it was picking this up from the variable env in the loop above it.
However, it was hardcoded to use promoted_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8a7a779d by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: fix invalid loop variables uid and gid
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
70fe6020 by Rob van der Linde at 2023-02-23T22:32:32+00:00
selftest: fix scope and attrs not passed to search
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f582caad by Rob van der Linde at 2023-02-23T22:32:33+00:00
selftest: fix typo in test comment
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4717a58f by Rob van der Linde at 2023-02-23T22:32:33+00:00
selftest: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
92732858 by Rob van der Linde at 2023-02-23T22:32:33+00:00
buildtools: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c9535526 by Rob van der Linde at 2023-02-23T22:32:33+00:00
selftest: source4: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e7c87b1d by Rob van der Linde at 2023-02-23T22:32:33+00:00
selftest: source3: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
5cb88058 by Rob van der Linde at 2023-02-23T23:33:46+00:00
python: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 23 23:33:46 UTC 2023 on atb-devel-224
- - - - -
df073c7e by John Mulligan at 2023-02-24T04:43:32+00:00
vfs_ceph: split ceph mount logic into a new function
This new function is entirely dedicated to just setting up a libcephfs
mount. Handling the cmount global and samba connection params remains
in cephwrap_connect. This change will later be used to avoid a single
global cached connection and add improved connection handling.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
e936e4d7 by John Mulligan at 2023-02-24T04:43:32+00:00
vfs_ceph: cache ceph mounts based on share configuration params
Previously, the vfs_ceph module kept one global cached mount.
This makes it impossible to support multiple ceph clusters or
file systems. Add a mount cache in a similar fashion to the connection
cache found in the vfs_glusterfs module. The vfs_ceph cache uses
a single "cookie" value, a unique string based on config params, to
ID the cache entry. Shares that produce the same cookie will share
cephfs mount objects and increment a counter when multiple shares
are using the same cache entry.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
98388e2b by John Mulligan at 2023-02-24T04:43:32+00:00
vfs_ceph: add support to select ceph file system
Add a config parameter `ceph:filesystem` that will be passed to
ceph_select_filesystem when provided. This allows shares on a single
smbd to access multiple different cephfs file systems.
The ceph_select_filesystem call was added as part of ceph 'nautilus'
(v14), released on 2019-03-19 and EOLed on 2021-06-30.
Since ceph 'pacific' (v16) multiple file system support is stable
and ready to use. At the time of this commit, 'pacific' is the oldest
actively supported version of ceph upstream.
Since samba tests building on ubntu 18.04, which has ceph packages
older than v14, a waf check for the function is added to test for
the presence of ceph_select_filesystem and disable its use on
these very old platforms.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
5e49d4b4 by John Mulligan at 2023-02-24T04:43:32+00:00
doc/vfs_ceph: update confusing default hint for ceph:user_id param
Previously, the manpage hinted that the `ceph:user_id` parameter derived
a default value from the process id. This implies that it referring
to the PID but this is not what libcephfs actually does. Rather, this
param is used to derive the `client.<id>` authorization name ceph uses.
This mistake probably originates in a comment in the libcephfs header.
When I first started using the vfs_ceph module this confused me as I
didn't know what to use to get access to my cluster. Eventually, after
reading both docs and code I found that it does not use the pid but
defaults to a value in the ceph client library (typically "admin").
Therefore, if you are using commands like `ceph fs authorize x
client.foo` or `ceph auth get client.bar` to authorize a client you
would supply smb.conf with `ceph:user_id = foo` or `ceph:user_id = bar`
respectively. These entries then need corresponding entries in your
ceph keyring file.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
62ea6ae8 by John Mulligan at 2023-02-24T05:37:57+00:00
doc/vfs_ceph: document ceph:filesystem parameter
Document how the `ceph:filesystem` parameter allows one to select
the cephfs file system to use for the share.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Feb 24 05:37:57 UTC 2023 on atb-devel-224
- - - - -
a9301d8f by Volker Lendecke at 2023-02-24T07:49:39+00:00
tests: Move libsmb-basic to fileserver_smb1 environment
This has the lower-case share, used in the next commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
342d8f6a by Volker Lendecke at 2023-02-24T07:49:39+00:00
tests: Show that the case sensitive large dir optimization is broken
We don't normalize the directories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf9130d3 by Volker Lendecke at 2023-02-24T08:46:14+00:00
smbd: Fix case normalization in for directories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Feb 24 08:46:14 UTC 2023 on atb-devel-224
- - - - -
a273ed89 by Andreas Schneider at 2023-02-28T13:24:33+00:00
s3:utils: Check if the autorid rangesize is a multiple of the range
We also have this in our documentation.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
460fd441 by Andreas Schneider at 2023-02-28T14:18:32+00:00
s3:winbind: Improve warning message if we are out of autorid ranges
The message should help our users to understand what's the problem. The
message was rather cryptic before.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Feb 28 14:18:32 UTC 2023 on atb-devel-224
- - - - -
122d6458 by Amir Goldstein at 2023-03-01T19:55:32+00:00
s4:torture:basic: fix SET_INFO_* macros in delayed_write_update*
The macros were ignoring the finfo argument.
Signed-off-by: Amir Goldstein <amir at ctera.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb9df818 by Amir Goldstein at 2023-03-01T19:55:32+00:00
lib: add NTTIME_[U|m]SEC macros
Signed-off-by: Amir Goldstein <amir at ctera.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
682c77be by Amir Goldstein at 2023-03-01T20:55:47+00:00
s4:torture:basic: use milliseconds granularity in delayed_write_update7
The test sets an mtime with non zero nsec and verifies that
the timestamp of pre-close matches the timestamp after close-open.
This is a regression test for
https://bugzilla.samba.org/show_bug.cgi?id=6529
The bug speaks of loosing the milliseconds part of the timestamp,
but the test uses a value of 103*100ns for the sub-second part.
Meaning that if the backing filesystem has only milliseconds
granularity, the test practically checks that a value of
0 milliseconds is preserved, which will not have actually
caught the bug.
Also, with the default 'smbd getinfo ask sharemode = yes'
the test will fail if the filesystem truncates the sub-second part
to milliseconds granularity.
Use a non-zero milliseconds value with zero microseconds in the test
to support backing filesystems with milliseconds granularity.
Signed-off-by: Amir Goldstein <amir at ctera.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 1 20:55:47 UTC 2023 on atb-devel-224
- - - - -
3861d7e0 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Refactor decode_service_ticket()
TicketDecryptionKey_from_creds() is a simpler way to create the key.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4d3f934 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Lazily fetch SamDB in get_default_enctypes()
There's no need to get a connection to SamDB if we already have the
domain functional level.
connect_kdc() in lockout_tests.py is one place where we already have the
domain functional level, but deliberately drop our SamDB connection. If
we need to call get_default_enctypes(), that shouldn't cause us to try
to connect again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b522e23 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Request only supported encryption types in get_tgt()
If the domain uses functional level 2003, calling get_tgt() would
request an AES256-encrypted ticket. The KDC would respond to that
request with incorrect etype-info, and were it not for many tests lying
(via client_as_etypes) about what etypes were supported, those tests
would fail pointlessly.
As this behaviour is not what get_tgt() is intended to test, we now only
request etypes that are actually supported.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ae7f1cb by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Remove client_as_etypes parameter
The client_as_etypes parameter previously indicated which etypes we
thought the client supported. In practice, this was rarely specified, so
we simply assumed that all three main enctypes were supported.
Now that we have removed this parameter, rewrite the etype-info padata
checking code to be simpler, and no longer to contain loops.
Use get_default_enctypes() to determine which enctypes are supported.
For tests that inherit from KDCBaseTest, this is based on the domain
functional level, and will be more correct for tests that previously
passed in client_as_etypes=None.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49605b5e by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Move get_target() to base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bec8622 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Refactor claims tests to use get_target()
This simplifies the code for getting the credentials of the target
service.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c00813b9 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Fix typo
'of', not 'on'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d19f78c by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4da5eaa by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups
instead of hardcoded user and trust user principals, and a single
primary group.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3eac3521 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Remove unused constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61cc949a by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Move some utility functions from group_tests to base class
We'll want to make use of them later.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e94b4e8c by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Support nested SID structures in map_sids()
The passed-in set of SIDs may now contain frozensets that themselves
contain SIDs, enabling nested groups. This is necessary to test how
resource SIDs are grouped together in the device info structure.
'git show -b' shows that we're not actually changing very much.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
285f042e by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Move ticket_with_sids() to base class
We need to use this in another test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
033e79d4 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Avoid duplicate group members
Decode the existing members into strings, so that if we add additional
members (that will also be strings), we won't try to add duplicates (and
have samdb.modify() fail).
Further, ensure callers don't try to pass in a bytes object for the DN.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
991958c9 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Refactor out map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abe36c2c by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Add map_to_dn()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5cc48da4 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Generate more readable string representation
This makes assertion failure messages easier to decipher.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe9aa394 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Split out setup_claims()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
646b62f7 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Permit modifying claim attributes mid-test
We might want to find out what happens to claim values in the PAC if
they change in the database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
533fb8fa by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Add tests adding a user to a group prior to a TGS-REQ
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb781f42 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b73622bf by Joseph Sutton at 2023-03-03T01:07:36+00:00
source3/wscript: Fix configure-time checks
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8514527 by Joseph Sutton at 2023-03-03T01:07:36+00:00
tests: Fix old-style function definitions
These files are included into the source3/wscript configure
checks and so need to avoid C89 features otherwise they
may cause an incorrect configure failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7baac45 by Joseph Sutton at 2023-03-03T01:07:36+00:00
s4-dsdb: Make array static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a34e245b by Joseph Sutton at 2023-03-03T01:07:36+00:00
nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f414bead by Joseph Sutton at 2023-03-03T01:07:36+00:00
s4:dnsserver: Check all records, not just one
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
207a2129 by Joseph Sutton at 2023-03-03T01:07:36+00:00
lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
474674ac by Joseph Sutton at 2023-03-03T01:07:36+00:00
lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
374a03ed by Joseph Sutton at 2023-03-03T01:07:36+00:00
selftest: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
433247a7 by Joseph Sutton at 2023-03-03T01:07:36+00:00
s3:modules: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8d872e0 by Joseph Sutton at 2023-03-03T01:07:36+00:00
wscript: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa4ddb88 by Joseph Sutton at 2023-03-03T01:07:36+00:00
samba_version.py: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d48ca46 by Joseph Sutton at 2023-03-03T01:07:36+00:00
selftest: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60682e2a by Joseph Sutton at 2023-03-03T01:07:36+00:00
python/samba: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d883648 by Joseph Sutton at 2023-03-03T01:07:36+00:00
s4:samba_spnupdate: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdc5f6ee by Joseph Sutton at 2023-03-03T01:07:36+00:00
s4:samba_dnsupdate: Avoid resource leaks
View with 'git show -b'.
The seek(0) call is unnecessary.
Closing a file removes the lock held on it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4e4816f by Joseph Sutton at 2023-03-03T01:07:36+00:00
selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c06c7e2 by Joseph Sutton at 2023-03-03T01:07:36+00:00
s4:samba_spnupdate: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5badceee by Joseph Sutton at 2023-03-03T01:07:36+00:00
gp: Avoid shadowing import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65ab33df by Joseph Sutton at 2023-03-03T01:07:36+00:00
gp: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1312b2d1 by Joseph Sutton at 2023-03-03T01:07:36+00:00
samba-tool: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
262b40d8 by Joseph Sutton at 2023-03-03T01:07:36+00:00
auth/credentials: Fix off-by-one buffer write
If p == pass + 127, assigning to '*++p' writes beyond the array.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e6f3df5 by Joseph Sutton at 2023-03-03T01:07:36+00:00
python/samba/common: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c6bd559 by Joseph Sutton at 2023-03-03T01:07:36+00:00
python/schema: Fix conversion to UTF-8 string
str(b'foo') yields "b'foo'", which is wrong. Fix this to get "foo"
instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16e6435b by Joseph Sutton at 2023-03-03T01:07:36+00:00
auth/credentials: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2063568 by Joseph Sutton at 2023-03-03T01:07:36+00:00
lib:cmdline: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7bf6fa05 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/samba_tool_drs: Convert bytes to UTF-8 string
We later use this variable as part of a string substitution, and if we
leave it as bytes we will end up with b' ' quotes surrounding it, which
we do not want. Fix this by converting it to a string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72a93e66 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/samba_tool_drs: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8042e325 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/samba_tool_drs_no_dns: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6f1b83e by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/samba_tool_drs_critical: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13f386d7 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/ridalloc_exop: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf2daf79 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/replica_sync: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44f05afe by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/repl_rodc: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2df264e by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/repl_move: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f5e34bd by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/getnc_exop: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
264351f5 by Joseph Sutton at 2023-03-03T01:07:36+00:00
pytest/delete_object: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa90354e by Joseph Sutton at 2023-03-03T01:07:36+00:00
torture/backupkey: Fix flapping test
UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_default)
REASON: Exception: Exception: ../../source4/torture/rpc/backupkey.c:2219: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAMETER: decrypt should fail with WERR_INVALID_PARAMETER
As commit 664bde19bf1db1b3740621cdf3f46f9bfd0e8452 states:
"The use of the wrong key can still create structures that parse as a
SID, therefore we can sometimes get an unusual error, which becomes a
flapping test".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a470394f by Joseph Sutton at 2023-03-03T01:07:36+00:00
torture/backupkey: Fix possibly wrong typo'd array index
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d128d401 by Joseph Sutton at 2023-03-03T01:07:37+00:00
s3:rpc_server/netlogon: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2416493 by Douglas Bagnall at 2023-03-03T01:07:37+00:00
s4: remove unused lib/com/*
Maybe the following IDL files are now unused:
librpc/idl/oxidresolver.idl
librpc/idl/remact.idl
librpc/idl/dcom.idl
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fa162a1 by Christof Schmitt at 2023-03-03T01:07:37+00:00
librpc: Fix compile error for libnet_join.idl
Fix this compile error:
[753/756] Processing source3/librpc/idl/libnet_join.idl
source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
#include "config.h"
^~~~~~~~~~
compilation terminated.
source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer
libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e830d76 by David Mulder at 2023-03-03T01:07:37+00:00
samba-tool: Clarify cse register command file dest
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c28f61b6 by Jelmer Vernooij at 2023-03-03T02:02:51+00:00
Add a git-blame-ignore-revs file
'git blame' can ignore certain revisions when annotating, e.g. revisions that just reformatting.
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 3 02:02:51 UTC 2023 on atb-devel-224
- - - - -
5e62d580 by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: fix some "net ads dns" tests
Use testit_grep_count instead of greping the output of testit.
Running testit with "| grep" falsifies the test results.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b2627fc by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: net ads dns tests: remove test user after usage.
Not required anymore and would produce errors, when the test runs
a second time.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58262110 by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description
Improves logic when calling tests and make use of the $failed counter.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fa659cc by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts
Avoid conflicts when running the same tests multiple times.
Reduces the needs to cleanup all objects properly.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80d58ead by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: remove only used dns records in "net ads dns" tests
$NAME was not added here in this section, but $UNPRIV.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f53f32b by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: use more unique names in "net ads dns" tests
ADMINNAME can be used for records, created by the AD admin
MACHINENAME for records, created by the machine (-P)
UNPRIVNAME for records, created by the unprivileged user
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc3696f5 by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: remove used records in "net ads dns" tests
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74dbfc4d by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca3fbde2 by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
350fe63a by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs/blackbox/test_special_group.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a320089a by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36ed126f by Björn Baumbach at 2023-03-03T11:58:34+00:00
net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ea27849 by Björn Baumbach at 2023-03-03T11:58:34+00:00
docs: documentation for new net --dns-ttl option
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
529ef99d by Björn Baumbach at 2023-03-03T11:58:34+00:00
testprogs: add test for new net ads dns register --dns-ttl option
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3cfb99d by Björn Baumbach at 2023-03-03T12:52:00+00:00
net: add hint which options can be used with net ads dns register command
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224
- - - - -
5a3db510 by Jeremy Allison at 2023-03-03T15:44:33+00:00
s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no".
The bug we're testing for needs "strict rename = no" (the default),
but the existing streams_xattr share uses "strict rename = yes" from
the [global] section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c54bec26 by Jeremy Allison at 2023-03-03T15:44:33+00:00
s3: tests: Add new test_stream_dir_rename.sh test.
Shows we are leaking an fsp/fd if we request a non-existent stream on a file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f84a6df by Jeremy Allison at 2023-03-03T16:37:27+00:00
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
- - - - -
07ebf97a by Volker Lendecke at 2023-03-06T21:32:35+00:00
librpc: Make rpc_pipe_open_np() public and async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3ce9970 by Volker Lendecke at 2023-03-06T21:32:35+00:00
librpc: Remove unused sync rpc_transport_np_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86e95b57 by Volker Lendecke at 2023-03-06T21:32:35+00:00
torture3: test rpc scalability
With
smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000
I am able to immediately trigger bug 15130.
Not running by default, this is a pure load test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f23eb1b3 by Volker Lendecke at 2023-03-06T21:32:35+00:00
rpcd: Increase listening queue
Allow more waiters under load.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ab7b84c by Volker Lendecke at 2023-03-06T21:32:35+00:00
rpcd: Do blocking connects to local pipes
We don't have real async callers yet, and this is the simplest way to
fix our missing light-weight deterministic async fallback mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1780ed8 by Volker Lendecke at 2023-03-06T22:35:00+00:00
rpcd: With npa->need_idle_server we can have more than 256 servers
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 6 22:35:00 UTC 2023 on atb-devel-224
- - - - -
04fd475b by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c333037 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Unconditionally check compressed claims
not only if STRICT_CHECKING=1.
This also fixes a bug where the call to huffman_decompress() was
indented incorrectly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2c6ff2ad by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Allow comparing UnorderedLists only with one another
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbd0955b by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Add type to expect a value is one of a set of possible types
This is useful for cases where we differ from Windows in some minor
detail, and where the effort required to reach parity is unjustifiably
high.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
662639e8 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Move some claims tests around
It's helpful to have the test declarations be together for better
locality and ease of reading.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60c07a49 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
644c4ae8 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Split out device info checking into new method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad19dd10 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Make arguments to get_target() keyword arguments
This avoids mistakes by ensuring that passed-in arguments go to their
intended destinations.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23ce6f30 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Allow creating accounts supporting claims or compound identity separately
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
567f30c5 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Document and tidy up existing claims tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98393d7b by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Test more descriptive security descriptor
This one has more flags set, so we can test whether we're getting our
string representation right.
Samba prints the flags in a different order from Windows, but fixing
that now would be too risky and involve far too much churn for minimal
benefit. (Consider how many tests verify security descriptors against
string constants...) Instead, allow one of two possible security
descriptors.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d95b4303 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Allow group_setup to be None in setup_groups()
'git show -b' shows that not much actually changes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3550173c by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Require domain_sid to be non-None when passing a RID to map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c744ff9 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Test we get correct values for integer syntax claims
Windows erroneously shifts integer syntax claim values four bytes to the
right, resulting in incorrect values (if only one claim is present) or
corrupt claims data that cannot be unpacked (if other claims are
present). There's no reason to emulate such broken behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75154702 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Add test for compressed claim
Create a claim large enough to cause it to be compressed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77188f48 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Allow adding members to a group and changing its type in a single operation
This is needed in order to get some specific group setups for tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53400a6d by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Don't specify extra enctypes for the krbtgt
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa3d693b by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Allow creating a target server account with or without compound ID support
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24ee602a by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Overhaul check_device_info()
With expected_device_groups, tests can now specify particular group
arrangements they expect to see.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ac800d0 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Add tests for device info
These tests verify that the groups in the device info structure in the
PAC are exactly as expected under various scenarios.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0153f6c1 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Add tests for device claims
These test the interaction between claims and groups in the PAC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
598eaa34 by Joseph Sutton at 2023-03-08T04:39:32+00:00
tests/krb5: Remove old device info and device claims tests
They have been made superfluous by newer declarative tests in
claims_tests.py and device_tests.py.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5f05371 by Joseph Sutton at 2023-03-08T04:39:32+00:00
ldb: Make ldb_msg_remove_attr O(n)
Previously it was O(n²).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38468aa6 by Joseph Sutton at 2023-03-08T04:39:32+00:00
s4-dsdb:tests: Fix AD DC performance tests
Calling cmd._run() directly would fail due to the 'command_name'
attribute being absent, so these tests would fail to run. Fix this by
using the samba.netcmd.main.samba_tool helper function.
Check the return code as well for good measure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
403598b3 by Joseph Sutton at 2023-03-08T05:37:08+00:00
s4-dsdb:tests: Correctly handle LdbError
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 8 05:37:08 UTC 2023 on atb-devel-224
- - - - -
42517d57 by David Mulder at 2023-03-09T18:10:33+00:00
samba-tool: Subclass GPOCommand for calling samdb_connect
These sub commands will need to call samdb_connect in an upcoming
commit. Subclass from GPOCommand to make this possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15327
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ce29f551 by David Mulder at 2023-03-09T18:10:33+00:00
samba-tool: Test that modifying GPO increments GPT.INI vers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15327
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bf6599fe by David Mulder at 2023-03-09T18:10:33+00:00
samba-tool: Ensure modifying GPO increments GPT.INI vers
When we modify a GPO, we must increment the
version number in the GPT.INI, otherwise client
machines won't process the update.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15327
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
da93b648 by Volker Lendecke at 2023-03-09T18:10:33+00:00
Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efbfa9fc by Volker Lendecke at 2023-03-09T18:10:33+00:00
libsmb: Avoid a duplicate memset(.., 0, ..);
tevent_req_create() does a talloc_zero() on "state" already
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a52b30d by Volker Lendecke at 2023-03-09T18:10:33+00:00
vfs: Replace a "== false" with a "!"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8926770a by Volker Lendecke at 2023-03-09T18:10:33+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d8a396c by Volker Lendecke at 2023-03-09T18:10:33+00:00
smbd: Remove a variable only ever set to NULL
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ac2c055 by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04379c0b by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: librpc/gen_ndr/security.h needs DATA_BLOB
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d76ec851 by Volker Lendecke at 2023-03-09T18:10:33+00:00
libcli/security: Avoid includes.h
Don't rebuild libcli/security when not necessary
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35976fc2 by Volker Lendecke at 2023-03-09T18:10:33+00:00
libcli/util: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8faccb6e by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: Remove a talloc_stackframe()
This made sense before we used dom_sid_str_buf() in the DEBUG
statements.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0195f8bc by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5d1527f by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: Move the dump_data_pw() prototype to the other dump_data_* ones
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbcc9b32 by Volker Lendecke at 2023-03-09T18:10:33+00:00
lib: Add dump_data_addbuf()
Helper function to build up debug strings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62651ace by Volker Lendecke at 2023-03-09T18:10:33+00:00
smbd: DBG_DEBUG raw create contexts received from the client
Got
smbd_smb2_request_process_create: Got 2 create blobs
[0]
[0000] 93 AD 25 50 9C B4 11 E7 B4 23 83 DE 96 8B CD 7C ..%P.... .#.....|
[0000] 05 00 00 00 ....
[1]
[0000] 51 46 69 64 QFid
from cifs.ko, trying to find out where the "05 00 00 00" comes from..
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4814b95d by Volker Lendecke at 2023-03-09T18:10:33+00:00
smbd: Directly initialize a "fsp1"
Don't leave it dangling
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dec4d5aa by Volker Lendecke at 2023-03-09T18:10:33+00:00
rpcd: Use size_t for walking an array
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e00acd0 by Volker Lendecke at 2023-03-09T18:10:33+00:00
build: Fix a long line
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6a03c04 by Volker Lendecke at 2023-03-09T18:10:33+00:00
libcli: Shrink .data segment by 43264 bytes
A case statement only references const strings, pointers in an array
need to be relocated at exec() time.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43b34b01 by Volker Lendecke at 2023-03-09T18:10:33+00:00
libcli: Shrink .data segment by 43264 bytes
A case statement only references const strings, pointers in an array
need to be relocated at exec() time.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc4a2d4e by Volker Lendecke at 2023-03-09T18:10:33+00:00
librpc: Simplify dcerpc_default_transport_endpoint()
We don't need strcmp for just 1 byte
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9bb8795a by Volker Lendecke at 2023-03-09T18:10:33+00:00
libsmb: Convert cli_posix_stat_send/recv() to modern conventions
It's unusual these days to pass output arguments in the _send
function, instead save the result in the _state struct
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f55a357c by Nathaniel W. Turner at 2023-03-09T19:12:15+00:00
dsgetdcname: do not assume local system uses IPv4
Return the first IPv4 and the first IPv6 address found for each DC.
This is slightly inelegant, but resolves an issue where IPv6-only
systems were unable to run "net ads join" against domain controllers
that have both A and AAAA records in DNS.
While this impacts performance due to the additional LDAP ping attempts,
in practice an attempt to connect to an IPv6 address on an IPv4-only
system (or vice versa) will fail immediately with
NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be
negligible.
The alternative approach, using an smb.conf setting to control whether
the logic prefers a single address of one family or the other ends up
being a bit awkward, as it pushes the problem onto admins and tools such
as "realm join" that want to dynamically synthesize an smb.conf on the
fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325
Signed-off-by: Nathaniel W. Turner <nturner at exagrid.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 9 19:12:15 UTC 2023 on atb-devel-224
- - - - -
b3146763 by Dmitry Antipov at 2023-03-09T20:38:31+00:00
lib:util: prefer mallinfo2() over mallinfo() if available
Prefer mallinfo2() with 'size_t' fields over deprecated
mallinfo() (with 'int' fields which may wrap around zero
and so be inaccurate on a 64-bit system) and move relevant
checks to lib/util/wscript_configure because mallinfo()
is not used beyond 'samba-util'.
Suggested-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35aa7db6 by Li Yuxuan at 2023-03-09T20:38:31+00:00
audit_logging:tests: Add big_int test for `json_add_int`
Show that `json_add_int` can't handle value larger than int32 due to
overflow.
Add knownfail.
Signed-off-by: Li Yuxuan <liyuxuan.darfux at bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78635d55 by Li Yuxuan at 2023-03-09T21:33:43+00:00
audit_logging: Use `json_int_t` instead of `int` for `json_add_int` value type
Functions like `add_lock_to_json` and `add_profile_item_to_json` pass
some values to `json_add_int` with `intmax_t` types. This may cause
arithmetic overflow when the value grows very fast, such as the
read_bytes profiling data.
Use `json_add_int` instead of `int` to avoid the overflow.
RN: Make json output show intmax_t value properly
Signed-off-by: Li Yuxuan <liyuxuan.darfux at bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 9 21:33:43 UTC 2023 on atb-devel-224
- - - - -
ad242a20 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
winbindd: don't call set_domain_online_request() in the idmap child
Most idmap backends don't need access to the domain controllers.
And the related code is not needed for the backends.
Commit 17c86a2c5a5a5e2b194362e5f36f0f99910222c5 changed
the logic of set_domain_online_request() completely!
Instead of triggering a dc probe in the background,
it is now doing a blocking connection.
And doing this in the idmap child is completely useless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15317
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a9583b5f by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain
When we see a trusted domain SID for the first time,
idmap_autorid returns ID_REQUIRE_TYPE only for the first sid
and leaves the others with ID_TYPE_NOT_SPECIFIED.
It means the winbindd parent only retries the first sid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a24570d by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids
While sids_to_unixids returns ID_TYPE_BOTH mappings,
unixids_to_sids() returns the callers asked for, which
fills gencache with the non ID_TYPE_BOTH mappings.
As a result also the sids_to_unixids fast path via
gencache won't return ID_TYPE_BOTH mappings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f96c4b4 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: fix comments about the algorithm
Only support ~ 50k users per domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2cfcff31 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: remove unused error checks
id_map_ptrs_init() is used in the callers in order to
set everything up as expected.
Other backends also just trust the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0da13ab3 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: we don't need to call idmap_hash_initialize() over an over again
It's always the first function that's called from idmap_methods.
This also demonstrates that we currently always return NT_STATUS_OK,
even if we haven't mapped all map entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
14102b05 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57150b46 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: split out a idmap_hash_id_to_sid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c158b075 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: split out a idmap_hash_sid_to_id() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42dcb3db by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later
If we are going to return ID_UNMAPPED later anyway, there's no need to
defer that decision by returning ID_REQUIRE_TYPE first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ede88d9f by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee820553 by Stefan Metzmacher at 2023-03-10T10:38:37+00:00
idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ee725f2 by Stefan Metzmacher at 2023-03-10T11:35:06+00:00
idmap_hash: remember new domain sids in idmap_hash_sid_to_id()
This change means that idmap_hash_id_to_sid() can return mappings
for new domains learned in idmap_hash_sid_to_id().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 10 11:35:06 UTC 2023 on atb-devel-224
- - - - -
5a7a28cc by Andrew Bartlett at 2023-03-14T06:16:30+00:00
tsocket: Increase tcp_user_timeout max_loops
Often, on rackspace GitLab CI runners, we get:
UNEXPECTED(failure): samba.unittests.tsocket_tstream.test_tstream_more_tcp_user_timeout_spin(none)
REASON: Exception: Exception: 0xf == 0xf
../../lib/tsocket/tests/test_tstream.c:405: error: Failure!
This allows us more spins before we fail the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15328
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2d41bcce by Andrew Bartlett at 2023-03-14T06:16:30+00:00
selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
By deferring the writing out to the DB of link replication to the very end, we have a
better chance that all the objects required are present, however the situation may
have changed during the cycle, and a link could still be sent, pointing to a deleted
object.
We currently fail in this situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bfc33b47 by Andrew Bartlett at 2023-03-14T06:16:30+00:00
dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
When deferring the writing out to the DB of link replication to the very end, there
is a greater opportunity for the deletion of an object to have been sent with the
other objects, and have the link applied later.
This tells the repl_meta_data code to behave as if GET_TGT had been sent at the
time the link was returned, allowing a link to a deleted object to be silently
discarded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4fa0242b by Andreas Schneider at 2023-03-14T06:16:30+00:00
python:netcmd: Decode return value of find_netbios() from bytes into string
ERROR(<class 'TypeError'>): uncaught exception - replace() argument 1 must be
str, not bytes
File "bin/python/samba/netcmd/__init__.py", line 230, in _run
return self.run(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 966, in run
if b1.diff(b2):
^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 790, in diff
if object1 == object2:
^^^^^^^^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 557, in __eq__
return self.cmp_attrs(other)
^^^^^^^^^^^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 656, in cmp_attrs
p = [self.fix_domain_netbios(j) for j in m]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 656, in <listcomp>
p = [self.fix_domain_netbios(j) for j in m]
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "bin/python/samba/netcmd/ldapcmp.py", line 542, in fix_domain_netbios
res = res.replace(self.con.domain_netbios.lower(), self.con.domain_netbios.upper())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BUGS: https://bugzilla.samba.org/show_bug.cgi?id=15330
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cad96f59 by Andrew Bartlett at 2023-03-14T06:16:30+00:00
lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b4a6c054 by Andrew Bartlett at 2023-03-14T07:16:04+00:00
selftest: Use setUpClass() to reduce "make test TESTS=large_ldap" time
This reduces the elapsed time to 6m from 20m on my laptop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15332
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 14 07:16:04 UTC 2023 on atb-devel-224
- - - - -
795bab56 by Andreas Schneider at 2023-03-15T07:53:54+00:00
lib:ldb: Correctly cast pointers for assert_string_equal()
This is a change in cmocka to avoid hiding possible errors.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 07:53:54 UTC 2023 on atb-devel-224
- - - - -
7e7c692a by Joseph Sutton at 2023-03-20T00:22:32+00:00
python:ndr: Use f-string to format exception message
If 'object' happened to be a tuple, we would get one of the following
errors:
TypeError: not enough arguments for format string
TypeError: not all arguments converted during string formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f90a4676 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Generate full ticket signatures with trailing RODC id
This matches the use of make_rodc_zeroed_checksum() in the preceeding
loop, and means that RODC-signed service tickets no longer fail to
decrypt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12a1fabd by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Cache drsuapi connection
We call get_keys() a lot, and it's more efficient if we aren't creating
a new connection for every new account we create.
To allow us to maintain a single cached connection, remove the samdb
parameter from get_keys() and get_secrets(). No-one was using it anyway.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
addfef3d by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Only add AES enctype bits at domain functional level 2008 and above
At lower levels we should not expect these bits to be present.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a2f6cdc by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add simple resource-based constrained delegation test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a6e2a28 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Fix additional_details account creation caching
In Python, maps are not hashable and hence cannot be used as cache keys.
To get around this, we were converting the account details map to a
tuple of (key, value) pairs with the following expression:
((k, v) for k, v in details.items())
However, this was actually creating a lazily-evaluated generator object.
The hash of this object was based on its address in memory, not on its
contents, which meant that account options with the same details could
have different hash values if the generators occupied different memory
addresses, or (less likely) that account options with different details
could hash to the same value if the second generator happened to inhabit
the same memory address as the first one. The result was that account
caching didn't work as intended.
Attempt to fix that by using a frozenset instead of a generator object,
and making sure that all our values are tuples (and thus hashable).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9f127e6 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Move issued_by_rodc() to base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04b6f769 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add signed_by_rodc()
This can be used to modify a service ticket to appear as if it were
signed by an RODC krbtgt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a5562f2 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Let ticket_with_sids() create RODC-issued tickets
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
883d2642 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add remove_client_claims_tgt_from_rodc()
This method removes the PAC_CLIENT_CLAIMS_INFO buffer *and* makes it
appear as if a ticket were issued by an RODC. Because that's more
efficient than decrypting and modifying the ticket twice.
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee43e004 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add tests for constrained delegation with RODC-issued tickets
This works as long as both tickets are issued by the same RODC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d759472 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add tests for RODC-issued armor tickets
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1a573a6 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Test that RODC-issued claims are regenerated
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
223ef8b7 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Test that RODC-issued device groups are regenerated
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a85d26fd by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Test that claims are generated even if PAC-OPTIONS are not set
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b5c57c3 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Check that test parameters are not going unseen
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd64bae7 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Add functions to fetch the schemaIDGUID of an attribute or class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c8fbeb6 by Joseph Sutton at 2023-03-20T00:22:32+00:00
tests/krb5: Test that denied attributes are still issued in claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfe759c1 by Joseph Sutton at 2023-03-20T00:22:32+00:00
selftest: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f244bd1 by Joseph Sutton at 2023-03-20T00:22:32+00:00
selftest: Clean up socket when finished
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed0b850e by Joseph Sutton at 2023-03-20T00:22:32+00:00
wafsamba: Remove unused configure check
This check would trigger compiler warnings due to the extra argument
passed to eprintf(). HAVE__VA_ARGS__MACRO isn't used anywhere, so we can
remove the check.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c5296d9 by Joseph Sutton at 2023-03-20T00:22:32+00:00
winbindd: Show warning message on tc connection errors too
Some of these conditions could never be hit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19c871bf by Joseph Sutton at 2023-03-20T00:22:32+00:00
dsdb periodic: DNS: Add missing newlines to debug messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb74be91 by Joseph Sutton at 2023-03-20T00:22:32+00:00
auth: Clear EXTRA_SIDS flag if no Extra SIDs are present
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fd5afd0 by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Replace 'is_untrusted' with 'is_trusted'
A double negative is just confusing and prone to error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
218db60e by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Comment parameter names
Make it clear what these parameters actually are.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfaae871 by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Make some parameters const
As these parameters are not assigned to, make them const.
Const specifiers for non-pointer types, such as in 'const
krb5_principal', don't do anything in function declarations. Remove
them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca8b8d1d by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47ef49fd by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Don't pass a NULL pointer into krb5_pac_add_buffer()
Heimdal contains an assertion that the data pointer is not NULL. We need
to pass in a pointer to some dummy data instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa901e73 by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Avoid copying data if not needed
krb5_pac_add_buffer() makes its own copy of the data we pass in. We
don't need to make yet another copy.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e8e93fd by Joseph Sutton at 2023-03-20T00:22:32+00:00
s4:kdc: Refactor PAC handling
It's getting unwieldy adding new PAC buffer types when each one has to
have its own handling. It also makes the possibility of mistakes more
likely.
Add a new container, 'struct pac_blobs', containing the types of PAC
buffers in a given PAC, with an index for quick access to the types we
support specifically. We can add new blobs (overriding existing ones) by
calling pac_blobs_add_blob(), and override certain blobs that must be
present with pac_blobs_replace_existing().
This removes the need to have a complicated 'switch' statement with
different logic for each PAC buffer type, or a dozen index variables.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e2eb1b0 by Joseph Sutton at 2023-03-20T01:25:07+00:00
s4:kdc: Add client claims blob if it is present
Until we support claims we just return an empty blob,
that matches what Windows is doing without defined claims.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 20 01:25:07 UTC 2023 on atb-devel-224
- - - - -
7d466a91 by Stefan Metzmacher at 2023-03-20T09:54:29+00:00
libcli/security: introduce struct sddl_transition_state
In future we'll need more than 'domain_sid' in order
to do the correct transition of SDDL to/from security_descriptor.
In the end we most likely add an
sddl_transition_{create,encode,decode}() api in order
to allow the caller to create an sddl_transition_state
once and then pass it to multiple calls to encode/decode.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8f4aced3 by Stefan Metzmacher at 2023-03-20T09:54:29+00:00
libcli/security: simplify rid-based SDDL sid strings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bd327f7d by Stefan Metzmacher at 2023-03-20T09:54:29+00:00
libcli/security: simplify sddl_encode_sid()
We should walk the sid_codes array just once.
This makes further changes easier...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f3fad5a1 by Stefan Metzmacher at 2023-03-20T10:53:41+00:00
libcli/security: prepare sddl machine/forest_sid handling
In future we need to pass in 3 sids to sddl_encode()
Once we pass in a machine_sid from the caller we need to
have a test on a Windows member if the .machine_rid values
really belong to the local machine sid.
At least [MS-DTYP] 2.4.2.4 Well-Known SID Structures
pretents "LA" and "LG" are relative to the local machine sid.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Mar 20 10:53:41 UTC 2023 on atb-devel-224
- - - - -
893cfefa by David Mulder at 2023-03-20T19:23:32+00:00
gpupdate: Test that PAM Access uses winbind separator
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35380fa6 by David Mulder at 2023-03-20T20:20:41+00:00
gpupdate: Use winbind separator in PAM Access Policies
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 20 20:20:41 UTC 2023 on atb-devel-224
- - - - -
be1aae77 by Joseph Sutton at 2023-03-21T01:19:16+00:00
libcli/security: Reorder SDDL access flags table to match Windows
This means that encoding an ACE in string form will now match Windows.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Mar 21 01:19:16 UTC 2023 on atb-devel-224
- - - - -
9053862b by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
lib/ldb-samba: let ldif_read_ntSecurityDescriptor() only try sddl if isupper()
Trying ndr_pull_security_descriptor on SDDL produces just strange
debug messages, which can cause confusion.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9d8ff0d1 by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
replace: add ARRAY_INSERT_ELEMENT() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c3cb915a by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
Often it is important to insert an ace at a specific position in the
ACL. As a default we still append by default by using -1, which is the
generic version of passing the number of existing aces.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2c023780 by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
libcli/security: add security_descriptor_[s|d]acl_insert() helpers
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9ea06aaf by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
py_security: allow idx argument to descriptor.[s|d]acl_add()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4627997d by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
python/samba/ndr: add ndr_deepcopy() helper
This uses ndr_pack/unpack in order to create a deep copy
of the given object.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8411e6d3 by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
python:sd_utils: introduce update_aces_in_dacl() helper
This is a more generic api that can be re-used in other places
as well in future. It operates on a security descriptor object instead of
SDDL.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a1109a9b by Stefan Metzmacher at 2023-03-22T15:01:32+00:00
python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers
They better represent what they are doing, we keep dacl_add_ace()
as wrapper of dacl_prepend_aces() in order to let existing callers
work as before.
In future it would be good to have a dacl_insert_aces() that
would canonicalize the ace order before storing, but that a task
for another day.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6241380b by Stefan Metzmacher at 2023-03-22T15:57:15+00:00
samba-tool: rewrite dsacl.py to use the new sd_utils helpers
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Mar 22 15:57:15 UTC 2023 on atb-devel-224
- - - - -
211d19a0 by Joseph Sutton at 2023-03-22T18:40:31+00:00
ldb: Don't create error string if there is no error
We should only do this in the LDB_ERR_NO_SUCH_ATTRIBUTE case.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
545b40a7 by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4/dsdb/repl_meta_data: Pass NULL into ldb_msg_add_empty
We weren't doing anything with the passed-in 'el' afterwards, so this
was just confusing.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a625702 by Joseph Sutton at 2023-03-22T18:40:31+00:00
libcli/security: Correctly handle ACL deletion
If there were two consecutive occurrences of an ACL to be deleted, we
would miss the second one.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a326aec4 by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Don't pass a NULL pointer to krb5_pac_add_buffer()
Heimdal contains an assertion that the data pointer is not NULL. We need
to pass in a pointer to some dummy data instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e97ea3f by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Have samba_kdc_update_pac() take device parameters
These will be used later when we add support for compound
authentication.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6293782 by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Don't check PAC-OPTIONS claims-supported bit
Windows only consults the PAC-OPTIONS claims bit to find out whether or
not to add claims to the PAC if the ClaimsCompIdFASTSupport option is
set to 1. If this option is set to 2 or 3, the bit is ignored and claims
are always added.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c4f7e4b by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Don't modify cached user_info_dc SIDs
samba_kdc_get_pac_blobs() passes a pointer to a user_info_dc structure
obtained from samba_kdc_get_user_info_from_db() into
samba_add_asserted_identity(). The latter function modifies the SIDs of
the user_info_dc structure in order to add the Asserted Identity SID,
but samba_kdc_get_user_info_from_db() actually caches that structure
internally, meaning that subsequent calls will return the modified
structure.
We should not modify cached SIDs, so have
samba_kdc_get_user_info_from_db() return a pointer to constant data, and
copy the returned array of SIDs before adding the Asserted Identity SID.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fbed57b8 by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7b00ccc by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Rename claims_blob to client_claims_blob
This will not be the only claims blob. Later there will also be a
device_claims_blob.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d59e42a by Joseph Sutton at 2023-03-22T18:40:31+00:00
s4:kdc: Split samba_kdc_get_pac_blobs() into smaller functions
Instead of having one large function that returns every PAC blob, we now
have a more manageable assortment of smaller functions that each return
one blob.
That gives us more fine-grained handling of PAC blobs, with callers now
able to procure only the specific blobs that they need.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e3cbc2c by Joseph Sutton at 2023-03-22T19:36:28+00:00
s4:kdc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 22 19:36:28 UTC 2023 on atb-devel-224
- - - - -
7b0d5285 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: let OwnerGroupDescriptorTests.test_141() set the required ACE explicitly
All other tests use the same logic and run before, which means the ACE
is already there and is implicitly required.
As we want to cleanup the ACE after each test in the next step,
as the tests should not have side effects for other tests, e.g.
'blackbox.dbcheck'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e0a8e043 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: let OwnerGroupDescriptorTests() remove temporary ACEs on cleanup
Otherwise we impact other unrelated tests, e.g. 'blackbox.dbcheck'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2436d621 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: let AclUndeleteTests.test_undelete() remove the temporary ACE again
Otherwise we impact other unrelated tests, e.g. 'blackbox.dbcheck'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6de4849f by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: convert sec_descriptor.py to use assert[Not]In()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
731c85ad by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: allow sec_descriptor.py to run against Windows 2022
We need SEC_STD_DELETE in order to run the test twice against the same server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0217c50 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: add more detailed tests to sec_descriptor.py
These demonstrate how inherited aces are constructed and applies
per objectclass, with and without the NO_PROPAGATE_INHERIT flag.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb09c06d by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
libcli/security: rewrite calculate_inherited_from_parent()
This allows us to pass the new tests we just added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01400b59 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
blackbox/dbcheck: also run currently unused dbcheck_reset_well_known_acls
This makes sure that we detect if dbcheck --reset-well-known-acls
tries to reset to unexpected values, which we expect to currect in
recent provisions.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c35ae5a7 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
s4:dsdb/tests: use changetype: modify in order to delete a single attribute
'changetype: delete' is used to delete a whole object!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65294d56 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/tests: use changetype: modify in order to delete a single attribute
'changetype: delete' is used to delete a whole object!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65653bb0 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
schema_upgrade: add support for ntdsschemamodrdn and ntdsschemadelete
They are used in newer schema uprades from Microsoft.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fe87d3c by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
functional_prep: fix error handling in order to stop on the first error
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
838a36c7 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: ignore ldb.ERR_ATTRIBUTE_OR_VALUE_EXISTS in operation_ldif()
This matches what Windows is doing...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1f79a2e by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: only update SDDL for schema objects
Updates to domainDNS objects are done by the domain updates.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a89b158d by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: we don't need any controls to update sddl attributes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65275acf by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: make use of self.sd_utils.update_aces_in_dacl()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8c0e82f by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: be more verbose about updates
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a10f4f7c by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
domain_update: be more verbose about updates
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c87f2606 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
domain_update: make use of '"CN"' in sddl instead of using an explicit SID
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3dac8ef by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
domain_update: remove useless searches to '(objectClass=samDomain)'
samDomain is an auxiliary class of domainDNS, so we'll handle them
in the search for domainDNS anyway. In addition searches for auxiliary
classes will never be found in searches.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f860e19c by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
domain_update: make use of self.sd_utils.update_aces_in_dacl()
There's only a single domainDNS object in a domain and it's
the partition base object...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc5df801 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
This is needed in order to process schema updates.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e24e7b96 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
lib/ldb: re-order code in ldb_ldif_to_pyobject()
We don't allow MODRDN and DELETE for now as they
don't work as is anyway. We'll add these in the next steps.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ad3c1a6 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: let modify_ldif() verify the changetype value
DELETE and MODRDN are not really supported yet.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7055ec0a by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50112219 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: add support for LDB_CHANGETYPE_DELETE to modify_ldif()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
167f0235 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17ce8bea by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: add support for LDB_CHANGETYPE_MODRDN to modify_ldif()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2fbfa0f by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: adapt ms_forest_updates_markdown.py to the latest Forest-Wide-Updates.md
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcce25ae by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: adapt ms_schema[_markdown].py to the latest schema definitions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4b87dd5 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
setup/ad-schema: add the latest v1803 and v1903 schema files from Microsoft
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c405f211 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
setup/adprep: import the latest {Domain-Wide,Forest-Wide,Read-Only-Domain-Controller,Schema}-Updates.md
We have Domain-Wide-Updates.md and Read-Only-Domain-Controller-Updates.md only
for completeness, they are not parsed/used yet, so we added .unused in
order to avoid confusion in future.
Initially I tried to go with an ms_domain_updates_markdown.py,
but it is easier to add the current updates by hand to
domain_update.py, which will follow in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c8f8efb3 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
forest_update: behave more like a Windows 2022 server
It means we apply updates from 11-142 and list
all known updates. It turns out that update 53 is actually
update 54...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e024f65 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
domain_update: implement updates 82-89 in order to reach the latest w2016 level
I implemented them by looking at
source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused
and looking at a network capture where a Windows 2022 joins an
Windows 2008R2 domain.
The strange thing is that Windows (tested with server 2022) uses
c81fc9cc-0130-f4d1-b272-634d74818133 for update 83, while
Domain-Wide-Updates.md and a fresh installation use
c81fc9cc-0130-4fd1-b272-634d74818133. In order to match a fresh
installation we use c81fc9cc-0130-4fd1-b272-634d74818133.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e855fe20 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python/samba: let get_domain_descriptor() include adprep 2016 ACEs
We need to make sure a new provision as well as dbcheck
--reset-well-known-acls include acls used by adprep 2016,
otherwise we would undo the adprep result.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da74c3fd by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
samba-tool: allow 'domain level raise' to support level 2016
We don't support anything higher than 2008_R2 in Samba, but
it's possible to run this against a remove server too.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
245a8aaf by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
samba-tool: let 'domain functionalprep' to use functional level 2016 by default
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90faa58e by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
samba-tool: let 'domain schemaupgrade' to use the 2019 schema by default
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6d9f376 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
samba-tool: let 'domain provision' to use the 2019 schema by default
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bba2657 by Stefan Metzmacher at 2023-03-22T22:10:32+00:00
python:provision: run adprep as part of provision
With the default of base_schema=2019 we'll adprep to 2016.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86b63536 by Stefan Metzmacher at 2023-03-22T23:05:39+00:00
python:join: run domain adprep as part of join_provision_own_domain()
This is currently unused as we don't support more than one
domain per forest, but it will help it future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 22 23:05:39 UTC 2023 on atb-devel-224
- - - - -
fdb7ec64 by Andrew Bartlett at 2023-03-23T07:16:34+00:00
script/autobuild: Use python logger to print times on log lines to aid in debugging.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0b29e12d by Andrew Bartlett at 2023-03-23T07:16:34+00:00
script/autobuild: Use --verbose to control python logger verbosity
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c6e1e5aa by Andrew Bartlett at 2023-03-23T07:16:34+00:00
script/autobuild: Use logger.debug() for debug messages (visible with --verbose)
Lots of the autobuild.py log outputs are really debugging, so should be
controlled as such.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d43f6fb3 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/tests: let linked_attributes.py use a container as testbase
The tests don't require an organizationalUnit as parent object
and it makes it possible to create msDS-KeyCredential objects
within the container in the next step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21f4317a by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/tests: let a test to demonstrate the behavior of invisible backlinks
msDS-KeyCredentialLink/msDS-KeyCredentialLink-BL are defined as linked attribute pair,
but msDS-KeyCredentialLink-BL is not defined as allowed on any object class definition,
still it's possible to create msDS-KeyCredentialLink attributes.
msDS-KeyPrincipal/msDS-KeyPrincipalBL are also defined as linked attribute pair
and msDS-KeyPrincipalBL is only allowed on object class 'user', but it's possible
to create msDS-KeyPrincipal values pointing to non 'user' objects.
The result is that 'user' objects have a visible msDS-KeyPrincipalBL, but
the others don't have msDS-KeyPrincipalBL visible, by default.
The backlinks are always visible if the backlink attributes are
explicitly requested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd359623 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/schema: remember if a backlink attribute is not allowed on class 'top'
Backlink attributes which are not "allowed" in objectClass 'top'
are always possible, but only visible by default based on the
real objectClass.
In order to avoid pay the cost for finding out if a backlink
should be visible or not, we remember a 'bool bl_maybe_invisible'
both on the forward link as well as the backlink dsdb_attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9391ec4 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s3:dsdb/repl_meta_data: fix possible memleak on error in replmd_modify_la_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e519416e by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/repl_meta_data: check replmd_add_backlink() result in replmd_modify_la_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36bd0287 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/util: split out dsdb_module_obj_by_guid() from dsdb_module_dn_by_guid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9fac2e9 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/repl_meta_data: let replmd_process_backlink() use dsdb_module_obj_by_guid()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2340443c by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/repl_meta_data: let replmd_process_backlink() use the source_dn variable
We first create source_dn as trimmed down copy of bl->forward_dn
and then only use it for debug messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ee7d232 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/common: rename DSDB_RMD_FLAG_INVISIBLE to DSDB_RMD_FLAG_HIDDEN_BL
DSDB_RMD_FLAG_INVISIBLE was introduced in commit
00b39c70f57882a453a8d2e6b0f1f37fd39a2d2a, but never used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
732bf816 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/repl_meta_data: let replmd_process_backlink() set DSDB_RMD_FLAG_HIDDEN_BL is needed
If we find that the backlink should not be visible on the given objectClass
by default, we now set DSDB_RMD_FLAG_HIDDEN_BL.
We'll evaluate that in the next commits in order to hide the
backlink by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea4f2b9f by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/objectclass_attrs: allow all backlinks even if not allowed by the schema
This only verifies internals store operations, adding invalid forward
links is already checked in other places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06fb5cdf by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/extended_dn_out: make use of the existing have_reveal_control variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad3694c4 by Stefan Metzmacher at 2023-03-23T07:16:34+00:00
s4:dsdb/extended_dn_out: use dsdb_dn_val_rmd_flags() instead of dsdb_dn_is_deleted_val()
We now check for DSDB_RMD_FLAG_DELETED, as we'll check for
DSDB_RMD_FLAG_HIDDEN_BL in the next step and it's better to
call dsdb_dn_val_rmd_flags() just once.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7ef43ce by Stefan Metzmacher at 2023-03-23T08:19:20+00:00
s4:dsdb/extended_dn_out: hide backlinks with DSDB_RMD_FLAG_HIDDEN_BL by default
Backlinks which are not allowed by the schema are hidden by default,
so we already set DSDB_RMD_FLAG_HIDDEN_BL on store, so we have a cheap
way to hide the backlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 23 08:19:20 UTC 2023 on atb-devel-224
- - - - -
6d7d8293 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:client: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
2e10481d by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:common: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
44bde7a7 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:include: Remove trailing whitespaces in ctdb_protocol.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
200bc1f9 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:include: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
59af5049 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:server: Remove trailing whitespaces in ctdb_recover.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
19f418b6 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:server: Remove trailing whitespaces in ctdb_server.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
7749df49 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:server: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
7aeed61d by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:tcp: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
9a37aa39 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:tests: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
88ee870e by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:tool: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
8ccd9155 by Andreas Schneider at 2023-03-24T07:01:31+00:00
ctdb:utils: Remove trailing whitespaces in scsi_io.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
d964700a by Andreas Schneider at 2023-03-24T07:57:37+00:00
ctdb:utils: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 24 07:57:37 UTC 2023 on atb-devel-224
- - - - -
a11d6fe5 by Pavel Filipenský at 2023-03-28T08:36:50+00:00
s3:winbind: Fix wrong string zero termination for empty groups
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Mar 28 08:36:50 UTC 2023 on atb-devel-224
- - - - -
71eb85bc by Andreas Schneider at 2023-03-28T09:33:31+00:00
s3:utils: Fix grammar in testparm
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
98c14205 by Andreas Schneider at 2023-03-28T09:33:31+00:00
auth: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
b1767d50 by Andreas Schneider at 2023-03-28T09:33:31+00:00
buildtools: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
4ada0dde by Andreas Schneider at 2023-03-28T09:33:31+00:00
examples: Remove trailing whitespaces in ol-schema-migrate.pl
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
ff46836e by Andreas Schneider at 2023-03-28T09:33:31+00:00
examples: Remove trailing whitespaces in mklogon.conf
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
1ba146dd by Andreas Schneider at 2023-03-28T09:33:31+00:00
examples: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
d1db4ac0 by Andreas Schneider at 2023-03-28T09:33:31+00:00
examples: Remove trailing whitespaces in smb.conf.default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
34251ba8 by Andreas Schneider at 2023-03-28T09:33:31+00:00
examples: Improve comment in smb.conf.default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
ec3229ed by Andreas Schneider at 2023-03-28T09:33:31+00:00
s3:libsmb: Remove trailing whitespaces in clientgen.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cfc31bfe by Andreas Schneider at 2023-03-28T10:27:19+00:00
s3:libsmb: Fix conflicting declaration/implementation
../../source3/libsmb/clientgen.c:61:19: error: conflicting types for
‘cli_state_create’ due to enum/integer mismatch; have
‘struct cli_state *(TALLOC_CTX *, int, const char *, int
, int)’ {aka ‘struct cli_state *(void *, int, const char *, int,
int)’} [-Werror=enum-int-mismatch]
61 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
| ^~~~~~~~~~~~~~~~
In file included from ../../source3/libsmb/libsmb.h:28,
from ../../source3/libsmb/clientgen.c:22:
../../source3/libsmb/proto.h:180:19: note: previous declaration of
‘cli_state_create’ with type
‘struct cli_state *(TALLOC_CTX *, int, const char *,
enum smb_signing_setting, int)’ {aka ‘struct cli_state *(void *, int,
const char *, enum smb_signing_setting, int)’}
180 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
| ^~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Mar 28 10:27:19 UTC 2023 on atb-devel-224
- - - - -
553948ba by Andreas Schneider at 2023-03-29T16:57:33+00:00
s3:waf: Fix One Definition Rule (ODR) violation of libsecrets3
==7109==ERROR: AddressSanitizer: odr-violation (0x7f7d682b4f00):
[1] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
[2] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
These globals were registered at these points:
[1]:
#0 0x7f7d6843eda8 (/lib64/libasan.so.8+0x3eda8)
#1 0x7f7d682970ed in _sub_I_00099_1 (bin/shared/private/libsecrets3-samba4.so+0x1a0ed)
#2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
#3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26
[2]:
#0 0x7f7d6843eda8 (/lib64/libasan.so.8+0x3eda8)
#1 0x7f7d65d423fb in _sub_I_00099_1 (bin/shared/private/libndr-samba4.so+0x3423fb)
#2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
#3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be4e3bb2 by Andreas Schneider at 2023-03-29T16:57:34+00:00
Add .clangd configuration file
This is supported since clang 11.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffdfb78d by Andreas Schneider at 2023-03-29T17:54:05+00:00
buildtools: Remove compile_commands.json symlink
We are telling clangd with the .clangd project config file where to find it.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 29 17:54:05 UTC 2023 on atb-devel-224
- - - - -
443572ce by Volker Lendecke at 2023-03-29T17:55:50+00:00
winbind: Factor out idmap_config_name()
3 times is enough, next patch will add a 4th one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6499a2dc by Volker Lendecke at 2023-03-29T17:55:50+00:00
winbind: Add idmap_config_string_list()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c9c709e3 by Volker Lendecke at 2023-03-29T17:55:50+00:00
idmap: Initialize struct idmap_ad_context
We'll add another pointer next that should be initialized to NULL
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3fdf8d15 by Volker Lendecke at 2023-03-29T17:55:50+00:00
idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.
Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f9849dbf by Volker Lendecke at 2023-03-29T17:55:51+00:00
tests: Slightly simplify test_idmap_ad.sh
ldbmodify can change multiple objects in one run
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b755b81d by Volker Lendecke at 2023-03-29T17:55:51+00:00
test: Add a test for "deny ous"
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
006fe806 by Jeremy Allison at 2023-03-29T17:55:51+00:00
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
76573d6d by Jeremy Allison at 2023-03-29T18:58:33+00:00
s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
- - - - -
5533ae3b by Andreas Schneider at 2023-03-30T07:12:31+00:00
lib:talloc: Move talloc_get_size() out of the talloc reference group
This is not specific to talloc references.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f448a164 by Volker Lendecke at 2023-03-30T08:08:32+00:00
pyldb: Fix a copy&paste error, CID 1524512 DEADCODE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Mar 30 08:08:32 UTC 2023 on atb-devel-224
- - - - -
a87aae52 by Joseph Sutton at 2023-03-31T01:48:30+00:00
third_party/heimdal: Import lorikeet-heimdal-202303200103 (commit 2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0a2e8db by Joseph Sutton at 2023-03-31T01:48:30+00:00
third_party/heimdal_build: Remove MD2
This is to adapt to Heimdal:
commit 3a5e91eca26284661fd2294dfc485305e5d5cc3d
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Oct 25 22:20:45 2022 -0500
hcrypto: Remove MD2 with prejudice
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bd3b452 by Joseph Sutton at 2023-03-31T01:48:30+00:00
s4:kdc: Split verifying a PAC out of updating it
This is to adapt to the changed Heimdal KDC plugin API.
When we add support for device claims, we want to be able to verify the
PAC of the armor ticket without modifying or updating it. Previously, we
couldn't do this as the two operations were tightly intertwined. Now the
parts that only perform verification are split out into a new function,
samba_kdc_verify_pac().
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03d9b7b8 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2cba54ba by Andrew Bartlett at 2023-03-31T01:48:30+00:00
selftest: Add python test that verifies that we can parse a PAC
This give us a building block to test the PAC claims format
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
976dfc75 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
pidl: Allow variable expansion (eg of a value() attribute) in compression_alg argument
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0ab5552c by Andrew Bartlett at 2023-03-31T01:48:30+00:00
lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
This allows the calculation of the worst case to be shared with callers.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e37f20fb by Andrew Bartlett at 2023-03-31T01:48:30+00:00
lib/compression: Fix documentation of lzxpress_huffman_compress()
The "inconvenience function" takes one type, and converts it to another
but the documentation was not updated.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
053aa516 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4e32ea15 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1dedffab by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
937bf4b8 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.
This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8c58da34 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
libndr/ndr: Add NDR_COMPRESSION_INVALID
This will help make a mapping from wire-specified compression
algorithms to our available choices safer by allowing an invalid
choice to map to NDR_COMPRESSION_INVALID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b95117dc by Andrew Bartlett at 2023-03-31T01:48:30+00:00
libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
Removing the unused arguments avoids thier value being calculated in the
PIDL generated code, which can be expensive.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c85cadf1 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Add a "NONE" compression format to libndr
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
327c84cf by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
Rather than just pick the next value we re-arrange compression values
in libndr to be memnonic to values in MS Windows ntifs.h
This helps avoid confusing developers who compare these
algorithms with local the MS Windows interface.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0ef71cf1 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
pidl: Automatically manage creating and freeing the compression state in generated code
Manually written code will handle this differently, but for generated code
this will create and free the context.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c6981f60 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
This means that the generic_mszip_free() will still be called on failure.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2d2f6823 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
librpc/ndr: Use libndr compression for claims
This ensures our python layer and C layer (in the KDC, when implementated)
use the same compression logic and so allows us to test the production
compression via the IDL-generated interfaces.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f951c3b3 by Andrew Bartlett at 2023-03-31T01:48:30+00:00
sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
This confirms that the compression is transparent and that the
values from a PAC with claims provided by MS Windows are parsed
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ea4be003 by Andrew Bartlett at 2023-03-31T02:50:30+00:00
selftest: Add test parsing krb5 PAC claims via ndrdump
Including
* compressed claims
* plain (uncompressed) claims
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 31 02:50:30 UTC 2023 on atb-devel-224
- - - - -
bb92df7c by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share.
Even if the client claims it's a DFS pathname. Matches what Windows does if it gets
a DFS pathname on a non-DFS share.
Remove samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
test knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4c5a07ed by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination.
That's an SMB1 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
377c50ab by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information().
We're going to change the SMB2 path handling for DFS and I
really don't want to try and mix these changes into the
existing smb_file_link_information() code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3fdc892 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname.
They're an SMB1 thing, not an SMB2 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1b510ca2 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2().
It now looks like all other SMB2 path processing and
we can proceed to strip the DFS prefixes from SMB2 pathnames
before further processing.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
39ad689e by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Add utility function smb2_strip_dfs_path().
Removes any DFS prefix from an SMB2 name. This will
enable me to clean up the mess around SMB2 DFS path
processing, remove some knownfails and eventually
make it much easier to add SMB3+POSIX path processing
now it can ignore DFS prefixes. Original idea from
Volker.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2c40e289 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2().
In smb2, smb1req->flags2 now never uses FLAGS2_DFS_PATHNAMES,
ucf_flags never has UCF_DFS_PATHNAME, and all calls to check_path_syntax_smb2()
pass "false" in this is_dfs parameter.
Remove all knownfails for smb2.SMB2-DFS* tests.
Now I can clean up check_path_syntax_smb2() and add
an assertion into filename_convert_dirfsp_nosymlink() that
UCF_DFS_PATHNAME is *NEVER* set in the ucf_flags for an
SMB2 connection.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
31f5c714 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
34fabc26 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2().
check_path_syntax_smb2() is now a simple wrapper around check_path_syntax().
Leave it alone for now to keep things separate when we add SMB3+POSIX parsing.
check_path_syntax_smb2_msdfs() is now no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
06c73873 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
66d7996d by Ralph Boehme at 2023-03-31T05:12:32+00:00
s3: smbd: Add utility function smb1_strip_dfs_path().
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
8ad023c1 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
666e42ef by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_nt_transact_create()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0089ea2a by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d5b5589d by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
004d14a0 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_checkpath()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
00c83643 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_getatr
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0cb37f78 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_setatr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba325ca2 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4fbaae2 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_open_and_X()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
574b1369 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_mknew()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d298ff7 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_ctemp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ff2473b by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_unlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9c151af3 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_mkdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4449167 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_rmdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3a87ffb by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c4e4c22 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96765e53 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_trans2open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
adb34770 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
32a1f381 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6187aaaa by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc3df8f5 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_trans2mkdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f539e632 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in reply_search()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f32215db by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: use smb1_strip_dfs_path() in call_trans2findfirst()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
777e324e by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS.
Ensure we strip from ucs_flags before calling filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e0ac0a25 by Ralph Boehme at 2023-03-31T05:12:32+00:00
smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3f48b05 by Jeremy Allison at 2023-03-31T05:12:32+00:00
s3: smbd: Remove now unused dfs_filename_convert().
And all the static functions it called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
360b7394 by Jeremy Allison at 2023-03-31T06:07:01+00:00
s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now
pass it with the new SMB1 remove DFS paths before pathname processing
changes.
Note, we still fail:
smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\)
smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\)
even with the new SMB1 remove DFS paths before pathname
processing as those tests test *very* specific Windows behaviors. We now
pass many more of the individual internal tests, but
in order to pass them all completely I need to add
specific --with-sambaserver checks to avoid some
of the Windows DFS SMB1 insanity (error messages).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224
- - - - -
2534aba9 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: turn domain.py into a module
The domain.py file has become quite large at over 5000 lines, splitting it now before adding more sub commands.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d6a2b01 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: fix unused imports
Fix existing unused imports first, before splitting the file.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6cecd7d0 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move domain_backup.py to domain/backup.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d26054d7 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move classicupgrade command to domain/classicupgrade.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72f6f7a7 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move dcpromo command to domain/dcpromo.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c22b8dc1 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move demote command to domain/demote.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
908f7ff5 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move functional_prep command to domain/functional_prep.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fefa5e74 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move info command to domain/info.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8001e077 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move join command to domain/join.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12d5ea7f by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move keytab command to domain/keytab.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7ad2364 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move leave command to domain/leave.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d4f6761 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move level command to domain/level.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49bc6a47 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move paswordsettings command to domain/passwordsettings.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5986937d by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move provision command to domain/provision.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dff87f05 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75e7935b by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a71bade by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move tombstones command to domain/tombstones.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44f881fd by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: domain: move trust command to domain/trust.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01c6bc55 by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: simplify boolean check
Should use "is" for checking booleans rather than "==" in Python, however these can also be simplified.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a4f4b39 by Rob van der Linde at 2023-03-31T07:25:32+00:00
sd_utils: fix typo in get_sd_as_sddl docstring
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf0a3a8c by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: add claim sub-commands to samba-tool domain
Claim Type:
* samba-tool domain claim claim-type list
* samba-tool domain claim claim-type create
* samba-tool domain claim claim-type delete
* samba-tool domain claim claim-type modify
* samba-tool domain claim claim-type view
Claim Value Type:
* samba-tool domain claim value-type list
* samba-tool domain claim value-type view
To add a claim type use the attribute name, it will look up the attribute in the attribute schema and use that data type and description.
Claim types can be protected from accidental deletion just like Windows, use --protect
To delete protected claim types use --force.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5a0d7aa by Rob van der Linde at 2023-03-31T07:25:32+00:00
netcmd: tests for claims client tool
Added delete protected test to known fail as Samba doesn't seem to enforce this yet.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
619caa1b by Rob van der Linde at 2023-03-31T08:25:11+00:00
docs: update manpage for samba-tool
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224
- - - - -
570a3ac8 by Joseph Sutton at 2023-03-31T08:29:32+00:00
ldb: Split out ldb_val_as_dn() helper function
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f41f9880 by Joseph Sutton at 2023-03-31T08:29:32+00:00
ldb: Add ldb_val -> bool,uint64,int64 parsing functions
These functions allow us to parse any value of a message element, not
only the first. They also unambiguously indicate whether an error has
occurred.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
652c10a5 by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val()
This looks up a schema attribute by its CN, similar to
dsdb_class_by_cn_ldb_val().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3afac3f8 by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4:kdc: Add utility functions for AD claims
get_claims_for_principal() is a new function that creates a claims blob
for a principal based on attributes in the database.
It's not hooked into the KDC yet, so this entails no change in
behaviour.
Constructed claims and certificate claims are not supported yet.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a205568e by Joseph Sutton at 2023-03-31T08:29:32+00:00
libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58f93271 by Joseph Sutton at 2023-03-31T08:29:32+00:00
tests/krb5: Don't expect client claims to be missing
For this particular test, we don't care whether they're present or not.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e17892b7 by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4:torture: Assert that SID parsing succeeds
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
149a515f by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4:torture: Make use of torture_assert_sid_equal()
This gives a more helpful diagnostic message.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f53dd59 by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4-dsdb: Account for Claims Valid SID in tokenGroups
More of these tests now pass against Windows. They still don't quite all
pass, but that's something to fix for another day.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9ff6542 by Joseph Sutton at 2023-03-31T08:29:32+00:00
selftest: Account for have_fast_support in determining whether FAST is supported
have_fast_support is unconditionally set to 1, so this doesn't change
any behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e446e581 by Joseph Sutton at 2023-03-31T08:29:32+00:00
s4:kdc: Add support for AD client claims
We now create a client claims blob and add it to the PAC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
874e10ef by Joseph Sutton at 2023-03-31T09:30:17+00:00
s4:kdc: Add support for AD device claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 31 09:30:17 UTC 2023 on atb-devel-224
- - - - -
a8329d25 by Jeremy Allison at 2023-03-31T20:22:38+00:00
s3: smbd: Flatten the check_path_syntax_smb2() wrapper.
Keep it, rather and move all SMB2 code to check_path_syntax()
as I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
adfa3a42 by Jeremy Allison at 2023-03-31T20:22:38+00:00
s3: smbd: Add check_path_syntax_smb2_posix().
Not yet used. Simple wrapper, identical to check_path_syntax_posix().
I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f33ea95 by David Mulder at 2023-03-31T20:22:38+00:00
smbd: Ensure share root POSIX attrs are cleared after mode_fn
The call to mode_fn (smbd_dirptr_lanman2_mode_fn)
was filling the cleared attributes back in to the
stat. Ensure the clear happens after this call.
Signed-off-by: David Mulder <dmulder at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
09221cea by Jeremy Allison at 2023-03-31T20:22:38+00:00
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
We must always do SMB3+POSIX operations on fsp's opened with a posix create context.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d220e31 by Jeremy Allison at 2023-03-31T20:22:38+00:00
s3: smbd: Correctly process SMB3 POSIX paths in create.
Remove knownfail for posix path handling of case/reserved char
Signed-off-by: David Mulder <dmulder at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
47f40109 by Ralph Boehme at 2023-03-31T21:21:57+00:00
smbd: squash check_path_syntax() variants
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224
- - - - -
12c8b67e by Volker Lendecke at 2023-04-01T05:25:28+00:00
torture3: Add tdb-validate test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bea154c9 by Volker Lendecke at 2023-04-01T05:25:28+00:00
lib: Fix tdb_validate() for incorrect tdb entries
We should not overwrite the "rc=1" initialization with the tdb_check
retval. This will lead to tdb_validate_child() returning 0 even when
validate_fn() found invalid entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c66f6c58 by Amir Goldstein at 2023-04-01T06:23:36+00:00
torture/smb2: do not use client time in delayed timestamp updates test
Client time cannot be compared to server timestamp, because the clocks
on client and server may not be in sync.
Compare server timestamps, only to previous timestamps read from server.
Signed-off-by: Amir Goldstein <amir at ctera.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Apr 1 06:23:36 UTC 2023 on atb-devel-224
- - - - -
9b6f49d4 by David Disseldorp at 2023-04-03T03:56:35+00:00
s3:modules: call rpcgen only if vfs_nfs4acl_xattr is enabled
rpcgen may be missing, so wrap all of the vfs_nfs4acl_xattr associated
calls in an appropriate if bld.SAMBA3_IS_ENABLED_MODULE() check.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8720a25d by Dmitry Antipov at 2023-04-03T03:56:35+00:00
s4:libnet: cleanup py_net_time()
Fix size of buffer passed to and always check the value returned
from strftime(), raise PyErr_NoMemory() and return NULL if zero,
or use it with PyUnicode_FromStringAndSize() (thus avoiding extra
internal call to strlen()) otherwise.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f59e813c by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:addns: Rename additionals to additional
Fixes code spelling.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f2858ea by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:addns: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e3bac47 by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:audit_logging: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d39558c by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:cmdline: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d409c16 by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:compression: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b712191 by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:crypto: Improve comment about weak crypto
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3289e734 by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:dbwrap: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bfa2c29 by Andreas Schneider at 2023-04-03T03:56:35+00:00
lib:fuzzing: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b1d2051 by Andreas Schneider at 2023-04-03T04:53:05+00:00
lib:krb5_wrap: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Apr 3 04:53:05 UTC 2023 on atb-devel-224
- - - - -
38d2ca0a by Volker Lendecke at 2023-04-04T07:04:13+00:00
smbd: Indicate posix pathnames if SMB311 POSX cc requested
Avoid making smb311 posix extensions a global thing. Posix clients
could request non-posix behaviour on individual create calls.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Apr 4 07:04:13 UTC 2023 on atb-devel-224
- - - - -
856f5841 by Andreas Schneider at 2023-04-04T07:31:36+00:00
Fix spelling in README.Coding.md
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e081fa4c by Andreas Schneider at 2023-04-04T07:31:36+00:00
bootstrap: Fix spelling in README.md
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
409ede2d by Andreas Schneider at 2023-04-04T07:31:36+00:00
ctdb:doc: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0007102d by Andreas Schneider at 2023-04-04T07:31:36+00:00
docs-xml: Fix spelling in manpages
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9d4915c by Andreas Schneider at 2023-04-04T07:31:36+00:00
docs-xml: Fix spelling in smb.conf manpage
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bb75c54 by Andreas Schneider at 2023-04-04T07:31:36+00:00
docs-xml: Fix spelling in Samba-Developers-Guide
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc28daa6 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:common: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f75adc48 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:include: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
594d6ef4 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:ldb_key_value: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4eac2614 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:ldb_map: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
73d04200 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:ldb_sqlite3: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8c571e9 by Andreas Schneider at 2023-04-04T07:31:36+00:00
lib:ldb:nssldb: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
925b026a by Andreas Schneider at 2023-04-04T08:30:28+00:00
lib:ldb:tests: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 4 08:30:28 UTC 2023 on atb-devel-224
- - - - -
acf259c7 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:selftest: Move the smbget share to the provision function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
badbbceb by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:selftest: Move samba3.blackbox.smbget to ad_member
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c76563b by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:selftest: Pass REALM to samba.blackbox.smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1104916d by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Also clear the download area in smbget msdfs_link test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d81acef3 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add domain and UPN test for smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f3f8860 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add smbget msdfs link test with domain and UPN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34d4ac99 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Always cleanup when leaving smbget main()
This will not leak any memory. Also rename the bool to 'ok' for better
readability.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e07d0ac by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Add support for parsing domain/UPN in username for smbget
The smbget utility doesn't use the common command line parser, so it
doesn't support paring of DOMAIN/user or user at realm.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42b47e20 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Use long options for smbget in test_smbget.sh
This is more descriptive and will help with the next commit.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20b5d98c by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Use common command line parser for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f8a814c by Andreas Schneider at 2023-04-05T01:06:29+00:00
docs-xml: Update smbget manpage
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f531dd19 by Andreas Schneider at 2023-04-05T01:06:29+00:00
docs-xml: Remove smbgetrc manpage
This has been removed, we have support for an authentication file.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ada8cd6a by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Correctly wire encryption for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2ba7877 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add encryption test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
267ea547 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Correctly wire Kerberos support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9392a581 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add kerberos test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3fa25a77 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add a kerberos trust test for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de702cb5 by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:tests: Add test with testdenied_upn at REALM.upn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96914246 by Andreas Schneider at 2023-04-05T01:06:29+00:00
auth: Remove trailing white spaces in credentials.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97c0982b by Andreas Schneider at 2023-04-05T01:06:29+00:00
auth: Remove trailing white spaces in credentials_ntlm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61424dd2 by Andreas Schneider at 2023-04-05T01:06:29+00:00
auth: Add cli_credentials_is_password_nt_hash()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e22eccbe by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: Correctly wire NT hash support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
960fe1ca by Andreas Schneider at 2023-04-05T01:06:29+00:00
s3:utils: s3:utils: Correctly wire winbind ccache support for smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0d58855 by Andreas Schneider at 2023-04-05T01:06:29+00:00
Update WHATSNEW.txt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1174c6e by Joseph Sutton at 2023-04-05T01:06:29+00:00
librpc/ndr: Fix NULL pointer dereference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15348
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b96855f by Joseph Sutton at 2023-04-05T01:06:29+00:00
tests/krb5: Check only for the canonical representation of a security descriptor
As of commit be1aae77b7610933b1121f207e0a4df523c2d278, Samba only
produces the canonical form of a security descriptor.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8855b525 by Joseph Sutton at 2023-04-05T01:06:29+00:00
tests/krb5: Add methods to get authentication policy DNs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc4c51f3 by Joseph Sutton at 2023-04-05T01:06:29+00:00
tests/krb5: Add method to create an authentication silo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75aecbe6 by Joseph Sutton at 2023-04-05T01:06:29+00:00
tests/krb5: Add method to create authentication silo claim
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b72dde2 by Joseph Sutton at 2023-04-05T01:06:29+00:00
tests/krb5: Add tests for constructed (authentication silo) claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e258ea12 by Joseph Sutton at 2023-04-05T01:06:29+00:00
s4:kdc: Allocate claim value on values context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5d04a43 by John Mulligan at 2023-04-05T02:02:29+00:00
python:join: fix reused variable name in provision func
Recent updates to run adprep during the provision function re-used a
variable name that was already in use as a string. This reassignment
changed the type of the referenced object. This variable name is later
used to setup the mit krb5 kdc conf and expects the var to contain a
string. When executed with default cli options on a mit krb5 based build
samba tool fails with a traceback:
```
INFO 2023-03-23 21:22:50,399 pid:6
/usr/lib64/python3.10/site-packages/samba/provision/__init__.py #2021:
Fixing provision GUIDs
ERROR(<class 'AttributeError'>): uncaught exception - 'DomainUpdate'
object has no attribute 'upper'
File "/usr/lib64/python3.10/site-packages/samba/netcmd/__init__.py",
line 230, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.10/site-packages/samba/netcmd/domain.py",
line 555, in run
result = provision(self.logger,
File
"/usr/lib64/python3.10/site-packages/samba/provision/__init__.py", line
2408, in provision
create_kdc_conf(paths.kdcconf, realm, domain,
os.path.dirname(lp.get("log file")))
File
"/usr/lib64/python3.10/site-packages/samba/provision/kerberos.py", line
43, in create_kdc_conf
domain = domain.upper()
```
This change removes the re-use of the existing var name by chaining
the calls.
Fixes: 4bba26579d1
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 5 02:02:29 UTC 2023 on atb-devel-224
- - - - -
5fd0811f by Andrew Bartlett at 2023-04-05T02:10:34+00:00
CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects
This changes the slow aspect to be the object matching not the filter parsing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6d2d1e7d by Joseph Sutton at 2023-04-05T02:10:34+00:00
CVE-2023-0614 libcli/security: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7222faa by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently
It is better to explicitly abort than to dereference a NULL pointer or
try to read data cast to the wrong type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17feef18 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-acl: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca9c467e by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4397749 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1debb658 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
294a4f6e by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.
Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758ade97fb5e335029c7a1768094e70564.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b18ed9ae by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
721493f4 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
784a3427 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
131d4176 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.
The test is a near duplicate of the existing test for
ldb_filter_attrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f25b1756 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().
Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().
As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.
We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fffea590 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f154fad3 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own
In extended_dn_fix_filter() we had:
req->op.search.tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree);
which overwrote the parse tree on an existing ldb request with a fixed
up tree. This became a problem if a module performed another search with
that same request structure, as extended_dn_in would try to fix up the
already-modified tree for a second time. The fixed-up tree element now
having an extended DN, it would fall foul of the ldb_dn_match_allowed()
check in extended_dn_filter_callback(), and be replaced with an
ALWAYS_FALSE match rule. In practice this meant that <GUID={}> searches
would only work for one search in an ldb request, and fail for
subsequent ones.
Fix this by creating a new request with the modified tree, and leaving
the original request unmodified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3fa2cb5 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:
(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)
which, due to the extra characters, would fail to match anything.
Fix it to be:
(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16487691 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID
DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID was added in commit
08187833fee57a8dba6c67546dfca516cd1f9d7a.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f995c380 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdeb6ea1 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c334918 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da8138c5 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf()
This function parses a SID from an ldb_message, similar to
samdb_result_dom_sid(), but does it without allocating anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
748bbbe7 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-acl: Split out function to set up access checking variables
These variables are often used together, and it is useful to have the
setup code in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5d0e712 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.
Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.
Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.
As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a70c646 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it
If the AS_SYSTEM control is present, we know we have system privileges,
and have no need to call dsdb_module_am_system().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
197633cc by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Use binary search to check whether attribute is secret
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f31e413 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
449c2e99 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15eac767 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
In the unlikely case that someone adds a confidential indexed attribute
to the schema, LDAP search expressions on that attribute could disclose
information via timing differences. Let's not use the index for searches
on confidential attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f188b6a9 by Andrew Bartlett at 2023-04-05T02:10:35+00:00
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f6e93e2b by Andrew Bartlett at 2023-04-05T02:10:35+00:00
CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9b8dd83f by Andrew Bartlett at 2023-04-05T02:10:35+00:00
CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
dfe7b057 by Andrew Bartlett at 2023-04-05T02:10:35+00:00
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d2bbb47a by Joseph Sutton at 2023-04-05T02:10:35+00:00
ldb: Use correct member of union
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82d2ec78 by Andrew Bartlett at 2023-04-05T02:10:35+00:00
dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL
The confidential_attrs test no longer uses DC_MODE_RETURN_NONE we can now
remove the complexity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8b4e6f7b by Joseph Sutton at 2023-04-05T02:10:35+00:00
s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG
It's no longer used anywhere.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62cc4302 by Douglas Bagnall at 2023-04-05T02:10:35+00:00
CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c33e78a2 by Joseph Sutton at 2023-04-05T02:10:35+00:00
CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values
This early return would mistakenly allow an unprivileged user to delete
the dNSHostName attribute by making an LDAP modify request with no
values. We should no longer allow this.
Add or replace operations with no values and no privileges are
disallowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b74b9f4b by Rob van der Linde at 2023-04-05T03:08:51+00:00
CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 5 03:08:51 UTC 2023 on atb-devel-224
- - - - -
e1c0c206 by Andrew Bartlett at 2023-04-06T00:33:34+00:00
dsdb/tests: Move SD modification on class-created objects to classSetUp
These modifications persist, so should be done at the class level,
not in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
479634e4 by Andrew Bartlett at 2023-04-06T00:33:35+00:00
dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test
By slowing the filter down more this makes the test reliable on the
autobuild host.
This is not a long-term solution, but is a quick tweak that can be done
today to address current issues with getting commits past the host-based
(compared with cloud-based) autobuild.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
5abda27f by Rob van der Linde at 2023-04-06T00:33:35+00:00
dsdb: fix spelling in password_hash.c
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
928de1d6 by Rob van der Linde at 2023-04-06T00:33:35+00:00
dsdb/tests: Add test for modification of unicodePwd over a cleartext/signed connection
This demonstrates that the server did not detect CVE-2023-0922
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
112faff8 by Rob van der Linde at 2023-04-06T01:33:05+00:00
dsdb: modify unicodePwd requires encrypted connection
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Apr 6 01:33:05 UTC 2023 on atb-devel-224
- - - - -
3b585f9e by Stefan Metzmacher at 2023-04-06T12:51:30+00:00
testprogs/blackbox: add test_net_ads_search_server.sh
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0ef53b94 by Stefan Metzmacher at 2023-04-06T12:51:30+00:00
net_ads: fill ads->auth.realm from c->creds
We get the realm we use for authentication needs to
the realm belonging to the username we use.
We derive the username from c->creds, so we need to
do the same for the realm.
Otherwise we try to authenticate as the wrong user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e5ef368f by Andreas Schneider at 2023-04-06T12:51:30+00:00
lib:ldb:tests: Fix signedness build error
lib/ldb/tests/ldb_filter_attrs_in_place_test.c:836:55: error: pointer
targets in passing argument 1 of ‘_assert_string_equal’ differ in
signedness [-Werror=pointer-sign]
836 | assert_string_equal(msg->elements[0].values[0].data,
| ^
| |
| uint8_t * {aka unsigned char *}
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d8acec0c by Andreas Schneider at 2023-04-06T12:51:30+00:00
s3:selftest: Remove ad_dc_ntvfs for smbclient_machine_auth.plain
There is no need to run it against this environment and saves resources.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bfae4262 by Andreas Schneider at 2023-04-06T12:51:30+00:00
s3:tests: Use the CONFIGURATION passed down to the test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fa591f52 by Andreas Schneider at 2023-04-06T12:51:30+00:00
s3:tests: Correctly implement tests for forceuser/forcegroup
They used the tmp share ...
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d163d1ba by Andreas Schneider at 2023-04-06T12:51:30+00:00
s3:tests: Use CONFIGURATION passed down to the test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
938cbe07 by Andreas Schneider at 2023-04-06T12:51:30+00:00
s3:tests: Add exit code with failed tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
67535ac2 by Andreas Schneider at 2023-04-06T12:51:30+00:00
s4:torture: Remove trailing white spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6dc7ae8b by Andreas Schneider at 2023-04-06T12:51:30+00:00
s4:torture: Fix warning messages for smb.raw.session
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e69453fc by Andreas Schneider at 2023-04-06T12:51:30+00:00
s4:torture: Fix warning messages for smb2.session
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
33effa76 by Andreas Schneider at 2023-04-06T12:51:30+00:00
s4:torture: Extend smb2 session requested_life_time
It also only waits for the required amount of time elapsed. Hopefully
this should avoid running into timeouts.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
83fe7a03 by Andrew Bartlett at 2023-04-06T12:51:30+00:00
lib/util: Add "debug syslog format = always", which logs to stdout in syslog style
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ca7b7bde by Andrew Bartlett at 2023-04-06T13:44:47+00:00
selftest: Use "debug syslog format = always" in selftest
Some of the most difficult to debug issues in Samba development are around
timing, so this changes our default logging format in the selftest system
to include a high-resolution timestamp to help correlate bad events with
what else is going on at the same time.
This fits in well with the timestamps already logged into st/subunit
and may assist with correlation.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Apr 6 13:44:47 UTC 2023 on atb-devel-224
- - - - -
94778b66 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix running export.keytab heimdal test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12d44773 by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:tests: Reformat kerberos tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fa89f3a by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Use smbclient3 for kinit tests
smbclient3 has support for SMB2+.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ad6b6fe by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Use ad_dc environment for kinit tests
This makes sure they are run as part of "samba-addc-mit-1".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f228c57 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Correctly set configuration in test_kinit_mit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9441ca2 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Correctly set configuration in test_kinit_heimdal.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff77e910 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_export_keytab_heimdal.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2bd1e34 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_export_keytab_mit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62cfab55 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Specify the KRB5CCNAME on the command line
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e949bc4 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_kpasswd_heimdal.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41b4a2a2 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_kpasswd_mit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ed669ce by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Reformat samba4.blackbox.password_settings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3af471fe by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Use ad_dc env for samba4.blackbox.password_settings
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e7de6df by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_password_settings.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b780112 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Remove UID_WRAPPER_ROOT export
This is not needed, we only need it for smbpasswd and in order to get
root we need to set the ruid and euid, which we already do.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ea94c8e by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_kinit_trusts_heimdal.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f91f042c by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Pass configuration to test_kinit_trusts_mit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c042b1fb by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Reformat samba4.blackbox.rfc2307_mapping
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa2ece8f by Andreas Schneider at 2023-04-06T13:45:35+00:00
s4:selftest: Move rfc2307_mapping test to ad_dc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6cf609e by Andreas Schneider at 2023-04-06T13:45:35+00:00
nsswitch:tests: Use configuration variable passed to test_rfc2307_mapping.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5bf365d by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_kinit_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aea8611b by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_kinit_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
715f7c46 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Use common binary detection functions in test_kinit_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
deff4666 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_kinit_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d63419f by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_kinit_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de8a0ee0 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Merge kinit tests into a single script for MIT and Heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7402c34 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Remove unused test_kinit_(heimdal|mit).sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58ca1484 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_kinit_trusts_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccce9d3f by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01b1dd8f by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbf756bb by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_kinit_trusts_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f18ca8a5 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Merge kinit trust tests into a single script for MIT and Heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51cebd4b by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Remove unused test_kinit_trusts_(heimdal|mit).sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b21e492 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_export_keytab_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e560cf8a by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_export_keytab_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24599099 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Reformat test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
deb9d1f6 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Fix shell arithmetic in test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9a9cb03 by Andreas Schneider at 2023-04-06T13:45:35+00:00
testprogs: Merge export keytab tests into a single script for MIT and Heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
484bf9c4 by Andreas Schneider at 2023-04-06T14:47:20+00:00
testprogs: Remove unused test_export_keytab_(heimdal|mit).sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 6 14:47:20 UTC 2023 on atb-devel-224
- - - - -
c50cde0c by Andreas Schneider at 2023-04-06T15:42:12+00:00
python:tests: Correctly skip some GPO tests in release tarball
These tests require provision data we do not ship in release tarballs.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Apr 6 15:42:12 UTC 2023 on atb-devel-224
- - - - -
e3b9e252 by Dmitry Antipov at 2023-04-06T16:46:03+00:00
lib:registry: drop unused argument of reg_open_remote()
Drop 'struct auth_session_info *' argument of reg_open_remote()
which is actually unused (NULL passed by all of the callers).
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 6 16:46:03 UTC 2023 on atb-devel-224
- - - - -
2e8954d5 by Ralph Boehme at 2023-04-06T22:01:29+00:00
CI: add a test creating a vetoed file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b23a4a7 by Ralph Boehme at 2023-04-06T23:03:50+00:00
smbd: Prevent creation of vetoed files
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.
In order to correctly distinguish between the cases
1) file doesn't exist, we may be creating it, return
2) a vetoed a file
we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 6 23:03:50 UTC 2023 on atb-devel-224
- - - - -
3633027e by Ralph Boehme at 2023-04-07T21:12:21+00:00
rpcd_mdssvc: initialize POSIX locking
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:
#4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
#5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
#6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
#7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
#8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
#9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
#10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
#11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
#12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
#13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
#14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
#15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
#16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
#17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
#18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
#19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
#20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]
The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 7 21:12:21 UTC 2023 on atb-devel-224
- - - - -
a1231c15 by Andreas Schneider at 2023-04-09T09:49:30+00:00
s3:libads: Remove executable bit from ldap.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4fc16662 by Remi Collet at 2023-04-09T09:49:30+00:00
libsmb: fix regression on smbc_getxattr and fix doc
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Remi Collet <rcollet at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0cd66fe6 by Remi Collet at 2023-04-09T10:44:38+00:00
libsmb: Fix test for smbc_getxattr
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Remi Collet <rcollet at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Apr 9 10:44:38 UTC 2023 on atb-devel-224
- - - - -
9580d66b by Andreas Schneider at 2023-04-11T09:06:35+00:00
Makefile: Fix spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8f18fadd by Andreas Schneider at 2023-04-11T09:06:35+00:00
ctdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3c96f7d8 by Andreas Schneider at 2023-04-11T09:06:35+00:00
docs-xml: Fix spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bca9c059 by Andreas Schneider at 2023-04-11T09:06:35+00:00
dynconfig: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e288aca9 by Andreas Schneider at 2023-04-11T09:06:35+00:00
examples: Fix spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
5e9bfcf4 by Andreas Schneider at 2023-04-11T09:06:35+00:00
lib:ldb: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4b12dc1f by Andreas Schneider at 2023-04-11T09:06:36+00:00
lib:messaging: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
25e1987e by Andreas Schneider at 2023-04-11T09:06:36+00:00
lib:param: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8c32a475 by Andreas Schneider at 2023-04-11T09:06:36+00:00
lib:pthreadpool: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f1209a7a by Andreas Schneider at 2023-04-11T09:06:36+00:00
lib:replace: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ad7418d2 by Andreas Schneider at 2023-04-11T10:08:54+00:00
lib:replace: Fix snprintf of rep_inet_ntop()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 11 10:08:54 UTC 2023 on atb-devel-224
- - - - -
d788d3d9 by Andrew Bartlett at 2023-04-11T13:47:01+00:00
s3-client: Provide more information on protocol negotiation failures
In particular, this may help track down REASON: Exception: Exception: protocol negotiation failed: NT_STATUS_IO_TIMEOUT
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 11 13:47:01 UTC 2023 on atb-devel-224
- - - - -
e0e58ed0 by Stefan Metzmacher at 2023-04-12T12:48:35+00:00
smbXsrv_tcon: avoid storing temporary (invalid!) records.
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.
The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:
Invalid record in smbXsrv_tcon_global.tdb:key '2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error
The blob looks like this:
[0000] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 ........ ........
[0010] 00 00 00 00 4A ED A0 2C 4A ED A0 2C 00 00 00 00 ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00 00 00 00 00 FF FF FF FF .K...... ........
[0030] 4D 59 9B 9F 83 F4 35 20 36 D2 B0 82 62 68 D9 01 MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 .....
The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.
But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52c78466 by Stefan Metzmacher at 2023-04-12T13:51:50+00:00
vfs_fruit: avoid using 'conn->tcon->compat', we can just use 'conn'!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Apr 12 13:51:50 UTC 2023 on atb-devel-224
- - - - -
91e1898f by Joseph Sutton at 2023-04-12T13:52:31+00:00
tests/krb5: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45ff5a81 by Joseph Sutton at 2023-04-12T13:52:31+00:00
tests/krb5: Fix comment indentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
911f607e by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb:large_ldap: Fix typos in variable names
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1cf1e688 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb:large_ldap: Correctly increment count variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5f24d0ad by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb:large_ldap: Fix disabled test
This test was silently skipped due to setUpClass() throwing a NameError.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ec069f1b by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb:large_ldap: Assert that we got all the entries
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7cb9620f by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb:large_ldap: Note that we don't check that an error was raised
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
52e626a8 by Joseph Sutton at 2023-04-12T13:52:31+00:00
pytest/acl: Remove unused remnants of source4/dsdb/tests/python/acl.py
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e4b81f7f by Joseph Sutton at 2023-04-12T13:52:31+00:00
samba-tool domain: Initialise variables before attempting to use them
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1469c19b by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4:kdc: Remove unused parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
88c1b493 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4:kdc: Allocate memory on a temporary context
We should not allocate memory on a longer-lived context than necessary.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
81bfa752 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4:kdc: Fix typos in comments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5459217b by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4:kdc: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
90a042e9 by Joseph Sutton at 2023-04-12T13:52:31+00:00
talloc: Put comment back in appropriate place
This comment originally referred, not to a va_copy() call, but to the
use of &c with vsnprintf() rather than passing in NULL with a length of
zero.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
064d8a3d by Joseph Sutton at 2023-04-12T13:52:31+00:00
talloc: Remove unneeded va_copy()
We don't use 'ap' again after this.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3d935fdc by Joseph Sutton at 2023-04-12T13:52:31+00:00
ldb: Remove old misleading comments
Commit bed9efa6cda17ecca91bdf71227ec656b94dcf94 introduced
ldb_msg_add_linearized_dn() to replace ldb_msg_add_dn(), but retained
the now-incorrect associated comment. The comment later made its way
into a function added later by commit 'CVE-2022-32746 ldb: Add functions
for appending to an ldb_message'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cb3c344a by Joseph Sutton at 2023-04-12T13:52:31+00:00
ldb: Remove misleading comment
That an attribute has been access checked doesn't mean that the user has
the right to view it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0ff26aa0 by Joseph Sutton at 2023-04-12T13:52:31+00:00
ldb: Don't wrongly claim to return message elements
If the LDB_UNPACK_DATA_FLAG_NO_ATTRS flag is set, we don't return any
elements, so we should set num_elements accordingly. This ensures
callers don't try to access elements that aren't there.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aedbee5f by Joseph Sutton at 2023-04-12T13:52:31+00:00
ldb: Fix function documentation to be consistent
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6ef23456 by Joseph Sutton at 2023-04-12T13:52:31+00:00
ldb: Avoid undefined pointer arithmetic
Computing a pointer that points outside of an array, and not to one past
the last element, is undefined behaviour. To avoid this, do our
comparisons in terms of lengths, not pointers.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f2bccf1 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4/dsdb/util: Make some arrays static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0ec0a04d by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb: Remove is_attr_in_list()
ldb_attr_in_list() already exists and does essentially the same thing.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc7911e7 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb: Check correct ldb opaque variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
047214be by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4/dsdb/cracknames: Remove unneeded attribute
The cracknames code never uses this.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
12d990ac by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-acl: Make parameter const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b5b611d9 by Joseph Sutton at 2023-04-12T13:52:31+00:00
posix_acls: Don't skip ACEs in merge_default_aces()
If we remove the i'th element, we should decrement i so that we don't
skip over the succeeding element.
If we remove the j'th element, we should decrement j and continue around
the loop, so as not to skip subsequent elements.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f273dcf6 by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-drs: Don't skip over elements in uref_del_dest()
If we remove an element, we should not skip over the element following.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5b7ee73c by Joseph Sutton at 2023-04-12T13:52:31+00:00
pysmbd: Fix typo in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fd159aaa by Joseph Sutton at 2023-04-12T13:52:31+00:00
librpc/ndr: Add missing newlines to error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
440c3e86 by Joseph Sutton at 2023-04-12T13:52:31+00:00
ctdb:tool: Remove unnecessary strlen()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
894500b6 by Joseph Sutton at 2023-04-12T13:52:31+00:00
pyldb: Handle allocation failure
If we don't check for NULL after each loop iteration, the failure could
be masked in the next iteration by talloc_asprintf_append() allocating
on the NULL context. That could result in values getting lost.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a1e64e57 by Joseph Sutton at 2023-04-12T13:52:31+00:00
libndr: Handle allocation failure
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
78ca3e16 by Joseph Sutton at 2023-04-12T13:52:31+00:00
smbd/notify: Handle allocation failure
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2de0e1dc by Joseph Sutton at 2023-04-12T13:52:31+00:00
s3:net_usershare: Handle allocation failure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
03bd1b8e by Joseph Sutton at 2023-04-12T13:52:31+00:00
s4-dsdb: Handle allocation failure
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e0db10cf by Joseph Sutton at 2023-04-12T13:52:32+00:00
s3:net_usershare: Correctly escape newline in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b1df85e7 by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Fix comparison
SC2039: In POSIX sh, == in place of = is undefined.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
833cefe8 by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Make testit_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.
Adjust all callers expecting the opposite behaviour to match.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
60c501b3 by Joseph Sutton at 2023-04-12T13:52:32+00:00
nsswitch:tests: Remove unused functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b62b0bd6 by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Make test_smbclient_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.
Adjust all callers expecting the opposite behaviour to match.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dfb088aa by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Return correct status code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
23d2c9cb by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Make test_rpcclient_expect_failure_grep() return 0 on success
This is more consistent with the behaviour of the other expect_failure
functions.
Adjust all callers expecting the opposite behaviour to match.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ae5fafa9 by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Have testfail() return 0 on success
This is more consistent with the other testing functions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4726541a by Joseph Sutton at 2023-04-12T13:52:32+00:00
s3:script: Always return a non-zero status code on failure
If $expected didn't match $received, these functions would still return
zero.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f407b3ec by Joseph Sutton at 2023-04-12T13:52:32+00:00
testprogs: Return correct status code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aa05498b by Joseph Sutton at 2023-04-12T13:52:32+00:00
s3:tests: Correct condition
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8e7c7680 by Joseph Sutton at 2023-04-12T13:52:32+00:00
s3:selftest: Enable winbindd for maptoguest environment
This is required for the samba3.blackbox.guest test to work. Without it,
the test fails to find a group map.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8e7abe72 by Joseph Sutton at 2023-04-12T13:52:32+00:00
s4:torture: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
91ed2f3d by Joseph Sutton at 2023-04-12T13:52:32+00:00
selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6abc50c9 by Joseph Sutton at 2023-04-12T13:52:32+00:00
s4:rpc_server: Handle LDB_ERR_NO_SUCH_ATTRIBUTE when deleting group
This is what source4/torture/rpc/samr.c:test_AddGroupMember() in the
test 'samba4.rpc.samr' expects.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6a3accec by Joseph Sutton at 2023-04-12T13:52:32+00:00
s4:rpc_server: Ensure EnumDomainUsers() doesn't return a NULL array
This is what source4/torture/rpc/samr.c:test_EnumDomainUsers_all() in
the test 'samba4.rpc.samr' expects, and allows that test to pass.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2aa9fae1 by Joseph Sutton at 2023-04-12T13:52:32+00:00
s4:torture: Correctly zero structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
80c54843 by Joseph Sutton at 2023-04-12T13:52:32+00:00
s4:torture: Don't try to close the connection after running disconnect tests
dcerpc_mdssvc_close() would always fail with
STATUS_CONNECTION_DISCONNECTED, causing the testsuite as a whole to
fail.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
44d03bf4 by Joseph Sutton at 2023-04-12T13:52:32+00:00
lib/torture: Don't overwrite test outcomes
If a test fails an assertion, and later calls torture_skip() to skip
part of the test, the TORTURE_SKIP result will overwrite the
TORTURE_FAIL result, and the overall outcome will be successful.
To avoid this, we now arrange possible outcomes in order of priority,
and ensure we always keep the higher priority one.
This reveals some failing tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
839ca0cd by Joseph Sutton at 2023-04-12T13:52:32+00:00
selftest: Only run clusteredmember tests if ctdb is built
Trying to run any of these tests without having built ctdb results in a
failure, as the environment cannot be started.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
62893486 by Joseph Sutton at 2023-04-12T13:52:32+00:00
selftest: Fix samba3.clustered.smb2.deny.deny2 test
This test failed to start, emitting the following error:
Unknown torture operation 'clustered.smb2.deny.deny2'
To fix this, remove the 'clustered.' prefix from the test name.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ff55b3d by Joseph Sutton at 2023-04-12T14:57:55+00:00
selftest: Catch error codes from failing testsuites
Testsuites declared with functions such as plantestsuite() are not run
directly, but are piped through filter-subunit. The overall exit code of
the executed test command is that returned by the last command in the
pipeline (that is, filter-subunit), and thus the actual testsuite return
code is lost.
A real consequence of this is that an error in setUpClass() in a Python
testsuite causes the whole testsuite to be skipped silently.
The --fail-on-empty option partially addressed this, but didn't help if
the testsuite contained multiple test classes, only one of which
contained an error.
We now use bash with the pipefail option, which makes the return code of
the last failing command into the return code of the entire pipeline.
That means that we properly fail if a testsuite returns a non-zero exit
code, but doesn't otherwise exhibit any failures in its output.
This doesn't help for cases where a testsuite has other failing tests
that become xfails due to knownfail entries. In that case, the overall
'testsuite-failure' will be turned into 'testsuite-xfail' by
filter-subunit and the silent failures will remain unheeded. Still, this
is better than the existing situation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 12 14:57:55 UTC 2023 on atb-devel-224
- - - - -
53f0a292 by Stefan Metzmacher at 2023-04-12T20:29:05+00:00
selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
The value of NSS_WRAPPER_HOSTNAME needs to match value
we put into the NSS_WRAPPER_HOSTS file.
We had a mismatch of
idmapridmember.samba.example.com
vs.
idmapridmember.addom.samba.example.com
This causes getaddrinfo() in nss_wrapper to fallback to
the libc version, which talks to a dns server.
It's not clear if recent glibc code will reach resolve/socket wrapper.
So it's not unlikely that idmapridmember.samba.example.com will
be passed via the internet, which causes delays up to 20 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15355
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Apr 12 20:29:05 UTC 2023 on atb-devel-224
- - - - -
9d42ba76 by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:replace: Remove trailing white spaces in xattr.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8d647f2f by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:replace: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
189f156c by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:smbconf: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c6e1a949 by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:socket: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b6de03c7 by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:talloc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2afd7b1b by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:tdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6eed0c12 by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:tevent: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
89d5c0dc by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:tsocket: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b3271603 by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:util: Remove trailing white spaces in byteorder.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
cfa53c8a by Andreas Schneider at 2023-04-14T05:25:33+00:00
lib:util: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
31418f95 by Pavel Filipenský at 2023-04-14T06:18:18+00:00
testprogs: Set PREFIX_ABS before it is used in test_primary_group.sh
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 14 06:18:18 UTC 2023 on atb-devel-224
- - - - -
45f026c4 by Christof Schmitt at 2023-04-14T12:28:23+00:00
debug: Only initialize gpfs wrapper when gpfs logging is enabled
This avoids unnecessary attempts to load libgpfs.so when it is not
needed.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Apr 14 12:28:23 UTC 2023 on atb-devel-224
- - - - -
081e808a by Volker Lendecke at 2023-04-17T17:14:37+00:00
streams_depot: Create files when requested
If you set "create mask = 0600" no streams will be created....
Tested manually. Not creating an automated test for this, there are so
many places where this can go wrong that testing this individual
glitch does not gain us much confidence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15357
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0327334c by Volker Lendecke at 2023-04-17T17:14:37+00:00
tests: Show that streams_depot and shadow_copy2 don't play together
See the next patch, we assert in shadow_copy2_openat() over paths
passed in from shadow_copy2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
526f381f by Volker Lendecke at 2023-04-17T18:11:07+00:00
shadow_copy2: Fix stream open for streams_depot paths
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
- - - - -
1e738cb0 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Introduce type-safe struct cli_smb2_create_flags
This makes it clearer what to pass into the create_flags argument to
cli_smb2_create_fnum(). There was already confusion in
source3/torture/test_smb2.c: It passed in
SMB2_OPLOCK_LEVEL_NONE (which was okay because it #defines to 0), but
it should have been a straight 0, for example
SMB2_OPLOCK_LEVEL_EXCLUSIVE would have been wrong.
This way adding other flags (.nofollow comes to mind) will be much
easier to handle.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2446ea91 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Make cli_qpathinfo2_done() parse the results
Make it easier to do an async SMB2 version
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e0f94071 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Make cli_smb2_qpathinfo2() asynchronous
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
061aaf86 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Slightly simplify smbc_init()
Reduce indentation with an early return, review with git show -w
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
64ea0029 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Avoid an explicit ZERO_STRUCTP with calloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
13187d1f by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Simplify SMBC_add_cached_server()
ENOMEM is the only error condition we have
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
76497f70 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Make setting errno safer in SMBC_add_cached_server()
DEBUG should preserve errno, but make this more obvious.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
efdae5d2 by Volker Lendecke at 2023-04-18T14:58:36+00:00
smbd: Fix a DBG statement
This is not smbd_smb2_create_send() anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
33194ad2 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Adapt cli_echo_send() to modern conventions
Nowadays we rather do protocol-specific _done() functions, and overall
this cuts a few lines.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
86868cb0 by Volker Lendecke at 2023-04-18T14:58:36+00:00
smbd: Save 488 bytes RSS
With this ld.so does not have to relocate the string pointers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
03b55232 by Volker Lendecke at 2023-04-18T14:58:36+00:00
libsmb: Return [MS-SMB2] 2.2.14 SMB2 CREATE Response flags field
Not used yet, mostly for completeness.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
af91bcb3 by Volker Lendecke at 2023-04-18T15:58:42+00:00
pylibsmb: Return "flags" in create_returns
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Apr 18 15:58:42 UTC 2023 on atb-devel-224
- - - - -
6e525d55 by David Mulder at 2023-04-19T21:21:10+00:00
gp: Fix NameError: free variable 'cron_dir' in Crontab CSE
An apply reports the error "NameError: free
variable 'cron_dir' referenced before assignment
in enclosing scope". This only happens when no
policy is defined for this CSE, because existing
policy causes the variable to be defined.
Moved the 'cron_dir' varilable to the correct
scope.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Wed Apr 19 21:21:10 UTC 2023 on atb-devel-224
- - - - -
b5a66840 by Andreas Schneider at 2023-04-19T21:29:33+00:00
s3:tests: Create a temporary directory for test_veto_files.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2acbd3f by Andreas Schneider at 2023-04-19T21:29:33+00:00
s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9eb44306 by Andreas Schneider at 2023-04-19T22:30:19+00:00
s3:lib: Do not try to match '.' and '..' directories in is_in_path()
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 19 22:30:19 UTC 2023 on atb-devel-224
- - - - -
c4410914 by Andreas Schneider at 2023-04-20T11:59:31+00:00
s3:libsmb: Mark smbc_set_credentials() as deprecated
This will issue a compiler warning!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
092a6a62 by Andreas Schneider at 2023-04-20T11:59:31+00:00
s3:utils: Use smbc_set_credentials_with_fallback() for smbget
smbc_set_credentials() is deprecated.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
ba4c322a by Andreas Schneider at 2023-04-20T11:59:32+00:00
s3:libsmb: Also deprecate smbc_init()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
3c50a921 by Andreas Schneider at 2023-04-20T12:56:53+00:00
s3:client: Remove unused tree.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 20 12:56:53 UTC 2023 on atb-devel-224
- - - - -
24dd4561 by Andreas Schneider at 2023-04-21T13:59:29+00:00
python:tests: Skip the source_chars test if not a git dir
This test doesn't work in release tarballs. Skip it if git fails.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Apr 21 13:59:29 UTC 2023 on atb-devel-224
- - - - -
eafcef18 by Stefan Metzmacher at 2023-04-24T14:13:35+00:00
s3:locking: fix debug level for NT_STATUS_NOT_FOUND messanges in get_static_share_mode_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15362
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Apr 24 14:13:35 UTC 2023 on atb-devel-224
- - - - -
d5b8b804 by Alexander Bokovoy at 2023-04-25T07:46:36+00:00
Add ROLE_IPA_DC into two more places
Missed two more places originally when introduced ROLE_IPA_DC.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Tue Apr 25 07:46:36 UTC 2023 on atb-devel-224
- - - - -
8aab8d6c by Volker Lendecke at 2023-04-26T06:27:31+00:00
ldb: Add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0575cc4b by Volker Lendecke at 2023-04-26T06:27:31+00:00
ldb: Allow extended operations through ildap
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e88332cb by Volker Lendecke at 2023-04-26T06:27:31+00:00
ldb: Implement ldap_whoami in pyldb
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a00af01e by Volker Lendecke at 2023-04-26T06:27:31+00:00
ldap_server: Implement the rfc4532 whoami exop
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8027283d by Volker Lendecke at 2023-04-26T07:20:14+00:00
tests: Test ldap whoami exop
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Apr 26 07:20:14 UTC 2023 on atb-devel-224
- - - - -
3e6a6c00 by Andreas Schneider at 2023-04-27T07:21:33+00:00
lib:krb5_wrap: Fix debug statements when princ_s is NULL
In file included from source4/include/includes.h:61,
from lib/krb5_wrap/krb5_samba.c:23:
lib/krb5_wrap/krb5_samba.c: In function ‘smb_krb5_kt_seek_and_delete_old_entries’:
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1753:25: note: in expansion of macro ‘DEBUG’
1753 | DEBUG(5, (__location__ ": Saving previous (kvno %d) "
| ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1763:25: note: in expansion of macro ‘DEBUG’
1763 | DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
| ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1769:17: note: in expansion of macro ‘DEBUG’
1769 | DEBUG(5, (__location__ ": Found old entry for principal: %s "
| ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1787:17: note: in expansion of macro ‘DEBUG’
1787 | DEBUG(5, (__location__ ": removed old entry for principal: "
| ^~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c6fb4bf by Andreas Schneider at 2023-04-27T07:21:33+00:00
dfs_server: Fix debug statement if searched_site is NULL
In file included from source4/include/includes.h:61,
from dfs_server/dfs_server_ad.c:21:
dfs_server/dfs_server_ad.c: In function ‘get_dcs.constprop’:
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
dfs_server/dfs_server_ad.c:462:25: note: in expansion of macro ‘DEBUG’
462 | DEBUG(2,(__location__ ": Site: %s %s\n",
| ^~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
732efb3d by Andreas Schneider at 2023-04-27T07:21:33+00:00
s3:torture: Remove trailing white spaces in locktest2.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5e9c2bc by Andreas Schneider at 2023-04-27T07:21:33+00:00
s3:torture: Fix possible array out of bounds access
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:331:37: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
331 | fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:316:62: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
316 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:300:60: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
300 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60f9396a by Alexander Bokovoy at 2023-04-27T07:21:33+00:00
wafsamba: Normalize strings in gdb output when comparing ABI
This fixes an issue with gdb >= 13:
libndr.so: symbol ndr_transfer_syntax_ndr64 has changed
old_signature: uuid = {
time_low = 1903232307,
time_mid = 48826,
time_hi_and_version = 18743,
clock_seq = "\203\031",
node = "\265\333\357\234\314\066"
}, if_version = 1
new_signature: uuid = {
time_low = 1903232307,
time_mid = 48826,
time_hi_and_version = 18743,
clock_seq = "\203\031",
node = "\265\333\357\234\3146"
}, if_version = 1
\314\066 and \3146 are the same as \066 translates into the char '6'. In order
to address this we should do byte comparison in python.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Alexander Bokovoy <ab at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fad7f77d by Andreas Schneider at 2023-04-27T07:21:33+00:00
selftest:knownfail: Update S4U knownfail for MIT KRB5 1.20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e38f8640 by Andreas Schneider at 2023-04-27T08:22:58+00:00
gitlab-ci: Update Fedora to version 38
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 08:22:58 UTC 2023 on atb-devel-224
- - - - -
a269ab4a by Andreas Schneider at 2023-04-27T08:32:37+00:00
s3:lib: Move ad_unpack() debug message to notice level
We should give a good warning message one level above.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6490ff63 by Andreas Schneider at 2023-04-27T09:25:50+00:00
s3:lib: Give better warnings about corrupted AppleDobule files
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 09:25:50 UTC 2023 on atb-devel-224
- - - - -
adcc92f8 by Andreas Schneider at 2023-04-27T14:25:38+00:00
libcli:auth: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e3a710f2 by Andreas Schneider at 2023-04-27T14:25:38+00:00
libcli:drsuapi: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fc7d58ee by Andreas Schneider at 2023-04-27T14:25:38+00:00
libcli:ldap: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e38f7cf4 by Andreas Schneider at 2023-04-27T14:25:38+00:00
libcli:security: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
dc96e9cf by Andreas Schneider at 2023-04-27T15:27:21+00:00
libcli:smb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Apr 27 15:27:21 UTC 2023 on atb-devel-224
- - - - -
9ab0d65f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
lib/fuzzing: add fuzzer for sddl_parse
Apart from catching crashes in the actual parsing, we abort if the SD
we end up with will not round trip back through SDDL to an identical
SD.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9abdd675 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
librpc/ndr/pysecurity: use better exceptions
The wrong string is the wrong value but the right type.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa378b4b by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:upgradeprovision: don't use misleading SDDL in tests
The ACE string "(A;CI;RP LCLORC;;;AU)", with a space after "RP", is
currently not parsed well by Samba.
At the moment we parse only the "RP" and ignore the " LCLORC". What
Windows would do is parse it as if it said "RPLCLORC", without the
space, thus using all the flags. It seems very likely we thought this
was happening with Samba.
Soon Samba will have Windows' behaviour here and it will be tested in
python/samba/tests/sddl.py. That means this test can relax and focus
on whatever it was trying to do with upgradeprovision. We thank it for
finding this discrepency.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
489cdc42 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
librpc/py_security: exception message blames the bad SID
It can be useful to know what you're looking for.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
708d9896 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: same timestamp for all tests in the run
We don't care about the exact time of the test, just that we
disambiguate between different runs (each run leaves an immutable scar
on the target server).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c4f4dc9 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: use hashed instead of random unique numbers
This removes the slim chance of flapping failures, and makes tracking
the created class back to the SID string theoretically possible.
To maintain uniqueness of the governs-id, we in chuck some of the
timestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5805dcf3 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: add a superclass, allowing for derivatives
This will allow e.g. a suite of tests that assert Windows behaviour that
we might not choose to follow.
Because @DynamicTestCase will mangle the class as it finds it, we can't
use SidStringTests itself as a superclass for others.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4380b469 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: allow other errors to be specified
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb356a8d by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: add explicit S-1-* sid tests
We are mostly testing edge cases around the handling of numeric
limits.
These tests are based on ground truth established by running them
against Windows.
Many fail against Samba, because the defaulSecurityDescriptor
attribute is not validated at the time it is set while on Windows it
is.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa04c387 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: separate out expected_sid formatting
This is going to be useful for another test, soon.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d75daa9 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: test the strings with local parsing
The reason the existing tests send the SID over the wire as SDDL for
defaultSecurityDescriptor is it is one of the few ways to force the
server to reckon with a SID-string as a SID. At least, that's the case
with Windows. In Samba we make no effort to decode the SDDL until it
comes to the time of creating an object, at which point we don't notice
the difference between bad SDDL and missing SDDL.
So here we add a set of dynamic tests that push the strings through our
SDDL parsing code. This doesn't tell us very much more, but it is very
quick and sort of confirms that the other tests are on the right track.
To run against Windows without also running the internal Samba tests,
add `SAMBA_SID_STRINGS_SKIP_LOCAL=1` to your environment variables.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f66b0f86 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: Windows and Samba divergent tests
The Samba side is aspirational -- what we actually do is generally
worse. However the Windows behaviour in these cases seems more
surprising still, and seems to be neither documented nor used.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
953ad43f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: test SIDs as search base
As a way of testing the interpretation of a SID string in a remote
server, we search on the base DN "<SID=x>" where x is a non-existent
or malformed SID.
On Windows some or all malformed SIDs are detected before the search
begins, resulting in a complaint about DN syntax rather than one about
missing objects.
>From this we can get a picture of what Windows considers to be
a proper SID in this context.
Samba does not make a distinction here, always returning NO_SUCH_OBJECT.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86606917 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: test SID DNs with ldb parsing
By using an ldb.Dn as an intermediary, we get to see which SIDs
Samba thinks are OK but Windows thinks are bad.
It is things like "S-0-5-32-579".
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4bbd944 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: do bad SIDS work in search filters?
Yes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe8ce9e3 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sid_strings: Do bad SIDs fail differently in simple-bind?
No.
That's good and expected because a failure here should fall back to the
next thing in the simple bind pecking order (canonical names).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2398faef by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security/dom_sid: remove a couple of lost comments
The second one came with code obsoleting the "BIG NOTE" about 10 years
ago, but that code later wandered off somewhere else.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f37f832 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: avoid overflow in revision number
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3cff563 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: stricter identauth parsing
We don't want octal numbers or overflows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67ff4ca2 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1149d391 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security/dom_sid: hex but not octal is OK for sub-auth
Following Windows, the numbers that would be octal (e.g. "0123") are
converted to decimal by skipping over the zeros.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f5737cb by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security/dom_sid: use (unsigned char) in isdigit()
The man page notes:
The standards require that the argument c for these functions
is either EOF or a value that is representable in the type
unsigned char. If the argument c is of type char, it must be
cast to unsigned char, as in the following example:
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22fe657c by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/sec/sddl decode: don't ignore random junk.
previously a string could have anything in it, so long as every second
character was ':'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b621c59f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/sec/sddl decode: allow hex numbers in SIDs
These occur canonically when the indentifier authority is > 2^32, but
also are accepted by Windows for any number.
There is a tricky case with an "O:" or "G:" SID that is immediately
followed by a "D:" dacl, because the "D" looks like a hex digit. When
we detect this we need to subtract one from the length.
We also need to do look out for trailing garbage. This was not an
issue before because any string caught by the strspn(...,
"-0123456789") would be either rejected or fully comsumed by
dom_sid_parse_talloc(), but with hex digits, a string like
"S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and
the "x0xabcxxx-X" would be skipped over. That's why we switch to using
dom_sid_parse_endp(), so we can compare the consumed length to the
expected length.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c97df17 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: test empty DACL with flags
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5abd687f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
lib/sec/sddl: allow empty non-trailing ACL with flags
The string "S:D:P" is parsed by us and Windows into a valid struct,
which has an empty DACL with the PROTECTED flag, and an empty SACL.
This is reconstructed in canonical order as "D:PS:", which Windows
will correctly parse, but Samba has assumed the "S" is a bad DACL
flag. Now we don't make that assumption.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11add4d6 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: allow decimal/octal numbers in SDDL access mask
This follows Windows and [MS-DTYP].
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56da318c by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: disallow sddl access masks greater than 32 bits
Our previous behaviour (at least with glibc) was to clip off the extra
bits, so that 0x123456789 would become 0x23456789. That's kind of the
obvious thing, but is not what Windows does, which is to saturate the
value, rounding to 0xffffffff. The effect of this is to turn on all
the flags, which quite possibly not what you meant.
Now we just return an error.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
251da186 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: ace type is not enum not flags
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16d2687c by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: do not pad sddl flags with zeros
We don't see this happening on Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75a089dc by Douglas Bagnall at 2023-04-28T02:15:36+00:00
test:bb/samba-tool ntacl: let return acl flag lack hex padding
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82b3281f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
s3:test_larg_acl: adapt for the canonical ACE flags format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e521b0a2 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:ntacls: adapt for canonical flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a655e7e4 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
py:provision: use canonical representation of ACE flags
This is because in ceetain places we compare strings rather than security
descriptors.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c08959d1 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:samba-tool ntacl: expect canonical ACE flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67500da1 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:posixacl: expect canonical ACE flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35bf8ff4 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytests/sddl: clarify boundaries between sddl cases
It is now easier to see where one SD ends and another starts.
Best looked at with -b or --word-diff.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
298821a8 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: give test more of a name
I think it worked, but the convention is that tests have a test_ prefix,
and it woudn't be surpoising if something somewhere decides to depend on
that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f87f6399 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: remove duplicate test case
The other copy is on line 102.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a24c520 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: assert sddl string equality
It's not that I think our SD equality check will miss anything, but we
are here to test things like that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec85c1fd by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: rework to allow multiple lists, no early stop
The test will fail right now because it makes round trip assertions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1107952c by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: remove unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4652d276 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest/sddl: split tests into canonical and non-canonical
The examples in the canonical list are already in the form that
Windows and Samba will use for that SD. We check the round trip.
The examples in the non-canonical list will change in a round trip, so
we also give the string we think they should end up as. These have
been checked on Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eac400b4 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: tweak some test strings
Adding, diversifying, and disambiguating. The leading portion of the
test stirngs will soon be used in the test name, and strings that
don't differ in the first hundred characters will cause naming
clashes. There is no good reason for them all to test the same flags
in the same order.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba6f4013 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: split each string into it's own test
This of course allows for fine-grained knownfails.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2009b56 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: allow tests to make negative assertions
If the subclass has `should_succeed = False`, all the cases
in that class will be tested to ensure they can't be
successfully parsed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb588d76 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: Add negative tests of unparseable strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97353c00 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: SDDL strings where Windows behaviour differs
These ones we might want to match. They are understandable behaviours,
like matching lowercase flags and coping with whitespace in some
places. These tests are set up to document the differences without
overwhelming the knownfails.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9e1fa34 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: SDDL parse tests to run on Windows
The C version tests the public SDDL API on Windows which seems to follow
Active Directory closely, though case in hex numbers is reversed vis-a-vis
defaultSecurityDescriptor.
The python version is less refined and tests powershell functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
030ce22f by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: helpers to exchange SDDL strings with Windows testprogram
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de6d4700 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: let hex numbers differ in case (0xa == 0xA)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d971228 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: add tests for long DACLs, differing flag interpretations
Windows converts hex numbers into flags differently, and has different
ideas of what constitutes "FA", and possibly others.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
396d2805 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
s3:torture:LOCAL-IDMAP-TDB-COMMON: avoid talloc stacktrace
The short version is:
Running LOCAL-IDMAP-TDB-COMMON
test_getnewid1: PASSED!
test_setmap1: PASSED!
test_unixid2sid1: PASSED!
test_sid2unixid1: could not create uid map!
TEST LOCAL-IDMAP-TDB-COMMON FAILED!
LOCAL-IDMAP-TDB-COMMON took 0.029819 secs
Freed frame ../../source3/torture/torture.c:15748, expected ../../source3/torture/test_idmap_tdb_common.c:986.
===============================================================
INTERNAL ERROR: Frame not freed in order. in pid 3692106 (4.19.0pre1-DEVELOPERBUILD)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 3692106): Frame not freed in order. in 4.19.0pre1-DEVELOPERBUILD
BACKTRACE: 11 stack frames:
#0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x32) [0x7f2f39b430ba]
#1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x1dd) [0x7f2f39b43037]
#2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x1c) [0x7f2f39b43056]
#3 bin/shared/libsamba-util.so.0(+0x75309) [0x7f2f3a659309]
#4 bin/shared/private/libtalloc-samba4.so(+0x5cc6) [0x7f2f3a758cc6]
#5 bin/shared/private/libtalloc-samba4.so(+0x6173) [0x7f2f3a759173]
#6 bin/shared/private/libtalloc-samba4.so(_talloc_free+0x10c) [0x7f2f3a75a54b]
#7 /data/samba/samba-review/bin/smbtorture3(main+0xa97) [0x55cb3dc8cedc]
#8 /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f2f396d4d90]
#9 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f2f396d4e40]
#10 /data/samba/samba-review/bin/smbtorture3(_start+0x25) [0x55cb3dc59895]
smb_panic(): calling panic action [/data/samba/samba-review/selftest/gdb_backtrace 3692106]
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96fe7ebe by Douglas Bagnall at 2023-04-28T02:15:36+00:00
s3:torture: sid2unixid2: DEBUG blames the right function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
faf1b80a by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli:security: sddl_map_flags rejects trailing nonsense
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c67f2292 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security: sddl_decode_access rejects trailing rubbish
Before we just ignored things like negative numbers, because they'd
end up being seen as not-numbers, so treated as flags, then as
not-flags.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7445aa6 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli:security: sddl_decode_ace: don't allow junk after SID
sddl_decode_sid() will stop at the first non-SID character. Windows
doesn't allow white space here, and nor do we.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0528da54 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl debugging: should_fail test says how it failed
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec2d2f8e by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: tests around spaces in access flags and SIDs
It turns out that in accesss flags Windows will allow leading spaces
and spaces separating flags but not trailing spaces.
We choose to follow this in part because we found it happening in the
wild in our tests for upgradeprovision until a few commits ago.
Windows will also allow spaces in some parts of SIDs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46793d38 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli:security:sddl_decode_access allows spaces between flags
because Windows does.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e90ba7e by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:sddl: test we only accept normal GUIDs
By normal GUID, I mean ones like f30e3bbf-9ff0-11d1-b603-0000f80367c1,
with four hyphens and no curly braces.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c1d9e92 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
pytest:large_ldap: use a valid ACE
Real ACEs don't have {} around their GUIDs. This will soon be banned.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0d47773 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
Before we would take strings in a variety of lengths and formats,
which is not what Windows does or [MS-DTYP] says.
This was found by looking at evolved fuzz seeds. Note the 16 and 32
byte sequences in GUID position below:
$ hd $(ls -t seeds/fuzz_sddl_parse/* | head -1)| head
00000000 44 3a 41 52 50 50 50 50 50 28 4f 4c 3b 3b 46 57 |D:ARPPPPP(OL;;FW|
00000010 3b 30 7e ff ff ff ff ff ff ff 2d 31 38 f5 ff ff |;0~.......-18...|
00000020 fb 3b 3b 52 43 29 28 4f 44 3b 3b 46 57 3b 3b 3b |.;;RC)(OD;;FW;;;|
00000030 52 43 29 28 4f 44 3b 3b 46 57 3b 30 30 ff ff ff |RC)(OD;;FW;00...|
00000040 fb 30 e9 9b 3c cf e6 f5 ff ff fb 3b 3b 52 43 29 |.0..<......;;RC)|
00000050 28 4f 44 3b 3b 46 57 43 52 3b 3b 3b 52 43 29 28 |(OD;;FWCR;;;RC)(|
00000060 4f 44 3b 3b 46 58 47 52 3b 3b 33 43 43 35 38 37 |OD;;FXGR;;3CC587|
00000070 32 35 44 44 44 44 44 44 44 44 44 44 44 44 44 44 |25DDDDDDDDDDDDDD|
00000080 44 44 44 44 44 44 44 44 44 44 3b 52 43 29 28 4f |DDDDDDDDDD;RC)(O|
00000090 44 3b 3b 46 58 3b 3b 3b 52 43 29 28 4f 44 3b 3b |D;;FX;;;RC)(OD;;|
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
334afc71 by Andrew Bartlett at 2023-04-28T02:15:36+00:00
pytest:sddl Samba had the wrong value for FA, now fix the tests
The tests that were in SddlWindowsFlagsAreDifferent have the behaviour
we want, and as we aim for Samba flags no longer being different, we
shift them to SddlNonCanonical. The tests in SddlSambaDoesItsOwnThing
are removed because they showed Samba's old behaviour around FA.
This will create knownfails, which will be fixed by the commit fixing the
value of "FA".
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9fc6062b by Andrew Bartlett at 2023-04-28T02:15:36+00:00
pytest:sddl: show the correct handling of the "FA" SDDL flag
The "FA" flag should map to 0x1f01ff, and 0x1f01ff should be converted
back into "FA".
This will be fixed over the next couple of commits.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0a153c1d by Noel Power at 2023-04-28T02:15:36+00:00
s3/utils: value for ace_flags value "FA" is incorrect
value for FA should be 0x001f01ff (instead of 0x00001ff)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d36bab52 by Noel Power at 2023-04-28T02:15:36+00:00
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.
While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)
Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.
adjust
samba4.blackbox.samba-tool_ntacl
samba3.blackbox.large_acl
samba.tests.samba_tool.ntacl
samba.tests.ntacls
samba.tests.posixacl
so various string comparisons of the sddl format now pass
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
[abartlet at samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
numbers, eg 0x001]
- - - - -
848bce06 by Douglas Bagnall at 2023-04-28T02:15:36+00:00
libcli/security/tests: test strings for windows and samba SDDL tests
These are produced by editing `python/samba/test/sddl.py to enable
`test_write_test_strings`, the running `make test TESTS='sddl\\b'`.
The windows executable from the C file added in a recent commit can
run these tests using the `-i` flag.
The Samba sddl.py tests can be induced to use them too, but that is
only useful for showing they are still in sync.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8bad5d5 by David Mulder at 2023-04-28T02:15:36+00:00
gpupdate: Implement get_gpo_list in python
The ADS code in libgpo is buggy. Rewrite
get_gpo_list in python using SamDB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac472610 by David Mulder at 2023-04-28T02:15:36+00:00
gpupdate: Deprecate libgpo.get_gpo_list
This is no longer used by gpupdate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee04bafc by David Mulder at 2023-04-28T02:15:36+00:00
gpo: Group Policy tests require a s3 loadparam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c80affe0 by David Mulder at 2023-04-28T02:15:36+00:00
Add a WHATSNEW entry indicating libgpo py deprecation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4486d686 by David Mulder at 2023-04-28T03:14:25+00:00
gp: Add site-dn fallback when rpc call fails
In testing I noticed that the rpc call for the
site name is failing when joined via SSSD. This
commit adds a fallback to check using the old
style method found in ads_site_dn_for_machine()
(which works, but doesn't obey the Group Policy
spec) if the rpc call fails.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr 28 03:14:25 UTC 2023 on atb-devel-224
- - - - -
de1fdf1e by Dmitry Antipov at 2023-04-28T14:19:12+00:00
s4:lib:policy: cleanup and handle errors in push_recursive()
Prefer 'char' and 'ssize_t' over 'int' for I/O-related
calls and handle more possible errors in push_recursive().
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Fri Apr 28 14:19:12 UTC 2023 on atb-devel-224
- - - - -
4dccf5af by Christof Schmitt at 2023-05-03T08:04:09+00:00
ctdb-recovery: Use correct struct ban_node_state type for state
If this codepath is hit, ctdb aborts with:
ctdb/server/ctdb_recovery_helper.c:2687: Type mismatch: name[struct ban_node_state] expected[struct node_ban_state]")
at ../../lib/talloc/talloc.c:505
Fix this by using the correct type.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed May 3 08:04:09 UTC 2023 on atb-devel-224
- - - - -
d2720a9e by Joseph Sutton at 2023-05-04T00:34:32+00:00
s3:utils: Use floating-point arithmetic when result is assigned to a double
This avoids any loss of precision from performing an integer division.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
11f36804 by Joseph Sutton at 2023-05-04T00:34:32+00:00
s3:utils: Use ‘int’ for popt parameters
Previously we were handing the addresses of bool parameters to popt for
POPT_ARG_NONE parameters. This is not supported, and popt was returning
POPT_ERROR_BADOPERATION for these parameters (not bundled popt, though,
nor on Debian or Ubuntu). Using integers instead ensures that these
addresses are aligned and sized as popt expects.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6752bcaf by Joseph Sutton at 2023-05-04T01:29:10+00:00
s3:utils: Move error-handling code into more suitable spot (CID 1524680)
The loop above would only exit once ‘c’ was equal to −1, and thus this
code could never be reached.
Also set ‘ok’ to false to indicate failure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 4 01:29:10 UTC 2023 on atb-devel-224
- - - - -
7dab9edc by Stefan Metzmacher at 2023-05-05T02:54:30+00:00
python:descriptor: add missing schema 2019 aces in builtin and dns partition
Note 'samba-tool domain functionalprep' won't fix them in the database,
while a fresh provision will add these.
This is needed in order that 'samba-tool dbcheck --reset-well-known-acls'
won't reset them after a modern provision and will fix them on an old
domain.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff2de50a by Andrew Bartlett at 2023-05-05T02:54:30+00:00
librpc: Fix talloc hierarchy for ndr_compression_state
The complexity of generic_mszip_free() is not needed, nor is a talloc
destructor required if the memory is correctly created in a tree.
Credit to OSS-Fuzz for showing the use-after-free
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57608
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15349
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
963688b3 by Andrew Bartlett at 2023-05-05T02:54:30+00:00
librpc: Always call ndr_push_compression_state_init() for compression
This allows the push routine to cache the chosen compression algorithm in
the struct ndr_compression_state in ndr->cstate and so, in claims, avoid
calling ndr_size_CLAIMS_SET_NDR() three times per compression (more in the
overall push).
As claims is now the primary use of the libndr compression code, this is
a reasonable tradeoff compared to the other callers who have more static
algorithm selections.
By removing the struct ndr_compression_state **state argument from
ndr_push_compression_state_init() we make clear that the ndr->cstate
belongs to this NDR context, and this context alone.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
34f378f4 by Joseph Sutton at 2023-05-05T02:54:30+00:00
auth/credentials: Allow resetting bind DN on Credentials object
Passing None into set_bind_dn() now resets it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58bf53c9 by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Split out functions for testing logons and password changes
This allows their use for testing other forms of restricted accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c07ac154 by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Remove test for OemChangePasswordUser2()
We don’t implement this anymore (since commit
0f53bfe7230c5e76f7ceb8baf98a9ef38a35356f).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4ec3d6f by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Pass client credentials down into kdc_exchange_dict
These are useful inside the test infrastructure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f3b7f95 by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Handle NT hashes being disabled
If NT hashes are disabled, we should not expect the RC4 enctype to be
available for non-computer accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4972272 by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Generify protected users test methods
We can reuse them to test accounts restricted authentication in some
form or another.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7b2cd7d by Joseph Sutton at 2023-05-05T02:54:30+00:00
tests/krb5: Add method to create an authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb4b46d3 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Allow creating an account with an assigned policy or silo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
722bbf05 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Remove unneeded assertions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07f3dbbf by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4:dsdb: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ba0953d by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a3dacd3 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Always heed the add_dollar parameter
Not just if the account to be created is a computer. This allows us to
create other types of accounts with a trailing dollar.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f5cebfe by Joseph Sutton at 2023-05-05T02:54:31+00:00
libds: Add Managed Service Accounts well-known GUID
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7295b1d by Joseph Sutton at 2023-05-05T02:54:31+00:00
pydsdb: Add Managed Service Accounts GUID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
762e1842 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Allow creating managed service accounts
These will be useful for testing authentication policies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a90a94f by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Test that the salt for a managed service account is computed correctly
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57d73b24 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Remove unused parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ae9fe48 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Fix parameter default
Now that add_dollar is honoured for all account types, we don’t want to
pass add_dollar=True for user accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6f29f00 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Allow setting a servicePrincipalName on a user account
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e41c73e by Joseph Sutton at 2023-05-05T02:54:31+00:00
lib/http: Remove unused structure
This is just a typo of ‘struct loadparm_context’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d497829b by Joseph Sutton at 2023-05-05T02:54:31+00:00
python/samba: Fix invalid escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd88d7a8 by Joseph Sutton at 2023-05-05T02:54:31+00:00
param: Fix resource leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
443d70ee by Joseph Sutton at 2023-05-05T02:54:31+00:00
lib:util: Fix undefined bitshift
runtime error: left shift of 65535 by 16 places cannot be represented in type 'int'
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd9eb634 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Refactor _test_samlogon()
Move logic specific to the Network logon into that branch, so it’s
easier to see what’s going on.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db889249 by Joseph Sutton at 2023-05-05T02:54:31+00:00
auth/credentials: Fix NULL dereference
We should not pass a NULL pointer to netlogon_creds_session_encrypt().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86f07cad by Joseph Sutton at 2023-05-05T02:54:31+00:00
docs-xml: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c4a71de by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4:kdc: Use correct target principal name in log message
‘tmp’ has already been freed by this point.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4dc9abc7 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Delete non-resuable accounts as soon as possible
This helps to mitigate Samba’s slow account deletion.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ae3499b by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Create account cache key only if needed
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37450ec3 by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4:kdc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2727e33d by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4/scripting/bin: Fix resource leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f993306 by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4/scripting/bin: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a7cbe1e by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Rename ‘auth_silo’ to ‘authn_silo’
Make it clear that this relates to authentication, not authorization.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d84f338 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Rename ‘objectclass’ to use correct case
This means that tests can now specify values for ‘objectClass’ in
additional_details which override the default value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab8a3e87 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Allow specifying an encoded security descriptor
If we get a string, we’ll still assume it’s a DN and create a security
descriptor using it.
This is useful in cases where we don’t have a DN (e.g., the account is
not created yet).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d206948 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Make use of check_tgs_reply()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87f7bd60 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Make _tgs_req() more configurable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f1852c9 by Joseph Sutton at 2023-05-05T02:54:31+00:00
s4:kdc: Remove unused parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
506c2d1b by Joseph Sutton at 2023-05-05T02:54:31+00:00
s3:lib: Fix typos
These typos were also spotted by a mailing list user:
https://lists.samba.org/archive/samba-technical/2023-April/138190.html
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a53d351 by Joseph Sutton at 2023-05-05T02:54:31+00:00
auth/credentials: Add set_nt_hash()
This method allows setting the NT hash directly. This is useful in cases
where we don’t know the password, such as with a computer or server
account.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98e23d7e by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Have set_forced_key() also set the NT hash
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e27b297 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Add remove_attribute() helper function
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9594855 by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Don’t delete silo until all tests have finished
It’s possible that we reuse the same silo across multiple tests. In that
case, we should not delete it until we are sure we have finished with
it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f60249ee by Joseph Sutton at 2023-05-05T02:54:31+00:00
tests/krb5: Improve _test_samr_change_password() method
Instead of using anonymous credentials, we now connect using the
passed-in credentials.
We now correctly construct nt_password and nt_verifier so as to
successfully change the password, instead of having to distinguish
between a WRONG_PASSWORD error and an error caused by the password
change being disallowed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eb45811 by Joseph Sutton at 2023-05-05T02:54:31+00:00
lib:addns: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6258173a by Joseph Sutton at 2023-05-05T03:52:30+00:00
s4:kdc: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 5 03:52:30 UTC 2023 on atb-devel-224
- - - - -
bb34d932 by Rob van der Linde at 2023-05-05T04:58:30+00:00
dsdb/tests: fix assignment to for loop variable
because the loop variables are all called 'k' and the inner and outer loop both use 'k'.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18cbec4b by Rob van der Linde at 2023-05-05T04:58:30+00:00
s4/scripting: fix a few invalid docstring args
One arg "dn" was removed, the others just had a typo.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c19775a by Rob van der Linde at 2023-05-05T04:58:30+00:00
s4/scripting: fix a few trailing semicolons in gen_{hresult,ntstatus,werror}.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3eccaf5d by Rob van der Linde at 2023-05-05T04:58:30+00:00
s4/dsdb: fix unnecessary backslash
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fcb675a by Rob van der Linde at 2023-05-05T05:54:11+00:00
s4/scripting: fix % len(res) was in the wrong place
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 5 05:54:11 UTC 2023 on atb-devel-224
- - - - -
46ae5568 by Dmitry Antipov at 2023-05-09T01:59:32+00:00
lib:ldb: do not offset against NULL pointer in ldb_ldif_read()
Fix the following error observed running samba.test.registry
compiled with clang-17 and UBsan:
lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer
#0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881
#1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004
#2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113
#3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929
#4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
[... a lot of Python calls skipped...]
I.e. number of elements should be checked against zero
before making an attempt to access an element by index.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9755206f by Dmitry Antipov at 2023-05-09T01:59:32+00:00
s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list()
Strictly speaking, this is not a bug because parsing loop will just skip
an empty ({NULL}, 0) blob. But it's better to avoid this case because
UBSan (as of clang-17 at least) may complain on such a parsing attempt:
source4/ntvfs/posix/posix_eadb.c:56:62: runtime error: applying zero offset to null pointer
#0 0x7f9d71ce7b2a in posix_eadb_add_list source4/ntvfs/posix/posix_eadb.c:56
#1 0x7f9d71ce7b2a in push_xattr_blob_tdb_raw source4/ntvfs/posix/posix_eadb.c:178
#2 0x7f9d71cec1f5 in py_wrap_setxattr source4/ntvfs/posix/python/pyposix_eadb.c:64
#3 0x7f9d88bd4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
[... a lot of Python calls skipped...]
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1dbdeaa8 by David Mulder at 2023-05-09T01:59:32+00:00
gp: get_gpo() should re-raise the Exception, not return
If we return from this failure, then `new_gpo` is
set to `None` and we will fail in some obscure
way within a CSE later (since we append `None` to
the GPO list). Instead, re-raise the Exception so
we see that an error happened when fetching the
GPO.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ac65fdf by Joseph Sutton at 2023-05-09T01:59:32+00:00
build:wafsamba: Fix TypeError in read_submodule_status()
parts = l.split(" ")
^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f633389f by Volker Lendecke at 2023-05-09T01:59:32+00:00
winbind: Test wbinfo -u with more than 1000 users
winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has
NTSTATUS samr_LookupRids(
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_rids,
[in,size_is(1000),length_is(num_rids)] uint32 rids[],
[out,ref] lsa_Strings *names,
[out,ref] samr_Ids *types
);
limiting num_rids to 1000 entries. Test this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6206e15b by Volker Lendecke at 2023-05-09T02:58:45+00:00
winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224
- - - - -
5e8c7192 by Volker Lendecke at 2023-05-16T10:53:40+00:00
libcli: Add security_token_count_flag_sids()
To be used in a few places when checking special-case Samba SIDs.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
244ee8ad by Volker Lendecke at 2023-05-16T10:53:40+00:00
smbd: Use security_token_count_flag_sids() in open_np_file()
Simpler logic in the caller
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1d11e048 by Volker Lendecke at 2023-05-16T10:53:40+00:00
librpc: Simplify dcerpc_is_transport_encrypted()
Simplify logic by using security_token_count_flag_sids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ebbb93cc by Volker Lendecke at 2023-05-16T10:53:40+00:00
rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
31180e0e by Volker Lendecke at 2023-05-16T10:53:40+00:00
rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
More code, but will be more flexible in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bdba027a by Volker Lendecke at 2023-05-16T10:53:40+00:00
rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bb3ea36e by Volker Lendecke at 2023-05-16T10:53:40+00:00
lib: Add security_token_del_npa_flags() helper function
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
59694ad0 by Volker Lendecke at 2023-05-16T11:54:32+00:00
rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
- - - - -
844eb073 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
python: Move helper functions for functional levels into a new file
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
7953a9ba by Andrew Bartlett at 2023-05-16T23:29:32+00:00
samba-tool domain provision: Use common functional_level.string_to_level()
This is instead of manually parsing the functional level strings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e5c3e076 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
5d5fd012 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
python: Add function to get the functional level as a python intger from smb.conf
The lp.get() returns the normalised string from the enum handler
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f94f174d by Joseph Sutton at 2023-05-16T23:29:32+00:00
samba-tool domain provision: Use "ad dc functional level" to control max functional level
This allows the DC to self-declare a higher level and so allow a 2016
domain to be created, for testing and controlled implementation purposes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9f3dcf0e by Andrew Bartlett at 2023-05-16T23:29:32+00:00
samba-tool domain join: Allow "ad dc functional level" to change which
level we claim to be during an AD join
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8de7d28f by Andrew Bartlett at 2023-05-16T23:29:32+00:00
selftest: Move linked_attributes test to ad_dc selftest environment
The ad_dc_ntvfs environment will be set to use a 2008 schema
(matching the 2008 FL it runs at) and this test needs a 2016 schema.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
cbfcbfb0 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
Use --base-schema=2008_R2 on ad_dc_ntvfs, which opeates at FL2008
This will allow fl008dc to become an alias of ad_dc_ntvfs again.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
28740586 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
selftest: Return fl2008dc to being an alias for ad_dc_ntvfs
The change to make this independent in fc9845da69cabcc1bf046d7899b2c4aeae743170
was incorrect, as no distinct name was specified so this would conflict with
the ad_dc_ntvfs environment over the IP and name "localdc".
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0252941b by Andrew Bartlett at 2023-05-16T23:29:32+00:00
selftest: Allow provision_ad_dc() to take functional_level as an argument
The $$$$$$$ is removed as it does not do what you think it does.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
72335e74 by Andrew Bartlett at 2023-05-16T23:29:32+00:00
selftest: Change ad_dc environment to be 2016 functional level
This is not yet supported in full, but this makes ad_dc match our full set of available features.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
cea9b255 by Dmitry Antipov at 2023-05-16T23:29:32+00:00
lib:util: prefer size_t for random data generation functions
Prefer 'size_t' over 'int' in generate_random_buffer(),
generate_secret_buffer() and generate_nonce_buffer() to
match an underlying gnutls_rnd() calls.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80431fe7 by Dmitry Antipov at 2023-05-16T23:29:32+00:00
pyglue: use Py_ssize_t in random data generation functions
Prefer 'Py_ssize_t' over 'int' in random data generation functions
to match both Python and (internally used through the library layer)
GnuTLS APIs, and use PyUnicode_FromStringAndSize() where the data
size is known.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Fixed comments to correctly match the
new check for just negative numbers]
- - - - -
76b15ec1 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb:tests: Refactor ACL test
Use more specific unittest methods; remove some unused variables.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e5d08c9 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb:tests: Refactor confidential attributes test
Use more specific unittest methods, and remove unused code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3eb95c87 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb:tests: Refactor security descriptor test
Use more specific unittest methods.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a2b1878 by Joseph Sutton at 2023-05-16T23:29:32+00:00
samba-tool domain: Use result of setup_local_server() instead of object field
The code is clearer if we consistently refer to the same variables.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9501f2a by Joseph Sutton at 2023-05-16T23:29:32+00:00
samba-tool domain: Remove unnecessary variable
It is conciser to use ‘r’ to refer to update_forest_info.entries[i].
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2236daa7 by Joseph Sutton at 2023-05-16T23:29:32+00:00
pytest/password_lockout: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5ff0859 by Joseph Sutton at 2023-05-16T23:29:32+00:00
pytest/password_lockout: Use more specific assertion methods
These methods produce better error messages if an assertion fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b598a4b by Joseph Sutton at 2023-05-16T23:29:32+00:00
pytest/password_lockout: Use correct variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d1d3b73 by Joseph Sutton at 2023-05-16T23:29:32+00:00
pytest/password_lockout: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db5ef4e2 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4-dsdb:large_ldap: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23a67d59 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4-dsdb:large_ldap: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a8db072 by Joseph Sutton at 2023-05-16T23:29:32+00:00
auth: Return status code if configuration prohibits NTLM
Currently, we rely on ‘stored_nt’ being NULL to give an
NT_STATUS_WRONG_PASSWORD error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d6e4473 by Joseph Sutton at 2023-05-16T23:29:32+00:00
python:tests: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f573177c by Joseph Sutton at 2023-05-16T23:29:32+00:00
python: Safely clear structure members
Using Py_CLEAR() ensures that these structures are observed in a
consistent state by any Python code that may run during deconstruction.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1281b80 by Joseph Sutton at 2023-05-16T23:29:32+00:00
samba-tool domain: Run in interactive mode if no args are supplied
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15363
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21b23a7d by Joseph Sutton at 2023-05-16T23:29:32+00:00
netlogon:schannel: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07e53939 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4-auth: Log correct function name
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5bd55fe by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:auth: Check ldb_binary_encode_string() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d9a2c31 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb: Check ldb_binary_encode_string() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
92ad2c7b by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce176425 by Joseph Sutton at 2023-05-16T23:29:32+00:00
s4:dsdb: Check return value of allocation functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8296b688 by Joseph Sutton at 2023-05-17T00:24:38+00:00
s4:torture: Replace calls to deprecated function
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 17 00:24:38 UTC 2023 on atb-devel-224
- - - - -
e03e738d by Stefan Metzmacher at 2023-05-17T07:34:28+00:00
librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
We should not limit the possible encryption algorithms to the currently
known ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224
- - - - -
56d98e97 by Joseph Sutton at 2023-05-18T01:03:37+00:00
samba-tool domain: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d609ee5 by Joseph Sutton at 2023-05-18T01:03:37+00:00
samba-tool domain: Clean up code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3063abbf by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18b24f95 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Improve edata checking
Instead of guessing based on a heuristic whether we have KERB_ERROR_DATA
or METHOD_DATA in the ‘e-data’ field, decode it first as KERB_ERROR_DATA
and fall back to METHOD_DATA if that fails.
The environment variable EXPECT_NT_STATUS indicates that the KDC
supports returning a status code in the e-data field.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3424c6d2 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Test that NT_STATUS_ACCOUNT_LOCKED_OUT is returned in KDC reply e-data
Certain clients rely on this behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78cca141 by Joseph Sutton at 2023-05-18T01:03:37+00:00
netlogon:schannel: Fix NULL pointer dereference
We should not pass a NULL pointer into netlogon_creds_client_init().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
031f1c76 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Rename ‘server’ to ‘dc_server’
This makes it more clear that this is in fact the DC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c1ab6036 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Allow specifying machine credentials to _test_samlogon()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53b62429 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Allow server and workstation accounts to perform a SamLogon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9b66629 by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Allow specifying whether PA-DATA types are to be checked
Not all tests are intended to test that the correct PA-DATA types are
returned. This parameter allows us to skip checking for cases where we
don’t care.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84a7ae8e by Joseph Sutton at 2023-05-18T01:03:37+00:00
tests/krb5: Add tests for authentication policies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12fd8274 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Make use of KDC_REQUEST_KV_PA_NAME constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdb1047b by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c782dd2f by Joseph Sutton at 2023-05-18T01:03:37+00:00
libcli: Add missing include
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a78a8b3 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Add missing includes and declarations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbdb3bf8 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Factor out PAC blob functions into new source file
pac-glue.c has become rather large, and can do without these PAC
blob–handling functions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60803ea8 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
798be592 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Fix debugging strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f948f9cb by Joseph Sutton at 2023-05-18T01:03:37+00:00
s3:utils: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
024e5f7e by Joseph Sutton at 2023-05-18T01:03:37+00:00
auth: Remove unnecessary return statements
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2e752b5 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:auth: Split out new function to generate a security token
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9aaedb15 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:auth: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a9d057e by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Make use of auth_generate_security_token()
We don’t need the whole session info structure to perform an access
check.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
02e6970a by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96a64b05 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Remove double-free
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f7f55da by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Remove double-free
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
451f221b by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Check ldb_dn_new() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad14287d by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Fix error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d8a7e16 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Fix diagnostic messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1de2feef by Joseph Sutton at 2023-05-18T01:03:37+00:00
auth: Correct parameter order in header
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
263deae7 by Joseph Sutton at 2023-05-18T01:03:37+00:00
auth: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34080e88 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:auth: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89d30cdf by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:auth: Remove superfluous semicolon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4440f1db by Joseph Sutton at 2023-05-18T01:03:37+00:00
lib:audit_logging: Add function to add flags to a JSON message
This replaces a couple of calls to snprintf() in
log_authentication_event_json() and log_successful_authz_event_json()
respectively.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
00801484 by Joseph Sutton at 2023-05-18T01:03:37+00:00
lib:audit_logging: Add function to add an optional boolean value to a JSON message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7b68236 by Joseph Sutton at 2023-05-18T01:03:37+00:00
lib:audit_logging: Add function to add a formatted time value to a JSON message
json_add_timestamp() is limited to adding a ‘timestamp’ field with the
current time. The new function can add an arbitrary timestamp with an
arbitrary field name.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32b49d8a by Joseph Sutton at 2023-05-18T01:03:37+00:00
lib:audit_logging: Fix typo in log message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ff7d6c5 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Add NTSTATUS strings to log messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cc0b765 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:auth: Add function to make a shallow copy of an auth_user_info_dc structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
633ebe1b by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Make a proper shallow copy of the auth_user_info_dc structure
Just copying the structure fields is prone to lead to use-after-frees if
we access them after the original structure and its fields are freed.
Instead, call authsam_shallow_copy_user_info_dc() to make the copy. This
properly references the fields in the original structure so that they
will not be freed until we are sure we have finished with them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f547cf1d by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Add helper functions for authentication policies
These functions are not yet used.
They are arranged into two libraries: ‘authn_policy’, containing the
core functions, and ‘authn_policy_util’, containing utility functions
that can access the database. This separation is so that libraries
depended upon by ‘samdb’ or ‘dsdb-module’ can use the core functions
without introducing a dependency cycle.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eeebd488 by Joseph Sutton at 2023-05-18T01:03:37+00:00
third_party/heimdal: Import lorikeet-heimdal-202305160500 (commit 8836d64dee78a74aa740e31b7ad406b8a8cfdad0)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9eaff7e8 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Add SDB_F_ARMOR_PRINCIPAL flag
This corresponds with the HDB_F_ARMOR_PRINCIPAL flag in Heimdal, and
indicates a lookup of an armor ticket client principal, rather than the
principal of the main TGT. This helps us to determine whether an
authentication policy will apply to a principal acting as a client, and
hence whether we have to look up the policy in the database.
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1212ffe by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Make maximum lifetime and renew time signed
This is now consistent with Heimdal, and with our usage of time_t
elsewhere.
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fdff371 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Look up authentication policies for Kerberos clients and servers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d9863cf by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Enforce TGT lifetime authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10d6d77a by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Have get_claims_for_principal() take the entire principal
The ldb_message contains more information than just the DN, such as
which authentication policy or silo is assigned.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1f8cb06 by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Don’t perform unnecessary search to get account objectClass
We now have this information in the ldb_message.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
420fae5d by Joseph Sutton at 2023-05-18T01:03:37+00:00
s4:kdc: Make use of dsdb_search_one()
Ensure we get exactly one object back, or an error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ee5c80e by Joseph Sutton at 2023-05-18T01:58:24+00:00
s4:kdc: Add support for constructed claims (for authentication silos)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 18 01:58:24 UTC 2023 on atb-devel-224
- - - - -
7266924b by Joseph Sutton at 2023-05-18T04:53:29+00:00
s4:kdc: Use talloc_get_type_abort()
We dereference this pointer immediately after this call, so we should be
sure it is not NULL.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d3c3f06 by Joseph Sutton at 2023-05-18T04:53:29+00:00
tests/krb5: Be less particular about expected status codes for S4U tests
Samba doesn’t return a status code for these error cases, so lower our
expectations of getting them.
We don’t have to add ‘'expect_status': None’ to all these test cases,
but this makes it clear at a glance that ‘expected_status’ isn’t
actually being checked, and gives us the opportunity to change this
aspect of each individual test in the future.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a3f764f by Joseph Sutton at 2023-05-18T04:53:29+00:00
tests/krb5: Be less particular about getting NTSTATUS codes for KDC TGS tests
Samba currently doesn’t return a status code in these error cases.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d211d700 by Joseph Sutton at 2023-05-18T04:53:29+00:00
tests/krb5: Set expected_status even if expect_status is not true
We might get an NTSTATUS code even if we aren’t explicitly saying that
we expect one.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28cffae4 by Joseph Sutton at 2023-05-18T04:53:29+00:00
s4:kdc: Use more suitable type for final_ret
This now matches the return type of the function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
041f7005 by Joseph Sutton at 2023-05-18T04:53:30+00:00
s4:kdc: Add function to attach an NTSTATUS code to a Kerberos request structure
Our KDC plugin can use this to store NTSTATUS codes that can be added to
the final KDC reply later.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90436389 by Joseph Sutton at 2023-05-18T04:53:30+00:00
third_party/heimdal: Import lorikeet-heimdal-202305170245 (commit 9c903d03c31ec96af79e2723e3ae41890dd83122)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
637fd961 by Joseph Sutton at 2023-05-18T04:53:30+00:00
s4:kdc: Add NTSTATUS e-data to KDC reply
If an NTSTATUS code has been set in the KDC request structure, encode it
as KERB-ERROR-DATA and add it to the KDC reply.
hdb_samba4_set_ntstatus() adds the NTSTATUS code to the request
structure.
hdb_samba4_get_ntstatus() gets that status code back from the request
structure.
hdb_samba4_set_edata_from_ntstatus() encodes the status code and adds it
to the reply.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e176d85 by Joseph Sutton at 2023-05-18T04:53:30+00:00
s4:kdc: Remove manual addition of error data
This is now handled by the hdb_samba4_set_ntstatus() call above.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1109fbf by Joseph Sutton at 2023-05-18T04:53:30+00:00
tests/krb5: Move modify_requester_sid_time() to RawKerberosTest
We shall make use of it in KdcTgsTests.
Also move add_requester_sid(), which this function depends upon.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
787b701e by Joseph Sutton at 2023-05-18T04:53:30+00:00
tests/krb5: Use consistent time between get_KerberosTime() calls
Otherwise get_KerberosTime() calls time.time() itself, the value of
which can change between calls.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
748fa19a by Joseph Sutton at 2023-05-18T04:53:30+00:00
tests/krb5: Change ‘sid’ parameter into optional ‘requester_sid’ parameter
This is so callers can modify the lifetime of a ticket without
necessarily changing the requester SID.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b1bd267 by Joseph Sutton at 2023-05-18T04:53:30+00:00
tests/krb5: Rename modify_requester_sid_time() to modify_lifetime()
...now that the requester SID parameter is optional.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53c47698 by Joseph Sutton at 2023-05-18T04:53:30+00:00
tests/krb5: Add tests presenting short-lived ticket in various scenarios
With the Heimdal KDC, we erroneously accept short-lived FAST and
user-to-user tickets.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99f31cab by Joseph Sutton at 2023-05-18T04:53:30+00:00
third_party/heimdal: Import lorikeet-heimdal-202305172147 (commit dedb12e3db6e3e5b87869e77f1f1d2ee1f0d32a0)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
303d2109 by Joseph Sutton at 2023-05-18T05:49:31+00:00
s4:kdc: Check lifetime of correct ticket
The ticket returned by kdc_request_get_ticket() is the main TGT
presented in a TGS-REQ. If we’re verifying a FAST armor ticket or a
user-to-user ticket, make sure we check the lifetime of that ticket
instead. To do this we need to pass the appropriate ticket into the
plugin function.
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 18 05:49:31 UTC 2023 on atb-devel-224
- - - - -
25b2c07a by SATOH Fumiyasu at 2023-05-19T00:29:33+00:00
build:wafsamba: Allow lib for CHECK_VALUEOF()
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e4808685 by SATOH Fumiyasu at 2023-05-19T00:29:33+00:00
build:waf: Check value of GNU_TLS_* with detected env
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ce31acf2 by SATOH Fumiyasu at 2023-05-19T00:29:33+00:00
selftest: Report "unknown environment" if setup returns "UNKNOWN"
Samba*::setup_*() may return the string "UNKNOWN".
```
$ ./configure --with-ads ...
...
$ make
...
$ make test
...
Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at /.../samba-4.18.2/selftest/target/Samba.pm line 131.
```
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
de009c19 by SATOH Fumiyasu at 2023-05-19T00:29:33+00:00
tests: Replace iconv(1) UTF-16LE conversion with a python3 call
GNU libiconv and its iconv(1) do NOT define 'utf16le' as
an alias of 'UTF-16LE' encoding.
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f1a204d3 by David Mulder at 2023-05-19T01:23:19+00:00
gp: sshd policy correctly sort policy
The sshd_config man page says that key value
pairs 'the first obtained value will be used'.
So we need to sort policies from last to first.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 19 01:23:19 UTC 2023 on atb-devel-224
- - - - -
7e32c765 by Joseph Sutton at 2023-05-24T00:50:30+00:00
s4:kdc: Note correct constant
KRB5_PADATA_PW_SALT is wrong. It’s an unrelated constant that just
happens to share the same value.
Heimdal uses the correct constant, kERB_ERR_TYPE_EXTENDED.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98fcd474 by Joseph Sutton at 2023-05-24T00:50:30+00:00
pyglue: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5df0b46 by Joseph Sutton at 2023-05-24T00:50:30+00:00
pyglue: Check generate_random_str() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a57b1cc0 by Joseph Sutton at 2023-05-24T00:50:31+00:00
pyglue: Raise an exception on error
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f320b73b by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Remove incorrect function names in messaging.Messaging()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6b1307a by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Document lp_ctx parameter of messaging.Messaging()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48602b0e by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Add more helpful error message for a wrongly-sized tuple
>>> m = Messaging((1,2,3,4,5))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: function takes exactly 1 argument (5 given)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e29c3374 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77d8b676 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging: Return the number of previously-registered functions that are removed
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b22c2179 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfd80303 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28536f32 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix callback return value leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c67cac6 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Check py_return_ndr_struct() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ce96c9e by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix leak of p_server_id
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca987dcb by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1a1adb7 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4/messaging/py: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
480060ec by Joseph Sutton at 2023-05-24T00:50:31+00:00
selftest: Report better error message if environment is unknown
Now we get the error “environment [...] is unknown” rather than “samba
can't start up known environment”.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0ec5763 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:kdc: Allocate user_info_dc->sids on correct talloc context
‘user_info_dc->sids’ must live for at least as long as ‘user_info_dc’,
or a use-after-free may result.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46677077 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:auth: Allocate user_info_dc->sids on correct talloc context
‘user_info_dc->sids’ must live for at least as long as ‘user_info_dc’,
or a use-after-free may result.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc212116 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:kdc: Make functions static
These functions are used only internally.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e843e590 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:kdc: Make parameters const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65923be9 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:kdc: Use talloc_steal() rather than talloc_reference()
This is consistent with the other uses in this file (in
authn_policy_ntlm_client() and authn_policy_server()).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
281b616a by Joseph Sutton at 2023-05-24T00:50:31+00:00
lib:audit_logging: Check return value of json_new_object()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ce2803f by Joseph Sutton at 2023-05-24T00:50:31+00:00
lib:audit_logging:tests: Check return value of json_new_{object,array}()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80b37520 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s3:utils: Check return value of json_new_object()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
200117f5 by Joseph Sutton at 2023-05-24T00:50:31+00:00
audit_tests: Check return value of json_new_array()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8dea2a43 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4:kdc: Move parameter comments adjacent to parameters
This is more consistent with the non-NULL parameters, and makes it
easier to swap in the real values when we get them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f89b0cdb by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/audit_log: Pre-compile GUID regex
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b421d2d5 by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/auth_log_winbind: Expect an empty remote address
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78199057 by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/auth_log: Don’t silently override remoteAddress
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea7b82ad by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/auth_log: Call setUpClass() method of base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59378ddd by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/auth_log: Rename ‘self’ parameter to ‘cls’
This method operates on the class, not on an instance of the class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
715c45da by Joseph Sutton at 2023-05-24T00:50:31+00:00
tests/auth_log: Simplify isRemote()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9e12a8d by Joseph Sutton at 2023-05-24T00:50:31+00:00
pyldb: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2892010 by Joseph Sutton at 2023-05-24T00:50:31+00:00
pytest: dcerpc/dnsserver: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e77c249d by Joseph Sutton at 2023-05-24T00:50:31+00:00
pytest: dcerpc/dnsserver: Call setUpClass() method of base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22d0aa53 by Joseph Sutton at 2023-05-24T00:50:31+00:00
s4-dsdb:large_ldap: Call setUpClass() method of base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
089f555e by Andrew Bartlett at 2023-05-24T00:50:31+00:00
librpc/idl: Merge missing bits into nbt_server_type in nbt.idl
These bits are defined in netr_DsR_DcFlags in netlogon.idl already.
We need these new bits to announce FL 2012R2 and 2016 support.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4caab32f by Andrew Bartlett at 2023-05-24T00:50:31+00:00
librpc/idl: Use nbt_server_type instead of netr_DsR_DcFlags netlogon.idl
We should not keep two idential bitfield tables in two nearby IDL files.
However a number of python files in Samba and in freeIPA use the nbt.NBT_SERVER_*
constants, so these are the better names to keep.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a5235a9d by Andrew Bartlett at 2023-05-24T01:52:28+00:00
librpc/idl: Alias the DS_ constants in netlogon.idl to the NBT_SERVER equivilants
Both the NBT_SERVER versions (in python scripts) and DS_ constants are
in use in freeIPA so we can not just drop one for the other without
discussion.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 24 01:52:28 UTC 2023 on atb-devel-224
- - - - -
b4af281b by Ralph Boehme at 2023-05-24T20:41:38+00:00
CI: add a test that checks the dosmode of symlinks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
03911200 by Ralph Boehme at 2023-05-24T20:41:38+00:00
smbd: zero intialize SMB_STRUCT_STAT in vfswrap_readdir()
Avoid returning an uninitialized st.cached_dos_attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41237398 by Ralph Boehme at 2023-05-24T21:42:50+00:00
smbd: also reset struct stat_ex.cached_dos_attributes in SET_STAT_INVALID()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 24 21:42:50 UTC 2023 on atb-devel-224
- - - - -
59eadfe2 by Ralph Boehme at 2023-05-25T23:59:33+00:00
CI: add a test for fruit AppleDouble conversion when deletion triggers conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b91a8ba by Ralph Boehme at 2023-05-25T23:59:33+00:00
vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
06f0c070 by Ralph Boehme at 2023-05-25T23:59:33+00:00
vfs_fruit: never return AFP_Resource stream for directories
The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.
To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with
fruit:delete_empty_adfiles = true
fruit:wipe_intentionally_left_blank_rfork = true
will happily discard the AFP_Resource from the AppleDouble file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55bd1045 by Ralph Boehme at 2023-05-25T23:59:33+00:00
libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:
* client sends a CREATE with delete access
* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory
* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:
* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered
* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:
* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION
This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3bf97f19 by Ralph Boehme at 2023-05-25T23:59:33+00:00
vfs_fruit: just log failing AppleDouble conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
035f6d91 by Ralph Boehme at 2023-05-26T00:52:29+00:00
vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
- - - - -
dc0d96b0 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy
KDCBaseTest is the only class that makes use of it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1b7d756 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/krb5: Don’t cache accounts with an assigned policy or silo
Such accounts are virtually never reused. Not caching them (thus
deleting them early) grants significant time savings.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72d5a5a3 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Pre-compile GUID regex
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffda69f2 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/audit_log: Correctly check for GUID
Pattern.match() only checks the starting portion of the string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c17d56c by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Correctly check for GUID
Pattern.match() only checks the starting portion of the string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1923abe7 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Rename ‘self’ parameter to ‘cls’
This method operates on the class, not on an instance of that class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40425672 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Rename ‘self’ parameter to ‘cls’
This method operates on the class, not on an instance of that class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7ad25a7 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/audit_log: Remove unneeded len() call
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af9d1a3d by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Remove unneeded len() call
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2e8c869 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Correctly get lp_ctx
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1884e80 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/audit_log: Make discardMessages() more reliable
It can take two or three calls to msg_ctx.loop_once() before a message
comes in. Make sure we get all of the messages.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c1ea54c by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Expect no messages when changing a non-existent user’s password
These log messages come from setUp(), and the fact that we are getting
them is merely a side-effect of the unreliability of discardMessages().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47a0b9a4 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Make discardMessages() more reliable
It can take two or three calls to msg_ctx.loop_once() before a message
comes in. Make sure we get all of the messages.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cb869dc by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Call discardMessages() on class
This makes it clearer that discardMessages() operates on the class.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d68ef23 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/audit_log: Remove unnecessary checks
These attributes are always truthy.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a05a9a3e by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Remove unnecessary check
This attribute is always truthy.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76e87c62 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/audit_log: Add missing call to tearDown()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de4ce89e by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Add missing call to tearDownClass()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20ba6e48 by Joseph Sutton at 2023-05-29T22:32:28+00:00
tests/auth_log: Remove debugging code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64207977 by Joseph Sutton at 2023-05-29T22:32:28+00:00
librpc/idl: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2641b4a2 by Joseph Sutton at 2023-05-29T22:32:28+00:00
samba-tool domain: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e14b5974 by Joseph Sutton at 2023-05-29T22:32:28+00:00
net_ads: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f75b980f by Joseph Sutton at 2023-05-29T22:32:28+00:00
s4:torture: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
838cdd16 by Joseph Sutton at 2023-05-29T22:32:28+00:00
s4:torture: Consistently use NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5dfb090d by Joseph Sutton at 2023-05-29T22:32:28+00:00
s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2()
We would unconditionally log "samr_ChangePasswordUser3", which was
misleading.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63c228f8 by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Fix f-strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c51bffa8 by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Exclude Python test directories
Practically all of our Kerberos tests are excluded already. Many of our
tests aren’t marked as executable, and so aren’t being checked anyway.
Rather than having a large list of exclusions which one may easily
forget to update, just exclude the test directories.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2009166e by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d308136a by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Initialize global variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7390eb12 by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Make script executable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb759809 by Joseph Sutton at 2023-05-29T22:32:28+00:00
python:tests: Ensure that we don’t overwrite tests
If the file iterator returns two entries with the same name, one may
overwrite the other.
script_iterator() currently ensures this won’t happen, but it pays to be
safe.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f692601 by Joseph Sutton at 2023-05-29T22:32:28+00:00
libcli: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1593c9e6 by Andrew Bartlett at 2023-05-29T22:32:28+00:00
selftest: Assert that we have a trust in samba.tests.getdcname
We must ensure this test cannot became inoperative because the
environment it was run against has no trust.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
920e1a5b by Andrew Bartlett at 2023-05-29T22:32:28+00:00
selftest: Rework samba.tests.getdcname not to use ncalrpc
This test is able to operate over the network, which aids testing against
a comparative windows DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2a0e5337 by Andrew Bartlett at 2023-05-29T23:29:50+00:00
selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work
We need to confirm this both for forwarded requests, and also for requests
direct to the possible DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon May 29 23:29:50 UTC 2023 on atb-devel-224
- - - - -
49537a41 by Andrew Bartlett at 2023-05-31T04:02:35+00:00
selftest: Change self.assertTrue(x is not None) -> self.assertIsNotNone(x)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3c25ddb1 by Andrew Bartlett at 2023-05-31T04:02:35+00:00
selftest: Fix remaining incorrect references to 2012 -> 2012R2 FL in GetDCNameEx test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6f30eca3 by Andrew Bartlett at 2023-05-31T04:02:35+00:00
sefltest: Improve getdcname test by confirming the _REQUIRED flag behaviours
We do this by checking what the underlying CLDAP netlogon call returns.
This also validates that behaviour.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ff310caa by Andrew Bartlett at 2023-05-31T04:02:35+00:00
librpc: No longer consider the DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED bits as invalid
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
63e2db82 by Andrew Bartlett at 2023-05-31T04:02:36+00:00
s4-libads: Confirm newer functional levels in check_cldap_reply_required_flags()
This will allow us to require that the target DC has FL 2008,
2012, 2012R2 or 2016.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0f3abb29 by Andrew Bartlett at 2023-05-31T04:02:36+00:00
s3-libads: Also handle the DS_WEB_SERVICE_REQUIRED flag in check_cldap_reply_required_flags()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9aa440d5 by Andrew Bartlett at 2023-05-31T04:59:01+00:00
s4-rpc_server: Filter via dsdb_dc_functional_level() before we are returning a lookup directly
Otherwise, punt to winbindd to see if another DC has this capability.
This allows a FL2008-emulating DC to forward a request to a
2012R2-emlating DC, particularly in another domain.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 31 04:59:01 UTC 2023 on atb-devel-224
- - - - -
a08f8b2a by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
smb2_server: optimize SMB2_OP_KEEPALIVE (SMB2 Echo)
This is not strictly needed, but it helps profiling
the core smb2_server.c code with the 'smb2.bench.echo'
test.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ff259bd1 by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
smbprofile: add smbprofile_active() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6e848f9d by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
s3:smbd: only do profiling overhead in smbd_tevent_trace_callback() when needed
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
be5e4d16 by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
smb2_server: use MSG_DONTWAIT to get non-blocking send/recvmsg
It means we can make the fd blocking, which will help
with io_uring support.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bfb1494e by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
lib/util: use RUNNING_ON_VALGRIND to check if valgrind is used
We should not skip all of close_low_fd() just because we
detected valgrind headers at build time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
77c92568 by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
lib/replace: check for valgrind/callgrind.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e03ccb5b by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
smb2_negprot: add CALLGRIND_START_INSTRUMENTATION after SMB2 negprot
This allows us to support starting smbd under callgrind and only start
the overhead and instrumentation after the SMB2 negprot, this allows us
to profile only useful stuff and not all the smbd startup, forking and
multichannel handling.
This will do the trick:
valgrind --tool=callgrind --instr-atstart=no smbd
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d01db89d by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
s4:torture/smb2: move benchmarking tests to bench.c
I'll add more tests there soon
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
56488363 by Stefan Metzmacher at 2023-06-01T07:20:31+00:00
s4:torture/smb2: add --option="torture:looplimit=150000" to smb2.bench.echo
Also see the commit message of 23988f19e7cc2823d6c0c0f40af0195d0a3b81bf
for other examples...
This test calls SMB2_Echo in a loop per connection.
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.echo \
--option="torture:timelimit=600" \
--option="torture:looplimit=150000" \
--option="torture:nprocs=1" \
--option="torture:qdepth=1"
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
In order to do profiling and being able to compare the
profiles between runs, it is important to produce the
exact same load in each run, which is not possible
with the typical --option="torture:timelimit=600".
E.g. when the server runs under 'valgrind --tool=callgrind bin/smbd'
I typically run without "torture:looplimit" first in order to
see, which rate is possible per second, then I'll add a
"torture:looplimit" in order to run about half of the timelimit.
Then the looplimit should run for some time, but finish
before the timelimit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5303f6f7 by Stefan Metzmacher at 2023-06-01T08:14:23+00:00
s4:torture/smb2: add smb2.bench.read test
This test opens one file for each loop (for nprocs * qdepth loops)
and for each file it loops in read requests for the first
io_size bytes.
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.read \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4" \
--option="torture:io_size=4096"
In order to generate constant load for profiles
--option="torture:looplimit=150000" can be used to stop
after the given number of loops before the timelimit hits.
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jun 1 08:14:23 UTC 2023 on atb-devel-224
- - - - -
52cb127f by Björn Baumbach at 2023-06-01T12:46:04+00:00
docs: fix a typo in history file
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Thu Jun 1 12:46:04 UTC 2023 on atb-devel-224
- - - - -
4804d6b8 by Volker Lendecke at 2023-06-01T21:00:36+00:00
tests: Make timelimit available to test scripts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e86234f3 by Volker Lendecke at 2023-06-01T21:00:36+00:00
tests: Show that we 100% loop in cli_list_old_recv()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f30f5793 by Volker Lendecke at 2023-06-01T21:54:41+00:00
libsmb: Fix directory listing against old servers
cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 1 21:54:42 UTC 2023 on atb-devel-224
- - - - -
9c24f853 by Jones Syue at 2023-06-02T09:48:17+00:00
smbd: remove comments about deprecated 'write cache size'
The option 'write cache size' was removed since samba-4.12 version:
https://wiki.samba.org/index.php/Samba_4.12_Features_added/changed
https://git.samba.org/?p=samba.git;a=commit;h=3fea05e0
https://git.samba.org/?p=samba.git;a=commit;h=728fabea
It is supposed to remove comments about deprecated 'write cache size',
in order to avoid confusion when reading source code and documents.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15383
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jun 2 09:48:17 UTC 2023 on atb-devel-224
- - - - -
22ab42c1 by Noel Power at 2023-06-04T12:42:16+00:00
s3/utils: avoid erronous NO MEMORY detection
since 5cc3c1b5f6b0289f91c01b20989558badc28fd61 if we don't have
a realm specified either on cmdline or in conf file we try to
copy (talloc_strdup) a NULL variable which triggers a NO_MEMORY
error when we check the result of the copy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15384
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jun 4 12:42:16 UTC 2023 on atb-devel-224
- - - - -
c7704d2d by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused smb2_srv_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fa8a1e1 by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove SMB_PERFCOUNT_ macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d342be5b by Volker Lendecke at 2023-06-05T17:17:35+00:00
modules: Remove perfcount_test module
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12f1d94a by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "pcd" arg from smb1_srv_send()
Looks larger than it is, "git clang-format" added a few lines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f13b8b10 by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "deferred_pcd" from process_smb2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
625056af by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "deferred_pcd" from construct_reply_chain()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43f64955 by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "pcd" from struct smb_request
After the macros went away, nobody read this anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15503566 by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "deferred_pcd" from construct_reply()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5adbc366 by Volker Lendecke at 2023-06-05T17:17:35+00:00
smbd: Remove unused "deferred_pcd" from process_smb1()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2dcc0fd by Volker Lendecke at 2023-06-05T17:17:36+00:00
smbd: Remove unused "deferred_pcd" from process_smb()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a5ac20a by Volker Lendecke at 2023-06-05T17:17:36+00:00
smbd: Remove unused "pcd" from struct pending_message_list
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e793357 by Volker Lendecke at 2023-06-05T18:13:05+00:00
smbd: Remove smb1-only perfcount subsystem
This never took off outside of a special OEM setup.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 5 18:13:05 UTC 2023 on atb-devel-224
- - - - -
198a844f by SATOH Fumiyasu at 2023-06-06T08:34:55+00:00
third_party: Fix version of socket_wrapper and uid_wrapper
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 6 08:34:55 UTC 2023 on atb-devel-224
- - - - -
bb463798 by Łukasz Stelmach at 2023-06-06T08:35:36+00:00
Configure builtin heimdal to use KEYRING ccache
Signed-off-by: Łukasz Stelmach <l.stelmach at samsung.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
61f3e16d by Łukasz Stelmach at 2023-06-06T08:35:36+00:00
bootstrap: Add a note about cleaning bootstrap/
Signed-off-by: Łukasz Stelmach <l.stelmach at samsung.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fcedf551 by Björn Jacke at 2023-06-06T09:33:47+00:00
smbcacls/smbcquotas: check for valid UNC path
we used to strip the first two characters of the path and used that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2312
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jun 6 09:33:47 UTC 2023 on atb-devel-224
- - - - -
c9fa3dff by Pavel Filipenský at 2023-06-07T14:12:33+00:00
s3:script: Add samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
- - - - -
15fdf7b3 by Pavel Filipenský at 2023-06-07T14:12:33+00:00
docs-xml:manpages: Add man page for samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc6edc48 by Pavel Filipenský at 2023-06-07T15:06:07+00:00
WHATSNEW.txt: Improved winbind logging and samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 7 15:06:07 UTC 2023 on atb-devel-224
- - - - -
5c52f71c by Volker Lendecke at 2023-06-08T16:55:14+00:00
smbclient: Fix fd leak with "showacls;ls"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 8 16:55:14 UTC 2023 on atb-devel-224
- - - - -
4945b134 by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
288e591b by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Make SeekDir()/TellDir() static to dir.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e2de3a0 by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Simplify make_dir_struct()
We don't need the talloc_strdup and thus we can return void.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d14b1e2d by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Add dptr_FileNumber()
Return how many name entries have been returned from this dptr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4631270 by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Add dptr_RewindDir()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5aef4bb6 by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Do an early talloc_free() in fsp_attach_smb_fname()
name_str can pile up when reading directories, we don't talloc_free()
our stackframe before we have filled the whole readdir response packet.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73ebbb72 by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Do an early talloc_free() in reply_search()
Don't wait for the main loop to free file names no longer used.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6578dc9a by Volker Lendecke at 2023-06-08T17:39:39+00:00
smbd: Make reply_search() easier to understand
reply_search() is the only place in the code where we have to deal
with [MS-CIFS] 2.2.4.59.1 ResumeKey structures. This concentrates the
formatting of this to pure SMB1 code in reply_search(), moving away
knowledge about the format from smbd/dir.c's dptr_fill() and
dptr_fetch_fsp().
With this code we just count up the FileIndex from behaviour note
110. If the client is sane and sends us the last FileIndex we returned
to it in a subsequent search, we can completely avoid any
telldir/seekdir. If it skips back, with the new code we rewind and
re-readdir the directory. This will be slower for a very special
corner case, but it's a lot simpler to understand (at least to
me). Also, it avoids calling telldir/seekdir for every entry.
Tested both cases (sane and insane clients) manually with a modified
cli_list_old_done(). Not doing automated tests. If this breaks real
users, we'll fix it and write tests then.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23ca540a by Volker Lendecke at 2023-06-08T18:34:44+00:00
smbd: Remove unused dptr_fill() and dptr_fetch_fsp()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 8 18:34:44 UTC 2023 on atb-devel-224
- - - - -
75ec66c7 by Stefan Metzmacher at 2023-06-10T09:51:38+00:00
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
666a78a4 by Stefan Metzmacher at 2023-06-10T09:51:38+00:00
selftest: run tests with LANGUAGE=en_US
This is important in order to run /usr/bin/kpasswd from MIT...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62e18982 by Stefan Metzmacher at 2023-06-10T09:51:38+00:00
bootstrap: force use of LANGUAGE=en_US
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd0f9fc7 by Stefan Metzmacher at 2023-06-10T09:51:38+00:00
bootstrap: make sure we have gnutls-cli from gnutls-bin/gnutls-utils
We'll use it in some upcoming tests...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e40c86e9 by David Mulder at 2023-06-10T10:46:28+00:00
gp: Fix user apply failure when droping privs
When dropping privileges, gpupdate errored:
gpclass.py:1167: KeyError: "getpwnam(): name not found: <HOSTNAME>
apply_gp was incorrectly passing the hostname
instead of the username.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jun 10 10:46:28 UTC 2023 on atb-devel-224
- - - - -
f91c8bf8 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Fix trailing whitespace in winbindd_msrpc.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d5887205 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Fix trailing whitespace in winbindd_reconnect.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b67dc258 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Fix trailing whitespace in winbindd_cache.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
92b2eb9c by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Add lookup_aliasmem to winbindd_methods and implement it in all backends
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
38565ff2 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Add wbint_LookupAliasMembers to winbind interface
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b321cb1 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Add wb_alias_members_{send/recv}
wb_alias_members.c is very similar to wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fa7d9c13 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Convert wb_group_members_send() to resolve array of groups
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6bdd29a7 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
lib:dbwrap: Fix trailing whitespace in lib/dbwrap/dbwrap.h
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d8f7d244 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
lib:dbwrap: Add dbwrap_merge_dbs()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
47b3a5d0 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: s/wb_group_members_send/wb_alias_members_send/ for SID_NAME_ALIAS in wb_getgrsid_sid2gid_done()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f116cda3 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Remove SID_NAME_ALIAS code from rpc_lookup_groupmem()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
783c9d22 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Include local groups in _wbint_QueryGroupList
This is needed for GETGRENT to show also e.g. BUILTIN/users.
Otherwise the test_membership_user (local.nss.membership) would fail.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a1e611a8 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:winbind: Fix the default group for the 'Guest' user
If samlogon cache has no entry for the 'Guest' user, the group sid
should default to 'Guests' group.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09e853af by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s4:torture: Skip test_membership_user for users that get incorrectly assigned group sid
This commit should be removed once wb_queryuser() is fixed.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
99d42ed8 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
selftest: set 'winbind expand groups = 10' for ad_member_idmap_rid
This is for alias members tests.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
611444a2 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
tests: Fix idmap.rid.getgrnam for ad_member_idmap_rid with 'winbind expand groups = 10'
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c0b819e3 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:selftest: Add environ parameter to plansmbtorture4testsuite
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4cf5abb8 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s3:selftest: Pass environ to local.nss
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
33b3a51a by Pavel Filipenský at 2023-06-13T12:15:32+00:00
s4:torture: Limit run of test_membership_user() only to ad_member_idmap_rid
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
076d8524 by Pavel Filipenský at 2023-06-13T12:15:32+00:00
testprogs: Add test_alias_membership
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e0b1aaea by Pavel Filipenský at 2023-06-13T13:09:41+00:00
third_party: Update nss_wrapper to version 1.1.15
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 13 13:09:41 UTC 2023 on atb-devel-224
- - - - -
162787cd by Volker Lendecke at 2023-06-13T23:33:39+00:00
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5afcddb by Volker Lendecke at 2023-06-13T23:33:39+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4115a2e4 by Volker Lendecke at 2023-06-13T23:33:39+00:00
vfs: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ee821ae by Volker Lendecke at 2023-06-13T23:33:39+00:00
vfs: Remove two "== true"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e465b8e by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Use ISDOT() in exact_match()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f3df7dd by Volker Lendecke at 2023-06-13T23:33:39+00:00
testparm: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61c92306 by Volker Lendecke at 2023-06-13T23:33:39+00:00
conf: Fix wrong language in "dos charset" smb.conf.5 entry
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d9755c7c by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Modernize a few overlog DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4fce29de by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused "pst" parameter from dptr_SearchDir()
The only caller threw the result away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c80b3453 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused "poffset" parameter from dptr_SearchDir()
The only caller threw the result away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa77aa3e by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused "poffset" parameter from SearchDir()
The only caller threw the result away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4935c0b5 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Introduce "dir_hnd" helper variable in smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2498a48a by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Apply some README.Coding to call_trans2findfirst/next()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b725480 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Use dptr_RewindDir() instead of dptr_SeekDir(.., 0)
This is a more focused call.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae4d8ddb by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Eliminiate some dead code
If I'm not completely blind then there's no way how *pst can be a
valid stat. We did a SET_STAT_INVALID at the beginning of the
function, and there's no code path up to this if-statement that can
make *pst valid again.
Review with "git show -U40".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
abcc7e69 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Slightly simplify smbd_dirptr_lanman2_entry()'s overflow logic
No caller does anything with the smb_fname upon overflow, so we might
as well do an early return.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
adc7fb32 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Make get_dir_entry() static in SMB1-only code
We need to pass "conn" explicitly because dptr_struct is private to
dir.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4c669c1 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Avoid a few else branches in smb2_query_directory_next_entry()
There's early returns or gotos anyway
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91c76f65 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Simplify dptr_ReadDirName()
While trying to understand the ReadDirName() at the end of
dptr_ReadDirName() in a code path that was supposed to be just a
"stat"-style readdir with a non-wcard mask I came to the conclusion
that this was there to find dptr->wcard with a mangled
name. get_real_filename_at() already takes care of name mangling, so I
think I could eliminate a source of confusion by using it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b271757 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Add smbd_dirptr_push_overflow()
This saves the result of smbd_dirptr_get_entry() for later retrieval
in case we could not marshall it to the output buffer. Return this
entry when calling smbd_dirptr_get_entry() again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91fa49c1 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Avoid dptr_SeekDir() when overflowing the dir buffer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94648811 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused dptr_SeekDir()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99799bcd by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused _prev_offset arg from smbd_dirptr_get_entry()
Neither of the two callers looked at the result.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
baaa0c66 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Add dptr_struct->last_name_sent
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c5dca6d5 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Make dptr_ReadDirName() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be3232d1 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Do the "skip to resume name" in call_trans2findnext()
This is SMB1-only logic that can be removed from dir.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c37d6be2 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove unused dptr_SearchDir() and the dir cache
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2fbe361 by Volker Lendecke at 2023-06-13T23:33:39+00:00
smbd: Remove the offset argument from ReadDirName()
Nobody does anything with this anymore, we just call ReadDirName() in
sequence or do a RewindDir(). So we don't have to look at offsets as
given by the file system anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cac38aa3 by Volker Lendecke at 2023-06-14T00:26:55+00:00
vfs: Remove vfs telldir/seekdir functions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 14 00:26:55 UTC 2023 on atb-devel-224
- - - - -
585e4cdd by Björn Jacke at 2023-06-14T12:21:50+00:00
docs-xml: remove completely outdated Samba-Developers-Guide
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 14 12:21:50 UTC 2023 on atb-devel-224
- - - - -
f83baa27 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
selftest: Specify that DCs prepared with prepare_dc_testenv() to be 2016 capable
This allows the backup/restore process to pass once the DC startup
code confirms what DC level the domain functional level in the DB
is expecting.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8e895fc5 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
selftest: Split up tests in dsdb.py to avoid creating a user when not required
Creating a user is CPU intensive, particularly when a password is set
so avoid doing so if not required.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4919e8d8 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
dsdb: Indicate in rootdse.c why samdb_ntds_settings_dn() is not used
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b8a613b4 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
dsdb: Add routine to check the DB vs lp functional levels
This will be called at server startup (as well as from Python tests)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ae7f2b41 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
python/tests: Make helpful, stateless methods @classmethod and @staticmethod
This allows them to be used in setUpClass in tests.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c28e719b by Andrew Bartlett at 2023-06-14T22:57:34+00:00
selftest: Add unit tests of the DC startup FL check/update code
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4952cb88 by Andrew Bartlett at 2023-06-14T22:57:34+00:00
s4-server: Call dsdb_check_and_update_fl() during startup transaction.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ebaa0081 by Andreas Schneider at 2023-06-14T22:57:34+00:00
python:tests: Adopt safe_tarfile for extraction_filter raises
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8c90c66a by Andreas Schneider at 2023-06-14T22:57:34+00:00
python:safe_tarfile: Set extraction_filter for pythons providing it
It should be available for Python >= 3.11.4 but also has been
backported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
431f7698 by Andreas Schneider at 2023-06-14T22:57:34+00:00
python:safe_tarfile: Implement safer extractall()
This also checks for symlinks and hardlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f74f9f3 by Andreas Schneider at 2023-06-14T22:57:34+00:00
python:safe_tarfile: Improve safe extract()
This also checks for symlinks and hardlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
97a5ee4b by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/auth_log: Factor out isRemote()
This makes waitForMessages() easier to read.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49592b80 by Joseph Sutton at 2023-06-14T22:57:35+00:00
selftest: Assert trust realm is not None
This is consistent with the other tests in this file.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5905a633 by Joseph Sutton at 2023-06-14T22:57:35+00:00
pyldb: Raise an exception if ldb_dn_get_parent() fails
Such a failure could be caused by situations other than memory errors,
but a simple indication of failure is all that ldb_dn_get_parent() gives
us to work with.
We keep the old behaviour of returning None if the DN has no components,
which an existing test (ldb.python.api.DnTests.test_parent_nonexistent)
expects.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eda2466 by Joseph Sutton at 2023-06-14T22:57:35+00:00
pyldb: Check for allocation failure in py_ldb_dn_get_parent()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0743e11d by Joseph Sutton at 2023-06-14T22:57:35+00:00
samba-tool: Fix typo
Found by Rob van der Linde <rob at catalyst.net.nz>.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d93e340b by Joseph Sutton at 2023-06-14T22:57:35+00:00
samba-tool ou: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
234be6b0 by Joseph Sutton at 2023-06-14T22:57:35+00:00
samba-tool ou: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8f0ee53 by Joseph Sutton at 2023-06-14T22:57:35+00:00
param: Remove reference to unrecognized parameter ‘directory name cache size’
This parameter was removed in commit
c37d6be2db8ee30d632275e7b1c156a8b5d791a7.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60f76b9e by Joseph Sutton at 2023-06-14T22:57:35+00:00
selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c66cd4d by Joseph Sutton at 2023-06-14T22:57:35+00:00
selftest: Remove duplicate knownfails
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efb85e3d by Joseph Sutton at 2023-06-14T22:57:35+00:00
s4/scripting/bin: Add NT_STATUS_OK to list of definitions
Add NT_STATUS_OK to our pre-generated list of status codes. Ensure it
goes first in the list to ensure that code that previously found this
error code in ‘special_errs’ maintains the same behaviour by falling
back to ‘nt_errs’.
This makes NT_STATUS_OK available to Python code using the ‘ntstatus’
module.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11671a74 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/auth_log: Make samba.tests.auth_log test executable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1fcecd1 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/auth_log: Properly expect authentication failures
These authentications are actually failing (due to RESPONSE_TOO_BIG
errors), but our authentication logging infrastructure hides this.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
868e1146 by Joseph Sutton at 2023-06-14T22:57:35+00:00
s4:kdc: Don’t log authentication failures as successes
If a client was authorized, we would ignore the Kerberos error code and
just log the return value of authsam_logon_success_accounting().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b859b3b6 by Joseph Sutton at 2023-06-14T22:57:35+00:00
s4:kdc: Consolidate assignments to r->error_code and final_ret
This makes it clearer that we are assigning a value to both together.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
359e8204 by Joseph Sutton at 2023-06-14T22:57:35+00:00
librpc/idl: Add authentication policy event IDs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01643b35 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Keep track of the type of each created account
This allows us to determine which parts of an authentication policy
apply to a particular account, which will be necessary to test audit
logging.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d8ee6a4 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Cache created authentication policies
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1c24f4b by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Test authentication logging of TGT lifetimes
It is useful to test a combination of device restrictions and TGT
lifetime restrictions so that we can check what TGT lifetime values end
up in the logs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
117bba98 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Add a couple of authentication policy tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ec229e7 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Fix overlong lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
490c451a by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Keep track of account SIDs
This prevents having to look them up in the database when tests need
them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb260e1f by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Make use of KerberosCredentials.get_sid()
KerberosCredentials objects now keep track of their account’s SID, which
removes the need to look it up with KDCBaseTest.get_objectSid().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21d1f1ca by Joseph Sutton at 2023-06-14T22:57:35+00:00
s4:kdc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94e7a550 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Remove unneeded ‘dn’ parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9534e7b by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Test S4U2Self followed by constrained delegation with authentication policies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c6dbe31 by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/krb5: Test authentication with policy restrictions and a wrong password
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67da91ef by Joseph Sutton at 2023-06-14T22:57:35+00:00
tests/auth_log: Add method to fetch the next relevant message from the messaging bus
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0a71bd by Joseph Sutton at 2023-06-14T23:55:42+00:00
tests/auth_log: Refactor waitForMessages() to use nextMessage()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 14 23:55:42 UTC 2023 on atb-devel-224
- - - - -
b3a85655 by Joseph Sutton at 2023-06-15T05:29:28+00:00
auth: Move authn_policy code into auth subsystem
This ensures that this code will still be usable by other libraries and
subsystems if Samba is built with ‘--without-ad-dc’.
We also drop dependencies on ‘ldb’ and ‘talloc’ that we shouldn’t have
needed anyway.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1364c20 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw
This more clearly indicates that it is the raw TGT lifetime value
straight from the database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2ff8c4e by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Rename ‘lifetime’ to indicate that it is measured in seconds
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1429830 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add structure containing authentication policy auditing information
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9585bf9b by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add helper functions to create optional int64 values
These values will be used to represent TGT lifetimes, which might or
might not be present.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3063fb4 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add functions to create structures of auditing information for authentication policies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f47631b3 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add getter functions for authn_audit_info
These functions return various pieces of information about an audit
event that can go into audit logs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5506d5e by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add function to perform an authentication policy access check with a device
If the ‘audit_info_out’ parameter is non-NULL, auditing information will
be returned so that it might be logged.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6dce6318 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’
We’re going to extend this code, and so we will require functions from
the utility module.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5bd6ce29 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Generate auditing infomation for NTLM device restrictions
This will provide more detail to be logged.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f3c017a by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Add function to perform an access check to a service
If the ‘server_audit_info_out’ parameter is non-NULL, auditing
information will be returned so that it might be logged.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9325c14b by Joseph Sutton at 2023-06-15T05:29:28+00:00
lib:audit_logging: Add function to create JSON object containing auditing information
This can be included in logged authentications and authorizations.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2d925f5 by Joseph Sutton at 2023-06-15T05:29:28+00:00
auth: Add new ‘KDC Authorization’ log type
This is similar, but not identical, to the existing ‘Authorization’
event. It will be used to log Kerberos TGS-REQs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f771070 by Joseph Sutton at 2023-06-15T05:29:28+00:00
tests/auth_log: Add support for new ‘KDC Authorization’ log type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba2e54d5 by Joseph Sutton at 2023-06-15T05:29:28+00:00
tests/auth_log: Ensure tests continue to pass when new log types are added
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63fe9863 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:kdc: Log TGS-REQs in the Heimdal KDC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a7dbdb7 by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:auth: Enforce device restrictions for NTLM authentication
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c9c7c5b by Joseph Sutton at 2023-06-15T05:29:28+00:00
s4:auth: Enforce machine authentication policy for NTLM authentication
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32fdc764 by Joseph Sutton at 2023-06-15T06:30:35+00:00
s4:auth: Remove unneeded ‘sam_ctx’ parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 15 06:30:35 UTC 2023 on atb-devel-224
- - - - -
9e272398 by Volker Lendecke at 2023-06-16T16:14:30+00:00
libcli: Simplify dom_sid_dup()
We have sid_copy() for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12cbb043 by Volker Lendecke at 2023-06-16T16:14:30+00:00
libcli: Simplify security_token_is_sid()
Avoid an explicit if-statement.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
007b5825 by Volker Lendecke at 2023-06-16T16:14:30+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8a864e3f by Volker Lendecke at 2023-06-16T16:14:30+00:00
docs: Remove seekdir/telldir reference
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c86fef84 by Volker Lendecke at 2023-06-16T16:14:30+00:00
smbd: Modernize a DEBUG statement in smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d6f6f95 by Volker Lendecke at 2023-06-16T16:14:30+00:00
smbd: Remove references to get_Protocol()
We have that available in smbXsrv_connection that is available almost
everywhere.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b7fb136 by Volker Lendecke at 2023-06-16T16:14:30+00:00
lib: Simplify two if-expressions
This version looks easier to read to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c610804 by Volker Lendecke at 2023-06-16T16:14:30+00:00
winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a4972336 by Volker Lendecke at 2023-06-16T16:14:30+00:00
lib: Add a few required #includes
You find them if you try to #include these files directly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18070a2d by Volker Lendecke at 2023-06-16T16:14:30+00:00
WHATSNEW: Mention removed "directory name cache size" parameter
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1cd2f38b by Volker Lendecke at 2023-06-16T16:14:30+00:00
profiling: Factor out functions to read smbprofile.tdb
We don't need all of Samba just to dump contents of this tdb, make
exporting profile information cheaper.
No direct use yet, but it's a good cleanup IMHO
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c64699ae by Volker Lendecke at 2023-06-16T16:14:31+00:00
rpc_server: Fix talloc hierarchy in _srvsvc_NetSrvGetInfo()
Make ->comment a proper talloc child of the right structure.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca99d6a6 by Volker Lendecke at 2023-06-16T16:14:31+00:00
libsmb: Add SMB1 posix cli_mknod
This is a dead horse, but in the future it will make it easier to test
the smb311 unix extension code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efeb5406 by Volker Lendecke at 2023-06-16T16:14:31+00:00
pylibsmb: Add mknod()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41b094dd by Volker Lendecke at 2023-06-16T16:14:31+00:00
pylibsmb: Add smb1_stat()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
880eb2bd by Volker Lendecke at 2023-06-16T16:14:31+00:00
libsmb: Test smb1 mknod
Requires O_PATH to work correctly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf4e5542 by Volker Lendecke at 2023-06-16T16:14:31+00:00
smbd: Remove "a heuristic to avoid seeking the dirptr"
-- we don't seek the dirptr anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
079aad50 by Volker Lendecke at 2023-06-16T16:14:31+00:00
smbd: Remove a smb1-only optimization findfirst/findnext
I don't think this is an effective optimization at all anymore. It was
intended to speed up non-wildcard readdirs after we found the correct
entry. Nowadays we do the non-wildcard readdirs by a direct fstatat,
and after we successfully found the entry dptr_ReadDirName()
immediately returns without any further action. So my very strong
guess is that this never really kicked in anymore. Not using this flag
can't be *that* bad, smb2 never used it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96a64fb3 by Volker Lendecke at 2023-06-16T17:07:46+00:00
smbd: smbd_dirptr_lanman2_match_fn(): Remove "exact_match" handling
No caller uses this anymore. The only downside here now is that we
always go directly to mask_match instead of a trying strcasecmp_m
first. I very much doubt this makes a measurable difference because
this would have been called for non-wildcard
readdirs (a.k.a. qpathinfo), and there we do this only once per
complete directory read. Also I don't believe mask_match() is
measurably more expensive than strcasecmp_m() for the usually short
filenames we're looking at here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 16 17:07:46 UTC 2023 on atb-devel-224
- - - - -
b6049a30 by Björn Jacke at 2023-06-16T20:28:29+00:00
nmbd: use DBG_ macros and raise some log levels
BUG: https://bugzilla.samba.org/show_bug.cgi?id=4143
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5181b1c8 by Björn Jacke at 2023-06-16T20:28:29+00:00
nmbd_sendannounce.c: use DBG* macros instead of static log level numbers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=4143
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2fbd773a by Björn Jacke at 2023-06-16T20:28:29+00:00
nmbd/asyncdns.c: use DBG* macros instead of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=4143
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1186ec22 by Björn Jacke at 2023-06-16T20:28:29+00:00
nmbd_become_lmb.c: use DBG* macros instead of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=4143
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a33df125 by Björn Jacke at 2023-06-16T20:28:29+00:00
oplock_linux.c: use DBG macros instead of static log level
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa700369 by Björn Jacke at 2023-06-16T20:28:29+00:00
dns_update.c: use DBG* macros instead of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6003090d by Björn Jacke at 2023-06-16T20:28:29+00:00
smbXsrv_session.c: use DBG* macros instead of static log level numbers
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c257b0a2 by Björn Jacke at 2023-06-16T20:28:29+00:00
smb2_service.c: use DBG* macros instread of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
659e8854 by Björn Jacke at 2023-06-16T20:28:29+00:00
dcesrv_drsuapi.c:use DBG* macros instead of static log level numbers
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c37615e by Björn Jacke at 2023-06-16T20:28:29+00:00
smbXsrv_tcon.c: use DBG* macros instead of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8fb833fc by Björn Jacke at 2023-06-16T20:28:29+00:00
vfs_default.c: use DBG* macros instead of static log level numbers
Some log levels change because the macros don't cover all the previously used
log levels or because importance was slightly reconsidered.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4b77dc3 by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs:subunit: Fix assigning an array to a string
$@ is an array and we want a string.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b612dc6 by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs:subunit: Fix integer comparisons
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fb0b368 by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_samba-tool_ntacl.sh
There is not need for root here.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57918237 by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_net_ads_dns.sh
There is not need for root here.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea566a82 by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_pdbtest.sh
We already set root for smbpasswd.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b41ff81a by Andreas Schneider at 2023-06-16T20:28:29+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
457a83e7 by Andreas Schneider at 2023-06-16T20:28:30+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e013d70e by Andreas Schneider at 2023-06-16T20:28:30+00:00
testprogs: Do not export UID_WRAPPER_ROOT in test_net_rpc_oldjoin.sh
This is already set for smbpasswd.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cbd4a3a by Andreas Schneider at 2023-06-16T20:28:30+00:00
s3:tests: Do not export UID_WRAPPER_ROOT in test_net_machine_account
Just set it for the test.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3799074b by Andreas Schneider at 2023-06-16T20:28:30+00:00
s3:tests: Do not export UID_WRAPPER_ROOT in test_smbXsrv_client_dead_rec.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a9e0b31 by Andreas Schneider at 2023-06-16T20:28:30+00:00
s3:tests: Do not export UID_WRAPPER_ROOT in test_smbXsrv_client_cross_node.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6640cf5e by Björn Baumbach at 2023-06-16T21:23:28+00:00
samba-tool: add new --dns-directory-partition option to dns zonecreate command
The new --dns-directory-partition chooses the directory partition for
the new zone - "domain" or "forest". Defaults to the current default
"domain".
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 16 21:23:28 UTC 2023 on atb-devel-224
- - - - -
d34ff44d by Andreas Schneider at 2023-06-20T11:07:45+00:00
s3:winbind: Fix talloc parent in find_dc() leading to a segfault
[2023/06/16 16:30:18.677249, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/cmdline/cmdline.c:56(_samba_cmdline_talloc_log)
Bad talloc magic value - unknown value
[2023/06/16 16:30:18.677374, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:173(smb_panic_log)
===============================================================
[2023/06/16 16:30:18.677388, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:177(smb_panic_log)
INTERNAL ERROR: Bad talloc magic value - unknown value in pid 28112 (4.18.3)
[2023/06/16 16:30:18.677398, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:182(smb_panic_log)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2023/06/16 16:30:18.677408, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:183(smb_panic_log)
===============================================================
[2023/06/16 16:30:18.677420, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:185(smb_panic_log)
PANIC (pid 28112): Bad talloc magic value - unknown value in 4.18.3
[2023/06/16 16:30:18.677698, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:293(log_stack_trace)
BACKTRACE: 22 stack frames:
#0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7fcc04ad35d4]
#1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7fcc04ad382d]
#2 /lib64/libtalloc.so.2(+0x3121) [0x7fcc04650121]
#3 /usr/sbin/winbindd(_wbint_InitConnection+0xe8) [0x55aa1fd79028]
#4 /usr/sbin/winbindd(+0x59488) [0x55aa1fd7e488]
#5 /lib64/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x69) [0x7fcc05890469]
#6 /usr/sbin/winbindd(winbindd_dual_ndrcmd+0x3c5) [0x55aa1fd762d5]
#7 /usr/sbin/winbindd(+0x4d664) [0x55aa1fd72664]
#8 /lib64/libtevent.so.0(tevent_common_invoke_fd_handler+0x97) [0x7fcc03d2e707]
#9 /lib64/libtevent.so.0(+0xef4f) [0x7fcc03d34f4f]
#10 /lib64/libtevent.so.0(+0xcf5b) [0x7fcc03d32f5b]
#11 /lib64/libtevent.so.0(_tevent_loop_once+0x95) [0x7fcc03d2d9b5]
#12 /usr/sbin/winbindd(+0x4fd14) [0x55aa1fd74d14]
#13 /usr/sbin/winbindd(+0x505cd) [0x55aa1fd755cd]
#14 /lib64/libtevent.so.0(tevent_common_invoke_immediate_handler+0x182) [0x7fcc03d2ec72]
#15 /lib64/libtevent.so.0(tevent_common_loop_immediate+0x27) [0x7fcc03d2eca7]
#16 /lib64/libtevent.so.0(+0xed2f) [0x7fcc03d34d2f]
#17 /lib64/libtevent.so.0(+0xcf5b) [0x7fcc03d32f5b]
#18 /lib64/libtevent.so.0(_tevent_loop_once+0x95) [0x7fcc03d2d9b5]
#19 /usr/sbin/winbindd(main+0xd34) [0x55aa1fd402f4]
#20 /lib64/libc.so.6(__libc_start_main+0xe5) [0x7fcc0339dd85]
#21 /usr/sbin/winbindd(_start+0x2e) [0x55aa1fd40e8e]
[2023/06/16 16:30:18.677828, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../source3/lib/dumpcore.c:318(dump_core)
coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15398
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 20 11:07:45 UTC 2023 on atb-devel-224
- - - - -
c4e27ae4 by Volker Lendecke at 2023-06-21T07:11:56+00:00
smbd: Don't set security_descriptor_hash_v4->time
This prevents de-duplication of xattrs in the backend file system
where otherwise ACLs are often very similar.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 21 07:11:56 UTC 2023 on atb-devel-224
- - - - -
53caae00 by Joseph Sutton at 2023-06-21T12:23:32+00:00
tests/krb5: Test that FX-COOKIE matches cookie returned by Windows
The cookie produced by Windows differs depending on whether FAST was
used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fc474042 by Joseph Sutton at 2023-06-21T12:23:33+00:00
third_party/heimdal: Import lorikeet-heimdal-202306112240 (commit c7f4ffe1a6e8dafc86ec3357c498d31c97ece386)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ad98643f by Joseph Sutton at 2023-06-21T13:19:17+00:00
s4:kdc: Replace FAST cookie with dummy string
All that uses the FAST cookie is the gss-preauth authentication
mechanism, which is untested in Samba, and disabled by default.
Disabling the FAST cookie code (and sending a dummy string instead)
relieves us of the maintenance and testing burden of this untested code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jun 21 13:19:17 UTC 2023 on atb-devel-224
- - - - -
48cc2862 by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level'
We may not jump to 2016 directly...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b1895a0 by Andrew Bartlett at 2023-06-21T19:08:37+00:00
samba-tool: Fix missing import for "domain level raise --forest-level=2016"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f9f9771a by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
samba-tool: check for invalid 'domain level' subcommands first
This will simplify further changes...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea271233 by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
samba-tool: let 'domain level raise --domain-level' use the correct crossRef dn
We should not rely on lp.get('workgroup')...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e92988ec by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
samba-tool: move some parts of 'domain level [show|raise]' in to try/except
This just adds indentation for now, the following changes will
add transactions...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3724ae3e by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
samba-tool: move some parts of 'domain level [show|raise]' in to subfunctions
This will make it easier to use transactions in the following changes...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
205ee77c by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
samba-tool: let 'domain level raise' call check_and_update_fl() in a transaction
This makes it possible to raise the levels without starting
'samba' first, which is very useful for blackbox tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2777d47 by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
testprogs/blackbox: also prepare for to 2016 (schema=2019) in functionalprep.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9581337 by Stefan Metzmacher at 2023-06-21T19:08:37+00:00
testprogs/blackbox: also raise the levels to 2012_R2/2016 in functionalprep.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9d543cd by Joseph Sutton at 2023-06-21T19:08:37+00:00
s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs
Samba security features like AD claims, Authentication Policies and
Authentication Silos are enabled once the DC is at the required functional level.
We comment at the callers of of dsdb_dc_functional_level() to explain
why we do this.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0ef8083c by Andrew Bartlett at 2023-06-21T20:01:06+00:00
WHATSNEW: Mention new default schema and Functional Level prep
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 21 20:01:06 UTC 2023 on atb-devel-224
- - - - -
489cdefa by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
tests/krb5/s4u_tests.py: add test_constrained_delegation_with_enc_auth_data_[no_]subkey()
This demonstrates that we use the correct key for EncAuthorizationData
together with constrained delegation.
The actual fix for the problem is already in place via
commit 75ec66c729faad60fa18b9504ba4053b3e2f47bc
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)
The related patches are:
38c47c54f0c78fed5afc1aea9c5f6683e06ec842 kdc: fix memory leak when decryption AuthorizationData
61c0089ea3f5387953818a3ac99fb529244196e6 kdc: decrypt b->enc_authorization_data in tgs_build_reply()
fed5579814108ee90f701ca6bfb5500f7d839bc4 kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the keys from evidence_tkt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b26dcfba by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
tests/krb5/s4u_tests.py: add test_constrained_delegation_authtime
This demonstrates that we use the correct authtime
when doing constrained delegation.
The actual fix for the problem is already in place via
commit 75ec66c729faad60fa18b9504ba4053b3e2f47bc
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)
The related patch is:
006a365a6aa3047a4e685e1607973746a28cc1f1 kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13137
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e9f1eec by Björn Baumbach at 2023-06-21T23:24:37+00:00
samba-tool: print default (domain) for --dns-directory-partition option in help message
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3694f2ce by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
vfs_aio_pthread: don't crash without a pthreadpool
During 'samba-tool ntacl sysvolreset' and similar.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ca5b78f by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
samba-tool/ntacl: let changedomsid ignore symlinks
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6327fd9c by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
samba-tool/ntacl: don't announce -q,--quiet in --help as it's not used at all
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27b29cfa by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
samba-tool/ntacl: add set --verbose and print out the file/directory name
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16b9b508 by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
samba-tool/ntacl: implement set --recursive
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
619f097b by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
testprogs/blackbox: pass $CONFIGURATION to test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11741791 by Stefan Metzmacher at 2023-06-21T23:24:37+00:00
testprogs/blackbox: move 'ntacl get' out of test_changedomsid() in test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91eb3f1d by Stefan Metzmacher at 2023-06-22T00:22:47+00:00
testprogs/blackbox: add --recursive tests to test_samba-tool_ntacl.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 22 00:22:47 UTC 2023 on atb-devel-224
- - - - -
232f281b by Andreas Schneider at 2023-06-23T13:44:31+00:00
libcli:smbreadline: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d759393 by Andreas Schneider at 2023-06-23T13:44:31+00:00
libgpo:admx: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba02d89b by Andreas Schneider at 2023-06-23T13:44:31+00:00
librpc:idl: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ec8ecce by Andreas Schneider at 2023-06-23T13:44:31+00:00
librpc:ndr: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eba5b05a by Andreas Schneider at 2023-06-23T13:44:31+00:00
librpc:rpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51bec220 by Andreas Schneider at 2023-06-23T13:44:31+00:00
nsswitch: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35500dc4 by Andreas Schneider at 2023-06-23T13:44:31+00:00
packaging:systemd: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
535617a8 by Andreas Schneider at 2023-06-23T13:44:31+00:00
pidl: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a15b8611 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:emulate: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f3b2814d by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:gp: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97fb06a2 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:gp_parse: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de2c4879 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:kcc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e046986d by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:netcmd: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5476ecf by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:provision: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cac56ae4 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:samba3: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab379293 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:subunit: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4798967 by Andreas Schneider at 2023-06-23T13:44:31+00:00
python:samba:tests: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c837ecf4 by Andreas Schneider at 2023-06-23T14:51:14+00:00
python:samba: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 23 14:51:14 UTC 2023 on atb-devel-224
- - - - -
3f97b6a4 by Volker Lendecke at 2023-06-23T17:34:30+00:00
smbd: Make sure smb_fname->st is valid in smbd_dirptr_get_entry
This simplifies the two mode_fn()s we have.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea670b66 by Volker Lendecke at 2023-06-23T17:34:30+00:00
smbd: Don't use "sbuf" in smbd_dirptr_get_entry()
openat_pathref_fsp() does not need this anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f36bdcc0 by Volker Lendecke at 2023-06-23T17:34:30+00:00
smbd: Remove unused "pst" argument from dptr_ReadDirName()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
daf6f2f7 by Volker Lendecke at 2023-06-23T17:34:30+00:00
smbd: Remove unused "sbuf" argument from ReadDirName()
Nobody used that anymore, most callers had passed in NULL anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95fd166e by Volker Lendecke at 2023-06-23T17:34:30+00:00
smbd: Remove unused "sbuf" argument from vfs_readdirname()
The only caller did not use the result.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a8cfe16 by Volker Lendecke at 2023-06-23T18:29:40+00:00
vfs: Remove "sbuf" from readdir_fn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 23 18:29:40 UTC 2023 on atb-devel-224
- - - - -
370ba4ad by Stefan Metzmacher at 2023-06-24T06:25:35+00:00
s4:kdc: handle passwords from the history in hdb_samba4_auth_status()
This is important in order to prevent ACCOUNT_LOCKED_OUT
with cached credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28cf6c70 by Stefan Metzmacher at 2023-06-24T06:25:35+00:00
s4:dsdb/tests: Test Kerberos login with old password fails (but badPwdCount=0)
This demonstrates the pre-authentication failures with passwords from
the password history don't incremend badPwdCount, similar to the
NTLMSSP and simple bind cases. But it's still an interactive logon,
which doesn't use 'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4007b0e by Stefan Metzmacher at 2023-06-24T06:25:36+00:00
s4:dsdb/tests: also verify too old, older password interaction with badPwdCount
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a75378e3 by Stefan Metzmacher at 2023-06-24T07:18:03+00:00
s4:kdc: translate sdb_entry->old[er]_keys into hdb_add_history_key()
It means that using the old or older password no longer
changes badPwdCount for Kerberos authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jun 24 07:18:03 UTC 2023 on atb-devel-224
- - - - -
34b9c54f by Christof Schmitt at 2023-06-25T15:09:34+00:00
gpfswrap: Add wrapper for gpfs_register_cifs_export
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15381
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3b72136f by Christof Schmitt at 2023-06-25T15:09:34+00:00
vfs_gpfs: Register smbd process with GPFS
Issue API call to tell the file system that this is a Samba process.
This fixed the GPFS handling of Samba since the rename of smbd processes
in commit 5955dc1e4fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15381
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
25e1e487 by Christof Schmitt at 2023-06-25T15:09:34+00:00
vfs_gpfs: Check error from gpfswrap_lib_init
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9f521691 by Christof Schmitt at 2023-06-25T16:06:37+00:00
vfs_gpfs: Move call to load GPFS library
Load the GPFS library from the connect function and leave the module
init for only the module registration.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jun 25 16:06:37 UTC 2023 on atb-devel-224
- - - - -
1a5184e4 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: add optparse validators and Range validator
Add the ability to the add validators to optparse Option fields.
The Option class was already subclassed in `netcmd/__init__.py` so
adding some functionality to this was relatively easy.
Added the ability to add Validator classes to a field so that this can
be used for anything else in the future, but for now there is a Range
validator required by upcoming auto silo commands.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d01cd64d by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: add custom json encoder for object type fields
The custom JSONEncoder class is also capable of encoding Dn objects to
str, and any object that has a __json__ method.
The __json__ method is not an official dunder method, but this has
been used by other frameworks too (like Pyramid).
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3a0160ae by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: add domain models and basic model layer
The ORM is somewhat inspired by Django, but it has some key
differences that make it work better with the Ldb database.
A field can be a singular value or a list, so a BooleanField can
either be True, or [True, False, True], or None.
The only thing that many=True does is say that the field "prefers" to
be a list, but really any field can be a list. For example when
creating a new object, it initialises the field as an empty list
rather than None if many=True.
When saving an object, if it is an update operation, only write the
fields that have actually changed.
When updating an object, any fields that are unset (set to None, or an
empty list) will be treated as a REMOVE operation.
Note that silo members should not be saved this way, writing the whole
list can lead to data loss if multiple admins are saving the silo at
the same time. Silo members will need to be handled differently, just
removing one member but not writing the whole list.
Unlike Django, there is no .objects class, instead there are a bunch
of static methods for querying:
* Model.get
* Model.query
* Model.create
* Model.get_or_create
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3df634e7 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add authentication silo commands
Authentication policies:
* samba-tool domain auth policy list
* samba-tool domain auth policy view
* samba-tool domain auth policy create
* samba-tool domain auth policy modify
* samba-tool domain auth policy delete
Authentication silos:
* samba-tool domain auth silo list
* samba-tool domain auth silo view
* samba-tool domain auth silo create
* samba-tool domain auth silo modify
* samba-tool domain auth silo delete
Authentication silo members:
* samba-tool domain auth silo member list
* samba-tool domain auth silo member add
* samba-tool domain auth silo member remove
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
35d04e24 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: tests for auth silo command line tools
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6056566a by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: rename claim tests for consistency
The domain_auth tests are also prefixed with domain, it matches the
cli command "samba-tool domain claim".
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9911a81c by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claim: show err if assertIsNone fails
Other tests do this too, this is very useful if things fail
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
7e9d8072 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: fix attributes created by test setUp method
Discovered this while converting the claims cli commands to use the
models, some tests failed.
The reason for this was that they relied on the attributes in the list
ATTRIBUTES to exist.
However, then we have to also prefix the attributes we create in the
test_claim_type_create test.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
40da71fe by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: fix claims constant name was wrong should be claim type CN
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b3fac344 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claim commands use the model layer
This makes it consistent with the auth silo code, both should now make
use of the models.
Claims commands are now using the model layer with one exception and
that is the get_attribute_from_schema and get_class_from_schema
methods in the base class.
These will be made into models in another commit.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b6fda29f by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claims: use consistent naming for options
The name of the option should be the same as the attribute name.
You can still tell where it's being used (display_name), especially
now with the model layer:
ClaimType.get(ldb, display_name=name)
The silo commands tend to use the `cn` field, while the claims
commands use the `displayName` field, but the option is always called
`name` for consistency.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d558b20e by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: PEP257 fix incorrect docstring quotes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3da5be0b by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: move ldb_connect method to base class
This method is needed by just about every command and moving it here
is another step towards elinimanting the base classes in domain/auth
and domain/claim.
The base classes are almost empty now, since introducing the model
layer. The next step is to get rid of these base classes completely.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
15440c6d by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: fix import sort/grouping as per python standard
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2842ed82 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: move method print_json to command base class
This is used in quite a few commands, move to base class.
This ensures the correct encoder class and settings are always used,
and they are only defined in one place.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
df5e6045 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: move get_policy method from base class to the model
There isn't much left of the base class, the next thing is to remove
it.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d070a605 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add test for silo if policy is a dn
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3ecea860 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: auth silos: remove base class
There is no point to the base class anymore.
And since the model layer has dramatically simplified the code in the
commands, ldb can just be a local variable.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
44aaba8a by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add models for ClassSchema and AttributeSchema
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
61ee26ad by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claims: make use of AttributeSchema and ClassSchema models
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bb0ab7b2 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claims: move claim value type lookup by attribute to model
Also, there was no need for the cached property previously in the
command, as the command only calls this once.
Fetching all value types seems excessive now with the new model layer,
we just fetch the one we need and get a model object back.
Use the method lookup, it's consistent with the rest, and raise either
LookupError or ValueError.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
daac480e by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: claims: base class is no longer required
base.py has been removed as this has all been moved to the model layer
as the auth commands ldb is now just a local variable
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
705e65c1 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: remove parse_guid and parse_text as they are no longer used
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
83112842 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: silo member add and remove does not write whole list
Writing the whole list at once can lead to data loss if multiple
administrators are doing this at the same time.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3a579eab by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: model field tests
Add tests for model fields to ensure they behave as expected when
calling from_db_value and to_db_value methods.
Add a base class for the tests themselves via a mixin as unittest
doesn't support abstract test case classes.
For each field, from_db_value and to_db_value must either be a list or
a property that returns a list.
The list contains input values and expected values, the expected value
can also be a callback for more complex comparison, this is used for
the possible claim values xml.
It is important that singular values and list values are tested, and
also None to ensure that fields properly get unset when a model is
saved.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a9944ba8 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: silo member command tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d7b04685 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: man page updates for auth silo and policy cli
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b00761da by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: model stores ldb message for save
The message is stored in self._apply which also gets called by
self.refresh()
This is the better thing to do than fetching in save.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ca4e36d1 by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add model exceptions and error handling
* Only handle what we know, otherwise raise the existing LdbError
* Cutom messages added in the model layer so we don't have to do it in
the commands themselves
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
76ca95db by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add error handling to domain auth commands
Where we wre catching LdbError before we now catch ModelError, all
exceptions that are known and handled in the model layer will have a
user-friendly error message.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0cfa7f6c by Rob van der Linde at 2023-06-25T23:29:32+00:00
netcmd: domain: add error handling to domain claims commands
Similar to the auth commands commit prior to this.
Where we wre catching LdbError before we now catch ModelError, all
exceptions that are known and handled in the model layer will have a
user-friendly error message.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a5770669 by Joseph Sutton at 2023-06-25T23:29:32+00:00
tests/krb5: Improve authentication policy creation
Don’t require passing in an ID to create an authentication policy.
Instead, have create_authn_policy() generate one for us.
We now return an actual AuthenticationPolicy object rather than just a
DN. This will give the tests more details to work with about the
policies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0d20ce5 by Joseph Sutton at 2023-06-25T23:29:32+00:00
tests/krb5: Test more authentication logging of TGT lifetimes
It is useful to test a combination of device restrictions and TGT
lifetime restrictions so that we can check what TGT lifetime values end
up in the logs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7748e685 by Joseph Sutton at 2023-06-25T23:29:32+00:00
tests/krb5: Test authentication policy audit logging
For each test, we check the authentication logs and ensure the messages
are as we expect.
We only test AS-REQs and TGS-REQs with the Heimdal KDC at the moment,
assuming that MIT doesn’t support logging for those cases.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78186805 by Joseph Sutton at 2023-06-25T23:29:32+00:00
netcmd: domain: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b11ad8b1 by Joseph Sutton at 2023-06-25T23:29:32+00:00
python:tests: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9c55b84 by Joseph Sutton at 2023-06-25T23:29:32+00:00
lib:audit_logging: Add function to return the JSON null object
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca9d27ae by Joseph Sutton at 2023-06-25T23:29:32+00:00
auth: Add functionality to log client and server policy information
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66841384 by Joseph Sutton at 2023-06-25T23:29:32+00:00
s4:auth: Set ‘authoritative’ even if there is an error
This is consistent with all the other functions that set
‘authoritative’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad32cf02 by Joseph Sutton at 2023-06-25T23:29:32+00:00
s4:auth: Add audit info parameters to check_password_recv()
These pointers can be set by implementing functions in order for them to
be logged in auth_check_password_recv().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26d7d1a5 by Joseph Sutton at 2023-06-25T23:29:32+00:00
s4:auth: Log authentication policies for NTLM authentication
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af95ec0b by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Add functionality to log client and server authentication policies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
071ad174 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Add helper function to determine whether authentication to a server is allowed
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8579674 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Add helper function to determine whether a device is allowed to authenticate
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2a6c699 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Make krb5_principal parameters const
The ‘const’ is entirely unnecessary in a function declaration, but we
add it just to be consistent.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
baf03e3f by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Add singular out path to samba_kdc_update_pac_blob()
This ensures that we always clean up resources.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea007ef7 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Have samba_kdc_update_pac_blob() return krb5_error_code
This gives it more control over the final Kerberos error code, so that
we won’t always get ERR_GENERIC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c107763 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Log errors in samba_kdc_update_pac_blob()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6c44222 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Remove unused PAC_SIGNATURE_DATA parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6be1a397 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Have samba_kdc_update_pac_blob() do less
Previously this function obtained the auth_user_info_dc structure, then
used it to update the PAC blob. Now it does only one thing: fetch the
auth_user_info_dc info and return it to the caller, who can then call
samba_get_logon_info_pac_blob().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7485638e by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Move adding compounded authentication SID out of samba_kdc_obtain_user_info_dc()
We may not always want this SID to be present. For example, to enforce
authentication policies as Windows does, we’ll want the client’s
security token without this SID.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bb7aad1 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Use samba_kdc_obtain_user_info_dc() for !client_pac_is_trusted case
This will help to reduce code duplication and the number of branching
code paths.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f49ebef0 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Unify common code paths
Perhaps view with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0d52262 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Flip sense of condition
A negative condition incurs more cognitive load.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf139d14 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Return NTSTATUS and auditing information from samba_kdc_update_pac() to be logged
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad1234d5 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Create a temporary talloc context on which to allocate
‘client->context’ is too long-lived to use for allocating short-term
data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1006c77 by Joseph Sutton at 2023-06-25T23:29:33+00:00
s4:kdc: Use talloc_get_type_abort()
We subsequently dereference the result without performing a NULL check.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ecff09d7 by Andrew Bartlett at 2023-06-26T00:26:37+00:00
Align samba_kdc_update_pac() prototype in pac-glue.h with the implementation in pac-glue.c
Commit 6bd3b4528d4b33c8f7ae6341d166bea3a06cd971 diverged the const
declarations in the header, this brings them back in alignnment as
is Samba's normal practice.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jun 26 00:26:37 UTC 2023 on atb-devel-224
- - - - -
539cd516 by Joseph Sutton at 2023-06-26T11:10:31+00:00
netcmd: domain: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9d7f1794 by Joseph Sutton at 2023-06-26T11:10:31+00:00
tests/auth_log_pass_change: Fix flapping test
It appears that discardMessages() is still not entirely reliable. Ensure
that we filter out any messages from the Administrator’s authentication.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1abc2543 by Joseph Sutton at 2023-06-26T11:10:31+00:00
tests/krb5: Add test for authenticating with disabled account and wrong password
This shows us that the client’s access is checked prior to passwords
being checked.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
95c02a97 by Joseph Sutton at 2023-06-26T11:10:31+00:00
third_party/heimdal: Import lorikeet-heimdal-202306192129 (commit 0096f9c1dc105d8ac9f7dd96d653b05228f7d280)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8425ffc8 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Update Samba KDC plugin to match new Heimdal version
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
19f867bc by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Ensure that we don’t log PREAUTH_REQUIRED errors
Such errors were not logged in the past, either, but that was accidental
— a result of failing too early for an authentication event to be set —
rather than the auditing being deliberately designed that way.
Now that we have added the KDC_AUTH_EVENT_CLIENT_FOUND event, we want to
ensure that PREAUTH_REQUIRED errors continue to go unlogged.
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
67436de3 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Handle new KDC_AUTH_EVENT_CLIENT_FOUND audit event
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
620c842d by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Remove unused ‘server’ parameter in pac_verify()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
456373ac by Joseph Sutton at 2023-06-26T11:10:31+00:00
tests/krb5: Don’t unnecessarily specify ‘id’
In tests where we have multiple accounts of the same type, we use the
‘id’ parameter to ensure that these accounts are all different, as some
restrictions are bypassed if an account authenticates to the selfsame
account. However, this is unnecessary if we already specify (with
‘use_cache=False’) that the cache is not to be used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8e320751 by Joseph Sutton at 2023-06-26T11:10:31+00:00
tests/krb5: Fix RBCD comments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8b1897f0 by Joseph Sutton at 2023-06-26T11:10:31+00:00
tests/krb5: Test that client policies are not enforced with S4U
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f3714a3e by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Add comment stating that policies aren’t looked up for S4U clients
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9a9f4799 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Check authentication policy device restrictions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3240ac4e by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Check authentication policy server restrictions
For a constrained delegation request, we need to pass ‘delegated_proxy’
(and the delegated proxy PAC, if one was provided) into
samba_kdc_update_pac() so that we can verify that the delegating server
is allowed to authenticate to the target server.
The ‘const’ is entirely unnecessary in a function declaration, but we
add it just to be consistent.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b42fbc78 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Enforce authentication policy service restrictions when getting a PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1ffca866 by Stefan Metzmacher at 2023-06-26T11:10:31+00:00
s4:kdc: adjust formatting of samba_kdc_update_pac() documentation
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c69174c0 by Stefan Metzmacher at 2023-06-26T11:10:31+00:00
s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac()
For now we only pass in the krbtgt that verified the client pac
and optionally the krbtgt that verified the device pac.
These can be different depending on the domain of the related
principals.
If we want to apply SID filtering in future we may also need
to pass in the krbtgt that verified the delegated_proxy_pac,
but that needs more research and if not required for the
following changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebc27cf3 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Remove unnecessary NULL check
pac_blobs_add_blob() already checks whether the blob argument is NULL,
and skips adding the blob if so.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7a4fa2c5 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Make [client,device]_claims_blob const pointers
This is so that we can have them point to ‘null_data’ if we so choose.
We can’t assign the result of data_blob_talloc() to a const pointer, so
we go through an intermediary non-const pointer for the
device_claims_blob case.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fcea5358 by Stefan Metzmacher at 2023-06-26T11:10:31+00:00
s4:kdc: clear client and device claims from trusts
As we don't support the Claims Transformation Algorithm [MS-CTA]
we better clear claims as they have no valid meaning in our domain.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
192024e8 by Joseph Sutton at 2023-06-26T11:10:31+00:00
s4:kdc: Add comment to clarify that we fetch the client claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7828c653 by Joseph Sutton at 2023-06-26T12:11:30+00:00
s4:kdc: Don’t overwrite error code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jun 26 12:11:30 UTC 2023 on atb-devel-224
- - - - -
84048078 by Volker Lendecke at 2023-06-26T15:53:36+00:00
error_inject: map EROFS
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15402
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
37b3667f by Volker Lendecke at 2023-06-26T15:53:36+00:00
error_inject: Enable returning EROFS for O_CREAT
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15402
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
13d199be by Volker Lendecke at 2023-06-26T15:53:36+00:00
tests: Show smbd returns wrong error code when creating on r/o fs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15402
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de2738fb by Volker Lendecke at 2023-06-26T16:53:21+00:00
smbd: Don't mask open error if fstatat() fails
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15402
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jun 26 16:53:21 UTC 2023 on atb-devel-224
- - - - -
3784bca7 by Joseph Sutton at 2023-06-27T05:45:36+00:00
third_party/heimdal: Import lorikeet-heimdal-202306200407 (commit fc2894beeaa71897753975154a5f7fd80b923325)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7e76f36d by Joseph Sutton at 2023-06-27T05:45:36+00:00
s4:kdc: Initialize pointers with NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0e43d11e by Joseph Sutton at 2023-06-27T05:45:36+00:00
s4:kdc: Remove useless sdb → hdb error code translation
samba_kdc_check_s4u2proxy() is never going to return an SDB_* error
code, so these conditions can never be hit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fcfdb443 by Joseph Sutton at 2023-06-27T05:45:36+00:00
tests/krb5: Be less strict regarding acceptable delegation error codes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fc33033b by Joseph Sutton at 2023-06-27T05:45:36+00:00
tests/krb5: Adjust authentication policy RBCD tests to expect appropriate failure statuses
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
34760dfc by Joseph Sutton at 2023-06-27T05:45:36+00:00
s4:kdc: Implement Heimdal hook for resource-based constrained delegation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e9367887 by Joseph Sutton at 2023-06-27T05:45:36+00:00
s4:kdc: Include default groups in security token
This is consistent with the behaviour of the existing function
_authn_policy_access_check() and of Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b0524830 by Stefan Metzmacher at 2023-06-27T06:39:08+00:00
s4:kdc: don't log an error if msDS-AllowedToActOnBehalfOfOtherIdentity is missing
We log a warnings if access is not granted from a security descriptor in
msDS-AllowedToActOnBehalfOfOtherIdentity, so we should use the same log
level if msDS-AllowedToActOnBehalfOfOtherIdentity is not available at
all.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jun 27 06:39:08 UTC 2023 on atb-devel-224
- - - - -
afbed653 by Jones Syue at 2023-06-28T07:02:34+00:00
s3:utils: smbget fix a memory leak
Using smbget to download files recursively (-R).
If smbget found that a file is already existed in the destination,
smbget would said 'File exists', return early, and 'newname' allocated
memory is never freed, this is found by valgrind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15403
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 28 07:02:34 UTC 2023 on atb-devel-224
- - - - -
d720eb2c by Andreas Schneider at 2023-06-29T16:06:11+00:00
third_party: Update socket_wrapper to version 1.4.2
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jun 29 16:06:11 UTC 2023 on atb-devel-224
- - - - -
7b6cedf5 by Stefan Metzmacher at 2023-06-30T08:51:17+00:00
.gitlab-ci:bootstrap: remove ubuntu1804*, add debian12, upgrade opensuse 15.5
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[abartlet at samba.org Use Debian 11 for the 32 bit host as the compile
currently fails - just exits without information - mid-way on Debian 12]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jun 30 08:51:17 UTC 2023 on atb-devel-224
- - - - -
290ca547 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Slightly simplify smbd_dirptr_get_entry()
Implementing virtually empty directories for "dont descend" looks
easier to me this way. It should also be an optimization, because now
we don't walk the whole directory anymore after . and .., which always
come first anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c921cdf8 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Move dos_mode_from_name() up in dosmode.c
Is useful in dos_mode_msdfs() as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
08e881ae by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Simplify dos_mode_msdfs()
This is exactly what dos_mode_from_name() does.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
633d71ee by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Apply some README.Coding to dos_mode_from_sbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
58f7ec12 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Add read_symlink_reparse()
Fake up a symlink reparse point structure from an on-disk reparse
point.
Turn in-share absolute symlinks into relative ones for the client to
properly follow symlinks. Pass on everything else as-is. In particular
clients follow symlinks pointing at \\server\share\...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8b651a68 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Factor out full_path_extend()
This logic will be used in another place in the next commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
03660778 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Lift up conn->cwd from openat_pathref_dirfsp_nosymlink()
The goal of this patch is to make the next patches smaller. Next
patches will also make openat_pathref_dirfsp_nosymlink() open real
files, not only directories.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7a71e275 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Fully fill in fsp in openat_pathref_fsp_nosymlink_internal()
Prepare for allowing openat_pathref_fsp_nosymlink() to open real files
in the next patches.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eb2978f5 by Volker Lendecke at 2023-06-30T10:42:36+00:00
test: skip the open-eintr test
With 7bb8af3f74c we already had to tune the error_inject VFS object to filter
out the openat-calls coming from filename_convert_dirfsp&friends. With
the next patch openat() will be called from even more places, and I
don't really see a good way to properly deal with EINTR in all the
places where it can happen. The real case where EINTR is something we
need to handle properly I guess is with kernel oplocks active: open()
waits for another process to give up its kernel oplock, which opens
the window for EINTR to become a valid case to properly take care
of. For all other opens I would be willing to live with the fact that
we just return an error message that might be different from Windows.
To detect that kernel oplock case properly, with O_PATH we have to
look at the /proc/self/fd/<n> reopen or the O_EMPTY_PATH FreeBSD
flavor from inside the error_inject module I guess. But then, the
second time we come around the corner we have to let it pass.
Difficult to properly test, disable the test for now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e9363926 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Extend openat_pathref_dirfsp_nosymlink()
Turn it into openat_pathref_fsp_nosymlink() which opens not only
directories but normal files and symlinks too. If it finds a symlink,
return NT_STATUS_STOPPED_ON_SYMLINK and all the metadata we can find:
struct stat_ex plus the symlink target.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0958afd2 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Pass stat_ex and files_struct to dos_mode_from_sbuf()
Will enable simplification of dos_mode_msdfs()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
614debf4 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Pass "char*" to dos_mode_from_name()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f56ceab9 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Pass name and stat_ex to dos_mode_msdfs()
We'll use it in a place without a smb_fname soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
16ae3c2e by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Modernize two DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b4698f3b by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Introduce dir_fname helper var in smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e9040fa4 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Factor out full_path_from_dirfsp_at_basename()
Will use this logic in the next patch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
88f32b78 by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Rewrite smbd_dirptr_get_entry()
Move filtering of entries, in particular symlinks, fully into
smbd_dirptr_get_entry(). Before, this was hidden in magic code inside
openat_pathref_fsp() and the mode_fn()s. Changing anything file open
code led to changes in very distant code paths because of unforeseen
consequences to directory listing. This change centralizes the
decision what directory entries to show into
smbd_dirptr_get_entry(). It uses openat_pathref_fsp_nosymlink()
without any symlink magic. It might need some tweaking when we also
want to show other special files, but this will hopefully be easier.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e4422b2f by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Remove "atname" from smbd_dirptr_get_entry()'s mode_fn
Unused.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f19f3c1a by Volker Lendecke at 2023-06-30T10:42:36+00:00
smbd: Factor out create_open_symlink_err()
3 times talloc_zero() and read_symlink_reparse() makes a nice separate
function.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
358631ce by Volker Lendecke at 2023-06-30T11:43:46+00:00
smbd: Merge openat_pathref_fsp_nosymlink() into _internal()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jun 30 11:43:46 UTC 2023 on atb-devel-224
- - - - -
702bcbfc by Andrew Bartlett at 2023-06-30T14:00:38+00:00
build: Set minimum required GnuTLS version to 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eda1022b by Andrew Bartlett at 2023-06-30T14:00:38+00:00
crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
This removes a lot of inline #ifdef and means this feature is always tested.
We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c630afa3 by Andrew Bartlett at 2023-06-30T14:00:38+00:00
Remove check for gnutls_set_default_priority_append as it unused
This became unused with d30865014569f4b9a1261d9f0c40bc4fc98f883e
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
055318d7 by Andrew Bartlett at 2023-06-30T14:00:38+00:00
Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a815eead by Andrew Bartlett at 2023-06-30T14:00:38+00:00
Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a21ca8ac by Andrew Bartlett at 2023-06-30T14:00:38+00:00
Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certaintly that our tests are covering our codepaths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
95c843de by Andrew Bartlett at 2023-06-30T14:00:38+00:00
crypto: Remove aesni-intel accelerated AES crypto functions
These will shortly be unused as we will rely on GnuTLS for all AES cryptography
now that we require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
11b3c682 by Andrew Bartlett at 2023-06-30T14:00:38+00:00
Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
acd081a7 by Andrew Bartlett at 2023-06-30T14:59:46+00:00
build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED
I can not find the code that required this, even in the history.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 30 14:59:46 UTC 2023 on atb-devel-224
- - - - -
7f62b15c by Björn Jacke at 2023-07-02T16:50:36+00:00
winbindd_cache: adjust some debug levels to more appropriate severities
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7395c114 by Björn Jacke at 2023-07-02T16:50:36+00:00
winbindd_cache.c: move some some notice messages from ERR to NOTICE level
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd87991c by Björn Jacke at 2023-07-02T16:50:36+00:00
winbindd_cache.c: use DBG* macros instead of static log level numbers
Some log levels changed slightly because the macros don't cover all the
previously used levels.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4bb8b3d by Björn Jacke at 2023-07-02T16:50:36+00:00
garbage_collect_tombstones.c: move info log message to appropriate level
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
405e9ba5 by Björn Jacke at 2023-07-02T16:50:36+00:00
garbage_collect_tombstone.c: use DBG* macros instead of static numeric log levels
Some log levels changed slightly because the macros don't cover all the
previously used levels.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
868db989 by Björn Jacke at 2023-07-02T16:50:36+00:00
tallocmsg.c: move info log message to appropriate level
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6bee92e by Björn Jacke at 2023-07-02T16:50:36+00:00
wb_dsgetdcname.c: don't use statis log level numbers
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7475df4f by Björn Jacke at 2023-07-02T16:50:36+00:00
wb_dsgetdcname.c: move common message to higher log level
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b96ef92 by Björn Jacke at 2023-07-02T16:50:36+00:00
wb_dsgetdcname: log also the domain name for failures
Signed-off-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3119f6c2 by Stefan Metzmacher at 2023-07-02T17:42:56+00:00
wb_dsgetdcname: don't use stack variables for async code
This is not really a problem because we call ndr_push from
with a _send() function, but still we leave dangling pointers
arround...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Sun Jul 2 17:42:56 UTC 2023 on atb-devel-224
- - - - -
dbe95be8 by Volker Lendecke at 2023-07-03T19:40:35+00:00
utils3: Remove the "split_tokens" utility
This is not tested as far as I can see, and as this is explicity meant
as a testing utility I think we can live without it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
34fbfb04 by Volker Lendecke at 2023-07-03T19:40:35+00:00
smbclient3: Use talloc_asprintf(), no explicit SAFE_FREE required
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9907fd3e by Volker Lendecke at 2023-07-03T19:40:35+00:00
smbd: Avoid a direct reference to smb_messages[]
That's what we have smb_fn_name() for
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3ce869d by Volker Lendecke at 2023-07-03T19:40:35+00:00
smbd: Save 76 bytes of .text
Probably not really measurable, but as this is a pretty frequently
accessed table, maybe this saves us some cache misses. And it's very
cheap to get :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53c6f2fe by Volker Lendecke at 2023-07-03T19:40:35+00:00
tests: Enable a few tests for FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c7df6cea by Volker Lendecke at 2023-07-03T19:40:35+00:00
torture4: Fix an error message
The fsctl is called FSCTL_SET_ZERO_DATA
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6a24e7d by Volker Lendecke at 2023-07-03T19:40:35+00:00
error_inject: Reduce indentation with an early return
Review with "git show -b"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
79b07271 by Volker Lendecke at 2023-07-03T19:40:35+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1548c1e7 by Volker Lendecke at 2023-07-03T19:40:35+00:00
lib: Translate ENXIO to NT_STATUS_ILLEGAL_FUNCTION
ENXIO is returned when trying to openat() a unix domain socket or a
FIFO without anything at the other end. [MS-ERREF] has
ILLEGAL_FUNCTION as "The specified handle is not open to the server
end of the named pipe.", which comes pretty close to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d6befda by Volker Lendecke at 2023-07-03T19:40:35+00:00
lib: Move IO_REPARSE_TAG_NFS subtypes to toplevel
They should be generally available
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c8fbf15 by Volker Lendecke at 2023-07-03T20:40:05+00:00
build: We don't need SEEKDIR_RETURNS_VOID
We don't call seekdir() in source3 anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 3 20:40:05 UTC 2023 on atb-devel-224
- - - - -
3522cddf by Andrew Bartlett at 2023-07-04T07:42:35+00:00
libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
We now require a GnuTLS version that is not impacted for AES-GCM
(fixed in 3.6.11, we require 3.6.13).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 4 07:42:35 UTC 2023 on atb-devel-224
- - - - -
3233fc03 by Andreas Schneider at 2023-07-05T06:34:32+00:00
python:tests: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2bba3ef2 by Andreas Schneider at 2023-07-05T06:34:32+00:00
script: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
60b02126 by Andreas Schneider at 2023-07-05T06:34:32+00:00
selftest: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e57f034f by Andreas Schneider at 2023-07-05T06:34:32+00:00
s3:auth: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ef5ab45b by Andreas Schneider at 2023-07-05T06:34:32+00:00
s3:auth: Use new debug macros for logging
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a26c00db by Andreas Schneider at 2023-07-05T06:34:32+00:00
s4:client: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0bfdefff by Andreas Schneider at 2023-07-05T07:32:15+00:00
s3:include: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 5 07:32:15 UTC 2023 on atb-devel-224
- - - - -
bf7fbf7e by Günther Deschner at 2023-07-05T09:23:22+00:00
s3-net: no secrets access required when processing a ODJ provisioning
It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 5 09:23:22 UTC 2023 on atb-devel-224
- - - - -
6965e772 by Stefan Metzmacher at 2023-07-05T11:17:43+00:00
s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries
Commit 8132edf119757ee91070facffef016c93de9c2a6 introduced a retry loop
arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0
for the retries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jul 5 11:17:43 UTC 2023 on atb-devel-224
- - - - -
aeb5b0ad by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tools: Avoid ShellCheck warning SC2317
New in ShellCheck 0.9.0:
SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
37105add by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-scripts: Avoid ShellCheck warnings SC2317, SC2086
New in ShellCheck 0.9.0:
SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).
Also:
SC2086 (info): Double quote to prevent globbing and word splitting.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
92f17474 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Avoid ShellCheck warning SC2086
SC2086 Double quote to prevent globbing and word splitting.
Apparently ShellCheck is more picky about some of these than it used
to be.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7813c979 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Drop unused test code for tunables
This is unused since loading tunables was moved to ctdbd.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cbda1a78 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn"
Best reviewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1190c910 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Drop unreachable code
This generates ShellCheck warnings:
In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 412:
if [ -n "$service_check_cmd" ]; then
^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.
In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 413:
if eval "$service_check_cmd"; then
^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.
service_check_cmd will never be set here because it is only set in a
sub-shell in rpc_set_service_failure_response().
This reverts some of commit 713ec217507d2f0d5f516efc45c8cd8773fccc14.
If testcases requiring use of service_check_cmd are later added then
this will need to be redone properly. This would probably start by
renaming this function nfs_iterate_rpc_test().
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
58a117d3 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005
In ./tests/UNIT/eventscripts/scripts/local.sh line 328:
echo $(ctdb ifaces -X | awk -F'|' 'FNR > 1 {print $2}')
^-- SC2046 (warning): Quote this to prevent word splitting.
^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
Use xargs to get output on 1 line.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a45a76fd by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Avoid ShellCheck warning SC2059
SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".
Move the format string to the function and just parameterise the share
type.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b2026e92 by Martin Schwenke at 2023-07-05T11:18:37+00:00
ctdb-tests: Avoid ShellCheck warnings
These are all trivial, so handle them in bulk.
* Change code to avoid (approximately sorted by frequency):
SC2004 $/${} is unnecessary on arithmetic variables.
SC2086 Double quote to prevent globbing and word splitting.
SC2162 read without -r will mangle backslashes.
SC2254 Quote expansions in case patterns to match literally rather than as a glob.
SC2154 (warning): <variable> is referenced but not assigned.
SC3037 (warning): In POSIX sh, echo flags are undefined.
SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.
SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ cmd > file; } 2>&1' to clarify).
SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
SC2223 (info): This default assignment may cause DoS due to globbing. Quote it.
* Locally disable checks:
SC2034 (warning): <variable> appears unused. Verify use (or export if used externally).
SC2086 (info): Double quote to prevent globbing and word splitting. [once]
SC2120 (warning): <function> references arguments, but none are ever passed.
SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).
While touching reads for SC2162, switch unused variables to "_"
instead of "_x", which seems to be preferred by ShellCheck.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d2940694 by Martin Schwenke at 2023-07-05T12:16:56+00:00
ctdb-tests: Run ShellCheck on event-script unit test support scripts
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Jul 5 12:16:57 UTC 2023 on atb-devel-224
- - - - -
cb59fd43 by Stefan Metzmacher at 2023-07-05T12:17:37+00:00
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4ad5a35a by Stefan Metzmacher at 2023-07-05T12:17:38+00:00
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0cb6de4b by Stefan Metzmacher at 2023-07-05T12:17:38+00:00
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
Otherwise we could treat a local problem as non-authoritative.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b317b10d by Stefan Metzmacher at 2023-07-05T12:17:38+00:00
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
50e771c1 by Stefan Metzmacher at 2023-07-05T12:17:38+00:00
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.
This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
083fe1c2 by Ralph Boehme at 2023-07-05T13:14:08+00:00
smbd: call exit_server_cleanly() to avoid panicking
The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.
However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.
Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224
- - - - -
2af9c65f by Pavel Filipenský at 2023-07-05T19:26:31+00:00
s3:tests: Add rpcclient 'dfsgetinfo' test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c10f539 by Pavel Filipenský at 2023-07-05T19:26:31+00:00
s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f073f25 by Pavel Filipenský at 2023-07-05T20:24:35+00:00
s3:rpc_server: Fix double blackslash issue in dfs path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224
- - - - -
47b6696d by Joseph Sutton at 2023-07-07T00:17:31+00:00
librpc:ndr: Fix overflow in ndr_push_expand
If ‘size’ was equal to UINT32_MAX, the expression ‘size+1’ could
overflow to zero.
This could result in inadequate memory being allocated, which could
cause ndr_pull_compression_xpress_huff_raw_chunk() to overflow memory
with zero bytes.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15415
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
edad9453 by Joseph Sutton at 2023-07-07T01:14:06+00:00
librpc/nbt: Avoid reading invalid member of union
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.
To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.
This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Jul 7 01:14:06 UTC 2023 on atb-devel-224
- - - - -
51d0445a by Martin Schwenke at 2023-07-10T14:21:30+00:00
ctdb-logging: Really make NOTICE the default debug level
NOTICE level debug messages in common/run_event.c are not logged by
default.
Currently eventd ends up using ERROR, since this is specified as
LOGGING_LOG_LEVEL_DEFAULT. It doesn't inherit the debug level from
ctdbd and only uses NOTICE level when interactive.
Change the real logging default to NOTICE and use it everywhere.
Followups might be:
* Remove the default_log_level argument to logging_conf_init()
* Kick eventd to update debug level when "ctdb setdebug" is used
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6dac1da9 by Martin Schwenke at 2023-07-10T14:21:30+00:00
ctdb-tools: Fix a typo in a log message
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reported-by: Ulrich Sibiller <ulrich.sibiller at atos.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
60bf6f68 by Martin Schwenke at 2023-07-10T14:21:30+00:00
ctdb-tools: Switch tickle ACK sending message to INFO level
DEBUG level logging in ctdb_killtcp is very noisy. The most important
messages when debugging are those for tickle ACKs and TCP RSTs. TCP
RSTs are already logged at INFO level, so promote tickle ACKs to INFO
level too.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
61dfc8bc by Martin Schwenke at 2023-07-10T15:15:06+00:00
ctdb-server: Avoid logging a count of 0 resent calls
This fixes a little thinko in commit
80de84d36e9c29d9506976f991560fb5dde99471, where this was overlooked.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Jul 10 15:15:06 UTC 2023 on atb-devel-224
- - - - -
4da50463 by Ralph Boehme at 2023-07-10T21:32:32+00:00
smbd: don't leak the fsp if close_file_smb() fails
This can happen if DELETE-ON-CLOSE is set, but the deletion fails for some
reason.
The bug was introduced by 1808e5c133474eabc9d3cf91c2a92ec4d92d9fdd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15417
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 10 21:32:32 UTC 2023 on atb-devel-224
- - - - -
6989ec38 by Martin Schwenke at 2023-07-10T22:49:31+00:00
docs-xml: Fix rid idmap backend documentation
The statement just above the example says the example demonstrates the
use of the base_rid parameter. It doesn't, so fix this.
Also fix a typo.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f76b980 by Martin Schwenke at 2023-07-10T22:49:31+00:00
docs-xml: Tweak autorid idmap backend documentation
The name of the placeholder is misleading. It certainly isn't per
domain, so we might as well indicate that it is per range.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
230f8db4 by Martin Schwenke at 2023-07-10T23:47:12+00:00
docs-xml: Fix script idmap backend documentation
This was clearly copied from the tdb2 backend and incompletely edited.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Jul 10 23:47:12 UTC 2023 on atb-devel-224
- - - - -
05e2ec1d by Douglas Bagnall at 2023-07-11T22:44:15+00:00
configure: ensure sizeof(int) >= 4
There are multiple places we make this assumption. For example, in
source3/lib/tldap.c, we have this line
if (ld->msgid == 2147483647) {
where ld->msgid is an int. And in librpc/idl/security.idl we have
several lines like:
const int SEC_MASK_GENERIC = 0xF0000000;
In lib/replace/inet_pton.c and inet_ntop.c we have
/*
* WARNING: Don't even consider trying to compile this on a system where
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
but no attempt to enforce that as far as I can see, until now.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 11 22:44:15 UTC 2023 on atb-devel-224
- - - - -
acd846aa by Andreas Schneider at 2023-07-13T05:41:36+00:00
examples: Make codespell happy
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
3d4235eb by Andreas Schneider at 2023-07-13T05:41:36+00:00
examples: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
bb0297da by Andreas Schneider at 2023-07-13T05:41:36+00:00
python: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
929ed480 by Andreas Schneider at 2023-07-13T05:41:36+00:00
python:tests: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
ba5b1f63 by Andreas Schneider at 2023-07-13T05:41:36+00:00
s3:include: Remove trailing whitepaces in MacExtensions.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
09d2e589 by Andreas Schneider at 2023-07-13T05:41:36+00:00
s3:include: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
71b40127 by Andreas Schneider at 2023-07-13T05:41:36+00:00
s3:lib: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
939ec7ea by Andreas Schneider at 2023-07-13T05:41:36+00:00
s3:libads: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
5a5cccce by Andreas Schneider at 2023-07-13T06:34:01+00:00
s3:libsmb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 13 06:34:01 UTC 2023 on atb-devel-224
- - - - -
5f87888e by Stefan Metzmacher at 2023-07-17T06:37:31+00:00
netlogon.idl: add support for netr_LogonGetCapabilities response level 2
We don't have any documentation about this yet, but tests against
a Windows Server 2022 patched with KB5028166 revealed that
the response for query_level=2 is exactly the same as
for querey_level=1.
Until we know the reason for query_level=2 we won't
use it as client nor support it in the server, but
we want ndrdump to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
404ce08e by Stefan Metzmacher at 2023-07-17T06:37:31+00:00
s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels
The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
for unsupported query_levels, we allow it to work with servers
with or without support for query_level=2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5f1097b by Stefan Metzmacher at 2023-07-17T06:37:31+00:00
s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfeabce4 by Stefan Metzmacher at 2023-07-17T07:35:09+00:00
s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224
- - - - -
573e5e06 by Andreas Schneider at 2023-07-17T11:46:29+00:00
example: Remove outdated config files from tridge
I don't think he still runs Windows 95 ...
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9107c55 by Andreas Schneider at 2023-07-17T11:46:29+00:00
examples: Remove outdated validchars
I don't think we even look into this anymore and have other tests in
place.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f033268 by Andreas Schneider at 2023-07-17T11:46:29+00:00
wscript: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f64add99 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:librpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b746f777 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:locking: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b64308f2 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:modules: Remove trailing white spaces of vfs_hpuxacl.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
005a78ee by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:modules: Remove trailing white spaces of README.nfs4acls.txt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d2ec674 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:modules: Remove fruit:ressource option with incorrect spelling
The plan was to remove it in 4.7. I think it is safe to remove it with
4.19.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
856b5abc by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:modules: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c2338f3 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:nmbd: Fix trailing white spaces in nmbd.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e1f1a8a by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:nmbd: Fix trailing white spaces in nmbd_incomingdgrams.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ff51f86 by Andreas Schneider at 2023-07-17T11:46:29+00:00
s3:nmbd: Fix trailing white spaces in nmbd_incomingrequests.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d2c68f2 by Andreas Schneider at 2023-07-17T12:41:21+00:00
s3:nmbd: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 17 12:41:21 UTC 2023 on atb-devel-224
- - - - -
97cde6f9 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d2c267a by Joseph Sutton at 2023-07-19T01:47:33+00:00
s4:kdc: Fix wrong debug message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d818ed64 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add PKINIT error codes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a0bde46 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add PKINIT typed data errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
477fbd7b by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add PKINIT pre-authentication types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef9ffbac by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add PK-INIT ASN1 definitions and include licence
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
7f9547fd by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Refactor encryption type selection
Add and use some methods to calculate the highest supported AES and RC4
encryption types, respectively.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7584e7a3 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add helper methods for PK-INIT testing
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
699d2110 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Allow KerberosCredentials to have associated RSA private key
This is needed for PK-INIT testing.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ea1c559 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add PK-INIT testing framework
To run these tests standalone, you will need the certificate and private
key of the Certificate Authority. These can be specified together in the
same file with the environment variable CA_CERT, or the private key may
be specified in its own file with CA_PRIVATE_KEY.
If either of these files are encrypted, you can specify the password in
the environment variable CA_PASS.
These tests create a new certificate for the user account, signed with
the private key of the Certificate Authority. We negotiate the reply key
with either of the public-key and Diffie-Hellman PK-INIT variants, and
use the reply key to decrypt the enc-part in the response. We also check
that the KDC’s signatures are valid.
Most of the failures with the Heimdal KDC are due to the wrong nonce
being returned in the reply compared to Windows, which issue is simple
enough to correct.
An example command line for manual testing against Windows:
SMB_CONF_PATH=ad_dc.conf KRB5_CONFIG=krb5.conf SERVICE_USERNAME=win2k19-dc.example.com ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass ADMIN_KVNO=1 FOR_USER=Administrator USERNAME=Administrator PASSWORD=locDCpass DC_SERVER=win2k19-dc.example.com SERVER=win2k19-dc.example.com DOMAIN=example REALM=example.com PYTHONPATH=bin/python STRICT_CHECKING=1 FAST_SUPPORT=1 CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 TKT_SIG_SUPPORT=1 FULL_SIG_SUPPORT=1 GNUTLS_PBKDF2_SUPPORT=1 EXPECT_PAC=1 EXPECT_EXTRA_PAC_BUFFERS=1 CHECK_CNAME=1 CHECK_PADATA=1 KADMIN_IS_TGS=0 FORCED_RC4=1 DEFAULT_ETYPES=36 CA_CERT=./win2k19-ca.pfx CA_PASS=1234 python3 python/samba/tests/krb5/pkinit_tests.py
To set up windows for this I first installed an Certificate Authority with an Enterprise CA.
Then I exported the private key and certificate of the CA:
1. go into the Certification Authority snap-in for the relevant computer,
2. right-clicking the CA
3. clicking ‘All Tasks’ → ‘Back up CA...’
4. and exporting the private key and CA certificate.
(I downloaded the resulting file via smbclient).
After setting up an Enterprise CA, I also needed to edit the domain
controller GPO to enable auto-enrollment, otherwise Windows would
refuse to accept as legitimate any certificates provided by the client.
That can be done by first enabling the policy:
‘Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Certificate Services Client — Auto-Enrollment’,
and then ticking both ‘Renew expired certificates…’ and ‘Update certificates…’)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97ead777 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Check PAC_TYPE_CREDENTIAL_INFO PAC buffer
When PK-INIT is performed, check that the buffer is as expected and
contains the correct NT hash.
The PK-INIT tests now pass against Windows Server 2019.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14985
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7393da2 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Remove unused methods
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ecc62bc1 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add tests for PK-INIT Freshness Extension (RFC 8070)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af97579f by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Add ASN.1 definitions for Windows 2000 PK-INIT
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5bfccbb7 by Joseph Sutton at 2023-07-19T01:47:33+00:00
tests/krb5: Test Windows 2000 variant of PK-INIT
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a25f549e by Joseph Sutton at 2023-07-19T01:47:34+00:00
third_party/heimdal: Import lorikeet-heimdal-202307040259 (commit 33d117b8a9c11714ef709e63a005d87e34b9bfde)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
73403510 by Joseph Sutton at 2023-07-19T01:47:34+00:00
third_party/heimdal_build: Make Heimdal version strings const
This is to adapt to Heimdal:
commit 997916e3f67d70bb52674829615c50455918fbb3
Author: Taylor R Campbell <campbell+heimdal at mumble.net>
Date: Sun May 28 20:34:34 2023 +0000
krb5: Make heimdal_version and heimdal_long_version const.
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db64b276 by Joseph Sutton at 2023-07-19T01:47:34+00:00
s4:kdc: Add auth_data_reqd flag to SDBFlags
This is to adapt to Heimdal:
commit 3c4548025c0a239ff580e7974939185eadf1856b
Author: Nicolas Williams <nico at twosigma.com>
Date: Sun Jun 4 22:54:03 2023 -0500
hdb: Add auth-data-reqd flag
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce978674 by Joseph Sutton at 2023-07-19T01:47:34+00:00
tests/krb5: Factor out a method to create a certificate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01196cc7 by Joseph Sutton at 2023-07-19T01:47:34+00:00
tests/krb5: Factor out a method to fetch the CA certificate and private key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b73a01ee by Joseph Sutton at 2023-07-19T01:47:34+00:00
tests/krb5: Have the caller of create_certificate() fetch the CA certificate and private key
These are useful to keep around for other purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ab15cf1 by Joseph Sutton at 2023-07-19T01:47:34+00:00
tests/krb5: Allow passing a pre-created certificate into _pkinit_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90b240be by Joseph Sutton at 2023-07-19T01:47:34+00:00
tests/krb5: Add a test for PK-INIT with a revoked certificate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
81058c60 by Joseph Sutton at 2023-07-19T02:41:25+00:00
third_party/heimdal: Import lorikeet-heimdal-202307050413 (commit e0597fe1d01b109e64d9c2a5bcada664ac199498)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jul 19 02:41:25 UTC 2023 on atb-devel-224
- - - - -
56ee153c by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
netlogon.idl: add some comments to netr_OsVersionInfoEx
[MS-RPRN] 7 Appendix B: Product Behavior contains information
about the products and their announced versions.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85080ba9 by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
ldapcmp: also ignore operatingSystem similar to operatingSystemVersion
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16865d6d by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
upgradeprovision: handle operatingSystem similar to operatingSystemVersion
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b058b39f by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
s4:dsdb: let dsdb_check_and_update_fl() also operatingSystem[Version]
Some clients (e.g. an exchange server) check operatingSystemVersion
in order to check if a domain controller is new enough.
So we better use a value matching the dc functional level.
While we also fixed operatingSystem[Version] at provision time,
we do it also in dsdb_check_and_update_fl() in order to
handle old provisions and systems joined to an existing domain.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a79bed4 by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
s4:pydsdb: add dc_operatingSystemVersion() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ed1ba6f by Stefan Metzmacher at 2023-07-19T03:31:30+00:00
s4:provision: use better values for operatingSystem[Version]
Some clients (e.g. an exchange server) check operatingSystemVersion
in order to check if a domain controller is new enough.
So we better use a value matching the dc functional level.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ad28bd7 by Douglas Bagnall at 2023-07-19T03:31:30+00:00
lib/fuzzing: add fuzz_sddl_access_check
This fuzzer parses SDDL into a security descriptor and runs an access
check on it using a known security token. This is purely for crash
detection -- we don't know enough to assert whether the check should
succeed or not.
The seed strings used are compatible with those of fuzz_sddl_parse --
anything found by fuzz_sddl_parse is worth trying as a seed here, and
vice versa.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb2bed38 by Douglas Bagnall at 2023-07-19T03:31:30+00:00
lib/fuzzing: add fuzzer for arbitrary token/sd access checks
The token and descriptor are stored in NDR format; for this purpose we
add a new IDL struct containing this pair (along with a desired access
mask).
An upcoming commit will show how to collect seeds for this fuzzer.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89b02bad by Douglas Bagnall at 2023-07-19T03:31:30+00:00
lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant
This of course doesn't exercise the object tree or default SID code,
but it still covers a lot to the *_ds access_check functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ea606da by Douglas Bagnall at 2023-07-19T03:31:30+00:00
lib/fuzzing: adapt fuzz_sddl_access_check for AD variant
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f050124a by Douglas Bagnall at 2023-07-19T03:31:30+00:00
lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds
If this patch is applied, and an environment variable is set, all
access_check calls will be recorded as seeds for
fuzz_security_token_vs_descriptor. See the patch for details.
You probably will never want to apply this patch, but it is here just
in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f69220f by Andrew Bartlett at 2023-07-19T03:31:30+00:00
WHATSNEW: Update minimum GnuTLS version
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b9d01c64 by Rob van der Linde at 2023-07-19T03:31:30+00:00
netcmd: add Subnet and Site models
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
752eae68 by Rob van der Linde at 2023-07-19T03:31:30+00:00
netcmd: add list and view commands for sites and subnets
* samba-tool sites list
* samba-tool sites view
* samba-tool sites subnet list
* samba-tool sites subnet view
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3cf81e98 by Rob van der Linde at 2023-07-19T03:31:30+00:00
netcmd: sites: make use of ldb_connect from base class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5e4a6cd7 by Rob van der Linde at 2023-07-19T03:31:30+00:00
netcmd: sites: tests for list and view sites and subnet
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7f7d6857 by Rob van der Linde at 2023-07-19T03:31:30+00:00
netcmd: sites: add missing subnet commands to samba-tool manpage
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bb6fecd9 by Rob van der Linde at 2023-07-19T04:29:15+00:00
netcmd: sites: add sites and subnet list and view commands to manpage
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jul 19 04:29:15 UTC 2023 on atb-devel-224
- - - - -
791e2817 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
talloc: release 2.4.1
* Remove remaining, but broken python2 support
* Spelling fixes
* Remove unneeded va_copy()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b649c7d3 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tdb: release 1.4.9
* Remove remaining, but broken python2 support
* Spelling fixes
* python: Safely clear structure members
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0daa9ebc by Dmitry Antipov at 2023-07-19T08:02:33+00:00
lib:replace: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a665d44f by Dmitry Antipov at 2023-07-19T08:02:33+00:00
tevent: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface,
thus saving extra fcntl(2) call to set FD_CLOEXEC.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
18e18006 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
ldb: remove trailing whitespaces from include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8edb16a3 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
ldb: clarify LGPL scope of include/dlinklist.h
Removing the explicit notice about ldb in order to
have the same content in all copies of dlinklist.h
in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e3c77030 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
lib/util: dlinklist.h sync with LGPL copy from lib/ldb/include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c1124ec8 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: add tevent_dlinklist.h as copy from lib/util/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28ddcaf4 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
e9f38f6e by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Move definition of _DEPRECATED_ to the top of tevent.h
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1c9e9f46 by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Deprecate some tevent_thread_call_depth_*() functions
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fb3a9cd7 by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Flow: pass function name to tevent_req_create()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
deec9994 by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Flow: store callback function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5e83691d by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Flow: store trigger function name in tevent_queue_entry
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
85e43e70 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: Flow: store cancel function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
0c4d6e63 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: Flow: store cleanup function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
d7b29125 by Pavel Filipenský at 2023-07-19T08:02:33+00:00
tevent: Flow: add tevent_thread_call_depth_set_callback()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
86140d7c by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: add fd_speed test
This is similar to the "context" test, but without signal handlers.
It also creates a constant load instead of being time limited,
which makes it useful to analyse using callgrind and other tools.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2c78a4f5 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: introduce tevent_set_max_debug_level() (default TEVENT_DEBUG_WARNING)
Allow an application to decide which log levels it wants to get
in the callback function passed to tevent_set_debug().
By default TEVENT_DEBUG_WARNING is the maximal reported level
and TEVENT_DEBUG_TRACE message no longer reach the callback function
by default.
It seems Samba is the only consumer of tevent_set_debug(), so it
should not be a huge problem, as Samba only reports TEVENT_DEBUG_TRACE
message with log level 50 anyway. And future Samba versions will
call tevent_set_max_debug_level() if needed.
Note the change to tevent-0.14.1.sigs will be reverted
with the release of tevent 0.15.0.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
812313f1 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: add TEVENT_DEBUG() avoid argument overhead when log is not active...
It can be very costly to calculate the arguments passed to
tevent_debug(), just to drop the message within tevent_debug()
or the callback function.
So we add a way to avoid the overhead, it will be used in the
next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d94b9c81 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: make use of TEVENT_DEBUG() when using TEVENT_DEBUG_TRACE
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3217d5dc by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: avoid epoll_check_reopen() overhead unless required
The preparation, function call and cleanup for epoll_check_reopen()
is quite some overhead and not needed most of the time!
So check the pid in the caller avoids most of it.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e9d98097 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: let epoll_check_reopen() clear all events before reopening them
This is clearer for multiplexed fdes as it means both sides are
already cleared before we call epoll_update_event() again.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2645be60 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: avoid calling epoll_update_event() again if epoll_check_reopen() already did it
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0ddf8b56 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: add tevent_common_fd_str() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a80d170 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
tevent: version 0.15.0
- remove py2 ifdefs
- python: Safely clear structure members
- the tevent_thread_call_depth API is updated
in order to allow better tracing.
- add tevent_set_max_debug_level() only and don't
pass TEVENT_DEBUG_TRACE to tevent_debug() callbacks by default.
- Spelling fixes
- Make use of epoll_create1() for epoll backend
- Optimize overhead in the epoll backend
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0031a102 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
lib/util: call tevent_set_max_debug_level() in samba_tevent_set_debug()
This means samba_tevent_debug() is only called when needed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
24120728 by Stefan Metzmacher at 2023-07-19T08:02:33+00:00
ldb: call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) together with ldb_tevent_debug()
This means ldb_tevent_debug() is only called for TEVENT_DEBUG_TRACE.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5b130e62 by Pavel Filipenský at 2023-07-19T08:02:33+00:00
s3:winbind: Add callback winbind_call_flow()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a1b2f17c by Pavel Filipenský at 2023-07-19T08:02:33+00:00
s3:winbind: Update winbind to tevent 0.15.0 API
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7c0a1c1e by Pavel Filipenský at 2023-07-19T09:00:50+00:00
s3:winbind: Set/unset the winbind_call_flow callback if log level changes
Done only for the parent process. Works with 'smbcontrol reload-config'
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 19 09:00:50 UTC 2023 on atb-devel-224
- - - - -
dbbede40 by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-utils: Drop unused scsi_io.c source file
It will be in the git history if we ever decide to use SCSI persistent
reservations as a cluster lock.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4deb178e by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-doc: Correct bit-rotted documenation
Loading tunables is now done in ctdbd, so find another example for the
"setup" event.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
862fc577 by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb: Do not use egrep
On some platforms, egrep prints a deprecation warning to stderr:
egrep: warning: egrep is obsolescent; using grep -E
Use grep -E instead.
This is nice and simple, so no use splitting this commit into 2
separate commits for each of tools and test.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2e2d81b9 by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-recoverd: CID 1509028 - Use of 32-bit time_t (Y2K38_SAFETY)
usecs is going to be passed as a uint32_t. There is no need to
calculate it as a time_t.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
59c5010b by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0ac94137 by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ef15a34d by Martin Schwenke at 2023-07-19T09:01:33+00:00
ctdb-scripts: Support script logging to stderr
Logging in statd-callout tests is currently useless. This will
provide a way of seeing errors in those tests.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6e4c7ae9 by Martin Schwenke at 2023-07-19T09:57:37+00:00
ctdb-tests: Log to stderr in statd-callout tests
Errors logged when testing statd-callout don't currently go anywhere.
This is because arguments to the hacked version of script_log() are
ignored.
Remove the hack and configure logging to stderr.
This could go in the local statd-callout.sh setup script. However,
make it available for other script tests.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Jul 19 09:57:37 UTC 2023 on atb-devel-224
- - - - -
f8d5e70a by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:param: Rename bLoaded global variable
This makes codespell happy.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
57047ca5 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:param: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d41702ab by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:passdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d8dd743f by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:printing: Fix trailing white spaces in print_iprint.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
73abbd14 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:printing: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1517fd17 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:printing: Rename variably to dummy to make codespell happy
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6a359944 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:registry: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4a817b16 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:rpc_client: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9826fd45 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:rpc_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
18dd3f3d by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:script: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9fd80929 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:selftest: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
26d9da15 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:smbd: Fix trailing white spaces in dmapi.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
feee2018 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:smbd: Fix trailing white spaces in quotas.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
7077ae40 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:smbd: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4cff8160 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:torture: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
746ef717 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:utils: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
83b58255 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:winbindd: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
fb4bb188 by Andreas Schneider at 2023-07-19T09:58:37+00:00
s3:waf: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
76b0530e by Stefan Metzmacher at 2023-07-19T09:58:37+00:00
s4:dns_server: defer calling werr_to_dns_err() in a central place
The WERROR codes are much more verbose and it's better to
keep them until we really need the mapping to DNS error codes.
This will allow us to create much better debug messages in
the next commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
40fb810d by Stefan Metzmacher at 2023-07-19T09:58:37+00:00
s4:dns_server: Add some more debugging in order to find problems with level 10 logs
We had customer problems where level 10 logs were not good enough in
order to find the reason for failing dns updates.
With the new debug message there's at least a chance to
find out what the problem could be.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
80177201 by Andreas Schneider at 2023-07-19T10:57:27+00:00
Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon"
This reverts commit 28ddcaf4d8ebb7a4e3498518580ff71662d3cee0.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 19 10:57:27 UTC 2023 on atb-devel-224
- - - - -
6539f1e4 by Pavel Filipenský at 2023-07-20T10:38:19+00:00
s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking
Call depth is not working for winbindd_list_users_send as expected,
it is visible in the flow traces:
-> process_request_send
-> winbindd_list_users_send
-> wb_query_user_list_send
It should look like:
-> process_request_send
-> winbindd_list_users_send
-> wb_query_user_list_send
Tevent call depth tracking internal implementation relies on the fact
that the talloc memory context has type "struct tevent_req".
Then it can obtain the depth from the parent and increment it by one.
The implementation of winbindd_list_users_send() is passing to
wb_query_user_list_send() context of type
"struct winbindd_list_users_state", and from there the parent
"struct tevent_req" cannot be identified.
So we will pass as TALLOC_CTX 'state' instead of 'state->domains'.
After the call, we can reparent back.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Thu Jul 20 10:38:19 UTC 2023 on atb-devel-224
- - - - -
16386bfd by Pavel Filipenský at 2023-07-20T18:16:37+00:00
docs-xml:manpages: Fix tabs in samba-log-parser.1.xml
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ca5cc05b by Pavel Filipenský at 2023-07-20T19:14:05+00:00
s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser
For --merge-by-timestamp the traces do not need to contain the traceid
header field.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Thu Jul 20 19:14:05 UTC 2023 on atb-devel-224
- - - - -
980c1565 by Dmitry Antipov at 2023-07-21T01:25:36+00:00
s4:param: replace calls to deprecated Python methods
Replace calls to (obsolete but still stable)
PyEval_CallObjectWithKeywords() with PyObject_Call()
by using trivial wrapper.
Signed-off-by: Dmitry Antipov <dantipov at cloudlinux.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adjusted to always use the PyObject_Call()
as it is available in all of Samba's supported python versions]
- - - - -
0ee8c263 by Andrew Bartlett at 2023-07-21T01:25:36+00:00
WHATSNEW: Add text on PKINIT Certificate Revocation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fb27e01b by Andrew Bartlett at 2023-07-21T01:25:36+00:00
WHATSNEW: Include info on new samba-tool features
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
29310f27 by Andrew Bartlett at 2023-07-21T01:25:36+00:00
WHATSNEW: PKINIT testing
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fbed6d80 by Andrew Bartlett at 2023-07-21T01:25:37+00:00
WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6844def6 by Andrew Bartlett at 2023-07-21T01:25:37+00:00
WHATSNEW: Mention Heimdal updates
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b9667bc2 by Andrew Bartlett at 2023-07-21T01:25:37+00:00
WHATSNEW: FAST support, Claims compression, SID compression
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3f253002 by Andrew Bartlett at 2023-07-21T01:25:37+00:00
WHATSNEW: mention KDC auditing
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5e473cba by Andrew Bartlett at 2023-07-21T01:25:37+00:00
WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e401ae44 by Noel Power at 2023-07-21T01:25:37+00:00
python/samba: Adjust tarfile extraction filter
The 'data_filter' is far too restrictive, this filter doesn't apply any
mode bits to directories which in turn will result in unexpected
directory permissions of the amongst others msg.[ls]ock directories.
With 'data_filter' and a 'patched' python at best we experience
CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server
startup failures, at worst user/admins will need to adjust directory
permissions post backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31098992 by Andrew Bartlett at 2023-07-21T01:25:37+00:00
lib/fault: During smb_panic() print process comment and setprocname() title
The purpose of this is to make it clear which part of the AD DC (in particular)
has faulted without having to deduce it from the stacktrace.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0da6cc71 by Joseph Sutton at 2023-07-21T02:19:48+00:00
claims.idl: Fix AD claims encoding
Up to now we have been absorbing the discriminant in the NDR padding,
and setting it to zero in the push. But if the discriminant is not set
correctly, Windows will refuse to regard any of the claims.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jul 21 02:19:48 UTC 2023 on atb-devel-224
- - - - -
848fea1a by Andrew Bartlett at 2023-07-21T05:23:32+00:00
lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fd81759e by Andrew Bartlett at 2023-07-21T05:23:32+00:00
python: Move PyList_AsStringList to common code so we can reuse
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5afd206d by Andrew Bartlett at 2023-07-21T05:23:32+00:00
python: Remove const from PyList_AsStringList()
The returned strings are not owned by python, so need not be const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3f9e4558 by Andrew Bartlett at 2023-07-21T05:23:32+00:00
python: Add glue.burn_commandline() method
This uses samba_cmdline_burn() to as to have common
command line redaction code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a53ebc28 by Andrew Bartlett at 2023-07-21T05:23:32+00:00
samba-tool: Use samba.glue.get_burnt_cmdline rather than regex
This use avoids having two different methods to match on command-line
passwords. We already have a dependency on the setproctitle python
module, and this does not change as the (C) libbsd setproctitle()
can't be run from within a python module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
414b3803 by Andrew Bartlett at 2023-07-21T05:23:32+00:00
lib/cmdline: Also burn the --password2 parameter if given
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
76ad44f4 by Andrew Bartlett at 2023-07-21T06:16:30+00:00
lib/cmdline: Also redact --newpassword in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jul 21 06:16:30 UTC 2023 on atb-devel-224
- - - - -
b2de7173 by Volker Lendecke at 2023-07-21T12:05:35+00:00
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
e067c523 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2022-2127: ntlm_auth: cap lanman response length value
We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
lm_resp buffer, but we don't cap the length indicator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
10b6890d by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34966: CI: test for sl_unpack_loop()
Send a maliciously crafted packet where a nil type has a subcount of 0. This
triggers an endless loop in mdssvc sl_unpack_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
38664163 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34966: mdssvc: harden sl_unpack_loop()
A malicious client could send a packet where subcount is zero, leading to a busy
loop because
count -= subcount
=> count -= 0
=> while (count > 0)
loops forever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
3b3c30e2 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key()
Sends a maliciously crafted packet where the value in a key/value style
dictionary for the "scope" key is a simple string object whereas the server
expects an array. As the server doesn't perform type validation on the value, it
crashes when trying to use the "simple" object as a "complex" one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
4c60e35a by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key()
Change the dalloc_value_for_key() function to require an additional final
argument which denotes the expected type of the value associated with a key. If
the types don't match, return NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
02552493 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map
Prepare for the "path" being a fake path and not the real server-side
path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
got stat info for the object in mds_add_result() so we can just pass stat info
from there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
70184ef3 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties()
We were adding the value, but not the key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
617fe37c by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob
d is talloc_free()d at the end of the functions and the buffer was later used
after beeing freed in the DCERPC layer when sending the packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e85e09ee by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdscli: remove response blob allocation
This is handled by the NDR code transparently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6d77daa3 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c9efa96 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: rpcclient: remove response blob allocation
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
33b82c61 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: remove response blob allocation
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac9008a2 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: switch to doing an early return
Just reduce indentation of the code handling the success case. No change in
behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d402c0cc by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack()
sl_pack_alloc() does the buffer allocation that previously all callers of
sl_pack() did themselves.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
94fcbec8 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdscli: return share relative paths
The next commit will change the Samba Spotlight server to return absolute paths
that start with the sharename as "/SHARENAME/..." followed by the share path
relative appended.
So given a share
[spotlight]
path = /foo/bar
spotlight = yes
and a file inside this share with a full path of
/foo/bar/dir/file
previously a search that matched this file would returns the absolute
server-side pato of the file, ie
/foo/bar/dir/file
This will be change to
/spotlight/dir/file
As currently the mdscli library and hence the mdsearch tool print out these
paths returned from the server, we have to change the output to accomodate these
fake paths. The only way to do this sensibly is by makeing the paths relative to
the containing share, so just
dir/file
in the example above.
The client learns about the share root path prefix – real server-side of fake in
the future – in an initial handshake in the "share_path" out argument of the
mdssvc_open() RPC call, so the client can use this path to convert the absolute
path to relative.
There is however an additional twist: the macOS Spotlight server prefixes this
absolute path with another prefix, typically "/System/Volumes/Data", so in the
example above the full path for the same search would be
/System/Volumes/Data/foo/bar/dir/file
So macOS does return the full server-side path too, just prefixed with an
additional path. This path prefixed can be queried by the client in the
mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
just returns "/" for this.
Currently the mdscli library doesn't issue this Spotlight RPC
request (fetchPropertiesForContext), so this is added in this commit. In the
end, all search result paths are stripped of the combined prefix
kMDSStorePathScopes + share_path (from mdssvc_open).
eg
kMDSStorePathScopes = /System/Volumes/Data
share_path = /foo/bar
search result = /System/Volumes/Data/foo/bar/dir/file
relative path returned by mdscli = dir/file
Makes sense? :)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
578e434a by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-34968: mdssvc: return a fake share path
Instead of returning the real server-side absolute path of shares and search
results, return a fake absolute path replacing the path of the share with the
share name, iow for a share "test" with a server-side path of "/foo/bar", we
previously returned
/foo/bar and
/foo/bar/search/result
and now return
/test and
/test/search/result
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a9a2b182 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-3347: CI: add a test for server-side mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
1662eeeb by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
59131d6c by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing()
It's now a one-line function, imho the overall code is simpler if that code is
just inlined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
5a222ac3 by Ralph Boehme at 2023-07-21T12:05:35+00:00
CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot()
This is just going to bitrot. Anyone who's interested can just grep for
"signing_mandatory" and look up what it does.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
9bab902f by Ralph Boehme at 2023-07-21T13:03:09+00:00
CVE-2023-3347: smbd: fix "server signing = mandatory"
This was broken by commit 1f3f6e20dc086a36de52bffd0bc36e15fb19e1c6 because when
calling srv_init_signing() very early after accepting the connection in
smbd_add_connection(), conn->protocol is still PROTOCOL_NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Fri Jul 21 13:03:09 UTC 2023 on atb-devel-224
- - - - -
5442c47d by Ralph Boehme at 2023-07-21T16:19:35+00:00
libsmb: increase a debug level when site-aware DC lookup failed
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 21 16:19:35 UTC 2023 on atb-devel-224
- - - - -
566427c4 by Ralph Boehme at 2023-07-24T15:18:32+00:00
librpc/idl: mdssvc: unkn4 field is a fragment indicator
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
27980c87 by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
c2b4fe3f by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdscli: add fragmentation support
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
68bb582b by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdssvc: introduce MAX_MDSCMD_SIZE
Allow larger value for the reassembled mdscmd's. Now that the client supports
fragementation, when processing reassambled large result sets from macOS
Spotlight server, it's possible to hit this limit in the unmarshalling
code. Let's just increase it to some larger value.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
1149d497 by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdssvc: increase MAX_SLQ_TOC
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
b8e0f02f by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdscli: increase MAX_SLQ_TOCIDX
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
424af98c by Ralph Boehme at 2023-07-24T15:18:32+00:00
mdscli: increase MAX_SLQ_COUNT
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
61c951e0 by Ralph Boehme at 2023-07-24T16:15:16+00:00
mdscli: correct handling of in-progress searches
If a query is still being processed on the server and there no results yet,
macOS returns 0x23.
For now just implements this as dumb polling once a second in mdsearch and the
Python bindings.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 24 16:15:16 UTC 2023 on atb-devel-224
- - - - -
dd998cc1 by Pavel Filipenský at 2023-07-25T12:08:49+00:00
s3:winbindd: Fix double close(fd)
Reported by Red Hat internal coverity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224
- - - - -
c8ee3d45 by Jule Anger at 2023-07-25T20:04:29+00:00
s4:process_prefork: avoid memory leaks caused by messaging_post_self
Sending a message to a process with multiple tevent contexts
can cause a message to get stuck and cause a data leak.
In general it's safer to call imessaging_dgm_unref_ev() before
talloc_free()...
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3af6ad6e by Jule Anger at 2023-07-25T20:04:29+00:00
s4:process: add method called before entering the tevent_loop_wait
This gives the service a chance to register messaging and/or event handlers
on the correct contexts.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1472e4c9 by Jule Anger at 2023-07-25T20:04:29+00:00
s4:process_prefork: create new messaging context for the master process
In order to allow the before_loop() hook to register messages or event
handlers, we need to fix up task->event_ctx and create a new
task->msg_ctx. It also means the struct task_server pointer
changes in the master before_loop() hook.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bed915d0 by jule at 2023-07-25T20:04:29+00:00
s3:smbcontrol: improve destination resolution using names db
With this change it's possible to use 'smbcontrol ldap_server ...'
instead of 'smbcontrol prefork-master-ldap ...'
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7804bf55 by Jule Anger at 2023-07-25T20:04:29+00:00
s4:tls_tstream: create tstream_tls_params_internal
The following commits will implement the reloading of tls certificates.
Therefore we need to overwrite the interal memory.
Note we need to make sure x509_cred and dh_params from
tstream_tls_params_internal stay alive for the whole lifetime
of this session!
See 'man gnutls_credentials_set' and
'man gnutls_certificate_set_dh_params'.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc4995d9 by Jule Anger at 2023-07-25T20:04:29+00:00
s4:ldap_server: don't store task_server in ldapsrv_service
We store individual pointers we need and adjust them
as needed in ldapsrv_post_fork() and the newly added
ldapsrv_before_loop().
This will be required for the next steps.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
321162c9 by Jule Anger at 2023-07-25T20:04:29+00:00
s4:ldap_server: remember dns_host_name in ldap_service
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c7cfb7a by Jule Anger at 2023-07-25T20:04:29+00:00
s4:ldap_server: reload tls certificates on smbcontrol reload-certs
Reload certificates with the command 'smbcontrol ldap_server reload-certs'.
The message is send to the master process, who forwards it to the workers
processes.
The master process reload and, if necessary, create the certificates first,
then the workers processes reload them.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4516fee9 by Jule Anger at 2023-07-25T20:04:29+00:00
testprogs/blackbox: add test_ldap_tls_reload.sh
This tests the reload (and if needed regeneration) of
tls certificates.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9facc2e1 by Andrew Bartlett at 2023-07-25T20:04:29+00:00
docs-xml: Fix invalid XML in smbcontrol manpage
This was picked by a mode in Emacs.
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1b1f8ff by Andrew Bartlett at 2023-07-25T20:04:29+00:00
doc-xml: Add entry for reload-certs for new LDAP certificate reload function
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e86e0da9 by Andrew Bartlett at 2023-07-25T21:02:35+00:00
WHATSNEW: Add TLS cert reload feature
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jul 25 21:02:35 UTC 2023 on atb-devel-224
- - - - -
4149ef97 by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: set query state for continued queries to SLQ_STATE_RUNNING
SLQ_STATE_RESULTS implies that there are already results attached to the slq
which is not the case. Instead the backend will start processing from where it
left off when it hits the maximum result limit and had set the state to
SLQ_STATE_FULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
925fefae by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: fix long running backend queries
If a query is still running in the backend and we have no results yet, returning
0 triggers a search termination by the client in latest macOS releases. macOS
returns 0x23 in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
086c2602 by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: add and use SL_PAGESIZE
SL_PAGESIZE is the number of entries we want to process per paged search result
set. This is different from MAX_SL_RESULTS which ought to be a default maximum
value for total number of results returned for a search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8fa5c8e by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: fix enforcement of "elasticsearch:max results"
This wasn't enforced at all thus a query would return all available matches
without limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f5e4edf by Ralph Boehme at 2023-07-26T22:43:38+00:00
tests/mdssvc: match hits:total:value to be the actual amount of entries in hits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
724a0518 by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: reduce pagesize to 50
Lastest macOS queries additional file metadata per search result, which causes
the mashalled paged result set including metadata to exceed the 64 KB result
fragment buffer.
Lacking fragementation support in mdssvc (it's supported by the protocol), for
now just reduce the maximum number of results per search page.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9dc66fec by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: prepare for returning timestamps with sub-seconds granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
620ca1e6 by Ralph Boehme at 2023-07-26T22:43:38+00:00
mdssvc: fix date marshalling
Did this ever work? Possible just copied over from Netatalk and was always
broken... The Mac client expects the timevalue as seconds relative to
2001-01-01 00:00:00 UTC, packed as IEEE float.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2e83ebe by Ralph Boehme at 2023-07-26T23:42:44+00:00
mdssvc: fix returning file modification date for older Mac releases
Mac 10.10 uses kMDItemContentModificationDate instead of
kMDItemFSContentChangeDate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224
- - - - -
2aa9ffa2 by Jeremy Allison at 2023-07-27T09:59:29+00:00
s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
20df26b9 by Jeremy Allison at 2023-07-27T10:52:50+00:00
s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jul 27 10:52:50 UTC 2023 on atb-devel-224
- - - - -
9338d1b1 by Ralph Boehme at 2023-07-28T10:48:32+00:00
smbd: move tevent_req_post() out of smbd_smb2_create_after_exec()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
75139445 by Pavel Filipenský at 2023-07-28T10:48:32+00:00
krb5_wrap: add krb5_free_enctypes()
MIT Kerberos implements krb5_free_enctypes(), Heimdal is missing it and
offers krb5_xfree() instead.
This introduces a wrapper krb5_free_enctypes() around krb5_xfree() for
Heimdal.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c5778a0f by Pavel Filipenský at 2023-07-28T10:48:32+00:00
krb5_wrap: add krb5_free_string()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cd60e3fd by Pavel Filipenský at 2023-07-28T10:48:32+00:00
auth:credentials: SAFE_FREE() -> krb5_free_enctypes()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ec121eb8 by Pavel Filipenský at 2023-07-28T10:48:32+00:00
auth:credentials: SAFE_FREE() -> krb5_free_string()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
05056775 by Pavel Filipenský at 2023-07-28T10:48:32+00:00
librpc:crypto: SAFE_FREE() -> krb5_free_string()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
959dc906 by Pavel Filipenský at 2023-07-28T10:48:32+00:00
librpc:crypto: SAFE_FREE() -> krb5_free_enctypes()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
abc3d58e by Andrew Bartlett at 2023-07-28T10:48:32+00:00
dcom: Remove remainder of DCOM test client code
This follows f2416493c0c779356606aebf0aceca8fa416b55c, removing the remaining parts
of our DCOM effort. This can be resumed at a later time, but for now this is untested
(as we have no server) and just uses build time.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e36a4149 by Andrew Bartlett at 2023-07-28T10:48:32+00:00
librpc/idl: Remove DCOM and WMI IDL
As hinted in f2416493c0c779356606aebf0aceca8fa416b55c the DCOM and WMI
IDL is now unused. These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.
We do not need to continue this waste, and these can be restored
if this effort is ever to start again.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e3c0b72c by Martin Schwenke at 2023-07-28T10:48:33+00:00
ctdb-tools: Always print script output in event status
When event scripts succeed they generally produce no output. However,
when a script succeeds and produces output, such output almost
certainly contains warnings. So, always print script output.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7920d2ff by Martin Schwenke at 2023-07-28T10:48:33+00:00
ctdb-tools: Improve printing of multi-line event script output
Multi-line output currently prints like this:
OUTPUT: aaa
bbb
ccc
This is less beautiful than it could be.
Instead, print multi-line output with no inlining and each line
indented:
OUTPUT:
aaa
bbb
ccc
However, continue to inline single line output:
OUTPUT: foo
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
94f11c3c by Jule Anger at 2023-07-28T10:48:33+00:00
ldb: release 2.8.0 for use in Samba 4.19.x
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
* pyldb: Raise an exception if ldb_dn_get_parent() fails
* Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
* Documentation and spelling fixes
* Add ldb_val -> bool,uint64,int64 parsing functions
* Split out ldb_val_as_dn() helper function
* add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
* add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
* let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
* Don't create error string if there is no error
* Avoid allocation and memcpy() for every wildcard match candidate
* Make ldb_msg_remove_attr O(n)
* pyldb: Throw error on invalid controls
* pyldb: remove py2 ifdefs
* Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6943c1e3 by Jule Anger at 2023-07-28T10:48:33+00:00
WHATSNEW: Up to Samba 4.19.0rc1.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
4f12024c by Stefan Metzmacher at 2023-07-28T10:48:33+00:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3bab56a7 by Jule Anger at 2023-07-28T14:11:30+02:00
VERSION: Bump version up to Samba 4.19.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b4f10979 by Arvid Requate at 2023-08-01T11:11:16+00:00
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049)
- - - - -
e5ea3562 by Arvid Requate at 2023-08-01T11:11:16+00:00
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b)
- - - - -
37094ba8 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb)
- - - - -
3493671c by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2)
- - - - -
66605c7c by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a)
- - - - -
9cb4754d by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee)
- - - - -
2f1502a7 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87)
- - - - -
4f1156f1 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
- - - - -
4cd7ead4 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
- - - - -
bffe1f57 by Andrew Bartlett at 2023-08-01T11:11:16+00:00
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
- - - - -
68db9b73 by Andrew Bartlett at 2023-08-01T12:12:30+00:00
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 1 12:12:30 UTC 2023 on atb-devel-224
- - - - -
e7f91e1d by Jones Syue at 2023-08-03T09:45:34+00:00
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 09:45:34 UTC 2023 on atb-devel-224
- - - - -
d5939205 by Noel Power at 2023-08-03T13:37:10+00:00
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b57cdfd7efb161cf96b3a39dc7a1652db817e602)
- - - - -
ece48278 by Noel Power at 2023-08-03T13:37:10+00:00
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3d2e9db8b95f9f45d486f8272e53584975f177fa)
- - - - -
368b3e61 by Noel Power at 2023-08-03T13:37:10+00:00
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87)
- - - - -
7d05c43e by Michael Tokarev at 2023-08-03T16:58:22+03:00
New upstream version 4.19.0~rc1+dfsg
- - - - -
1231268c by Noel Power at 2023-08-03T14:30:32+00:00
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
(cherry picked from commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 14:30:32 UTC 2023 on atb-devel-224
- - - - -
9a87e206 by Joseph Sutton at 2023-08-04T09:31:54+00:00
third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
This import fixes the build on 32-bit FreeBSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15443
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Thu Aug 3 05:40:28 UTC 2023 on atb-devel-224
(cherry picked from commit 06d673a1a0c54e78773cc951124486b547ca880d)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Aug 4 09:31:54 UTC 2023 on atb-devel-224
- - - - -
19e9735c by Jule Anger at 2023-08-08T09:11:57+02:00
WHATSNEW: Add release notes for Samba 4.19.0rc2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
e7330e36 by Jule Anger at 2023-08-08T09:12:57+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
4f52e446 by Jule Anger at 2023-08-08T09:13:27+02:00
VERSION: Bump version up to Samba 4.19.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6956ea2f by Michael Tokarev at 2023-08-08T10:47:57+03:00
New upstream version 4.19.0~rc2+dfsg
- - - - -
a436b0d1 by Stefan Metzmacher at 2023-08-08T13:28:17+00:00
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8)
- - - - -
b9e48047 by Stefan Metzmacher at 2023-08-08T13:28:17+00:00
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834)
- - - - -
f3acbab9 by Stefan Metzmacher at 2023-08-08T14:22:06+00:00
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 8 14:22:06 UTC 2023 on atb-devel-224
- - - - -
cf84e662 by Stefan Metzmacher at 2023-08-11T07:53:15+00:00
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ade663ee6ca1a2813b203ea667d933f4dab9e7b7)
- - - - -
a2bc1a93 by Stefan Metzmacher at 2023-08-11T07:53:15+00:00
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea)
- - - - -
fba14400 by Stefan Metzmacher at 2023-08-11T07:53:15+00:00
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e)
- - - - -
c52d4274 by Stefan Metzmacher at 2023-08-11T07:53:15+00:00
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4028d6582907cf582730ceec56872d8584ad02e6)
- - - - -
6caab102 by Stefan Metzmacher at 2023-08-11T07:53:15+00:00
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9)
- - - - -
7d786ccb by Stefan Metzmacher at 2023-08-11T09:01:01+00:00
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
(cherry picked from commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Aug 11 09:01:01 UTC 2023 on atb-devel-224
- - - - -
5b68f98c by Martin Schwenke at 2023-08-14T07:32:14+00:00
ctdb-tools: Fix CID 1539212 - signed/unsigned issue
>>> CID 1539212: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "p >= 0UL".
216 while (p >= 0 && output[p] == '\n') {
This is a real problem in the unlikely event that the output contains
only newlines.
Fix the issue by using a pointer and add a test to cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit f01a179abcb33d9da6097f5ae45c7e7df1bc0397)
- - - - -
b604e7b0 by Martin Schwenke at 2023-08-14T08:41:55+00:00
ctdb-doc: Fix documentation for ctdb event status
Behaviour was changed, documentation wasn't.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Aug 7 09:43:33 UTC 2023 on atb-devel-224
(cherry picked from commit f87f02f6f99157601a6607927305e91835d45ab8)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Aug 14 08:41:55 UTC 2023 on atb-devel-224
- - - - -
81980676 by Jones Syue at 2023-08-15T14:20:09+00:00
mdssvc: Do an early talloc_free() in _mdssvc_open()
Environment setup:
When macOS Finder connect to a samba server with 'spotlight = yes',
macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
through api _mdssvc_open().
After applied 578e434a94147dc2d7dbfc006d2ab84807859c1d,
(this is reported by jaywei at qnap.com)
this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
so memory is lazy de-allocate: delayed to
smbd_tevent_trace_callback() @ smb2_process.c. [1]
Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
just like abnormal exit, do not wait for main loop to free 'path' which is
no longer used, this is more consistent while reading source code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
[1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
<...cut...>
[2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
<...cut...>
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224
(cherry picked from commit 044cb8f9d558bfcd7658cae0f05ff36330538748)
- - - - -
7b84b086 by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: smbd: Deliberately currupt an uninitialized pointer.
We will need this to show smbd crashing in the test code.
This will be removed once we're passing the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit e7bf94b4e3a7f994aa6f0b859089c5add2ad380f)
- - - - -
60cbe064 by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
Shows that we indirect through an uninitialized pointer and the client crashes
it's own smbd.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 963fd8aa9b76361ab9aeb63307773f2498b17879)
- - - - -
116c740c by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
Robert Morris <rtm at lcs.mit.edu> noticed that in the case
where srvstr_pull_req_talloc() is being called with
buffer remaining == 0, we don't NULL out the destination
pointed which is *always* done in the codepaths inside
pull_string_talloc(). This prevents a crash in the caller.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 9220c45cc191b34e293190f6a923ba463edd5db9)
- - - - -
a36f3049 by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: smbd: Uncorrupt the pointer we were using to prove a crash.
Rather than restore to uninitialized, set to NULL as per
modern coding practices.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5bc50d2ea4444244721e72b4264311c7005d2f3c)
- - - - -
18bd1f75 by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224
(cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb)
- - - - -
2c617961 by Jeremy Allison at 2023-08-15T14:20:09+00:00
s3: torture: Add a test doing an SMB1 negotiate+exit.
Robert Morris <rtm at lcs.mit.edu> noticed a missing
return in reply_exit_done().
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 63895e03c4e8ed79a3b2cda928f58ec278cd6608)
- - - - -
19dc2bf8 by Jeremy Allison at 2023-08-15T15:20:43+00:00
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224
(cherry picked from commit d79d0508a4b8bdc4582a350d109181ecae0bf1e2)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 15 15:20:43 UTC 2023 on atb-devel-224
- - - - -
3ed80b3f by Joseph Sutton at 2023-08-17T09:27:17+00:00
tests/krb5: Remove unused import
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2c915e743d53d5e35fa31fa3965d9c9b086351ec)
- - - - -
dbf3e95e by Joseph Sutton at 2023-08-17T09:27:17+00:00
tests/krb5: Shorten long lines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0cce616843395215305428b8672ffa315dbdd858)
- - - - -
0bd2b8b1 by Joseph Sutton at 2023-08-17T09:27:17+00:00
tests/krb5: Add a test decoding INT64 PAC claims issued by Windows
Our NDR code currently handles INT64 claims incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 631e26e1d63040b37f48fd890ab03f7adfc6d882)
- - - - -
d5e0f9af by Joseph Sutton at 2023-08-17T09:27:17+00:00
librpc:ndr: Add ‘int64’ type
This type behaves like a signed variant of ‘hyper’. Unlike the existing
‘dlong’ type, which has four byte alignment, ‘int64’ is aligned to eight
bytes.
Bump the NDR version to 3.0.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 402bb17693472a9c30f33a0bdf5f5f78df4066cc)
- - - - -
313c9a75 by Joseph Sutton at 2023-08-17T09:27:17+00:00
claims.idl: Use ‘int64’ instead of ‘dlong’ for INT64 claims
This field is supposed to be aligned to eight bytes, but the ‘dlong’
type is aligned to only four bytes. This discrepancy resulted in claims
being encoded and decoded incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit aa1815519ce1412cdf25927b54b5178113cdd2a7)
- - - - -
68c74742 by Joseph Sutton at 2023-08-17T09:27:17+00:00
tests/krb5: Remove incorrect comments
Now that the INT64 claim IDL definition has been corrected, these tests
should pass against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 15 19:41:50 UTC 2023 on atb-devel-224
(cherry picked from commit 37fdd79cc0b83b44cb4d4c457fbb8e7410655b24)
- - - - -
c7b1876a by Jeremy Allison at 2023-08-17T09:27:17+00:00
s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.
If a client does a SMB1 NEGPROT followed by SMB1 TCON
then req->session is left uninitialized.
Show this causes a crash by deliberately initializing
req->session to an invalid pointer. This will be removed
once the test shows the crash, and the fix is added to
cause init_smb1_request() to zero the memory passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit f02f74e931f5821c7b7c1be2b8f0fb60c9a69b19)
- - - - -
34291111 by Jeremy Allison at 2023-08-17T09:27:17+00:00
s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session.
Found by Robert Morris <rtm at lcs.mit.edu>.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <nopower at samba.org>
(cherry picked from commit c32df3bb31ce6275cfb91107e34e2d6b3c2fba1b)
- - - - -
6a4622c4 by Jeremy Allison at 2023-08-17T10:31:56+00:00
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224
(cherry picked from commit 4145bfb1b5a3639caf26a310d612aec29fc00117)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Aug 17 10:31:56 UTC 2023 on atb-devel-224
- - - - -
0bd2f592 by Andrew Bartlett at 2023-08-18T09:17:12+00:00
s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0d9ea6c559317e19642662220c089e2d59ef3ecd)
- - - - -
85abc285 by Andrew Bartlett at 2023-08-18T09:17:12+00:00
s4-rpc_server/drsuapi: Improve debugging of invalid DNs
This is still unreachable, so but improve the logging
to give more detail in this area anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d0c1ce53add2fd3b3a4186581f4e214029cbcf1a)
- - - - -
2ecb53d5 by Andrew Bartlett at 2023-08-18T09:17:12+00:00
s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a12bcce89d26ae05bbaeed560cf8fcc7b5bcfdab)
- - - - -
f23c0d54 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
At this layer we can make a reasonable assumption about being able
to read ldb_errstring() to print that for extra useful debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 63843a22c8db73d459bee61e73bb1f0d31e3d427)
- - - - -
f8defe00 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn
This check was valuable before aee2039e63ceeb5e69a0461fb77e0f18278e4dc4
but now only checks things we know to be true, as the value has come
from Samba via drs_ObjectIdentifier_to_dn_and_nc_root() either on this
or a previous call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0550e469eda4022659718ae9a56f5deaa9f9a307)
- - - - -
d1cdcf27 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Save the server dnsname on the DcConnection object
This object is used to hold one of many possible connections and
it is helpful for debugging and uniqueness to know which DC is being
connected to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c30bb8769ff2c4eba2d8f8a2bd3a56946b7d9d5e)
- - - - -
eeda4c3b by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Create temp OU with a unique name per test
It is always better to keep the testing OUs unique if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 628eab11b3c2e82875bf602e363b781d3e5eb96d)
- - - - -
c2b69e42 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Use addCleanup() in getchanges.py for OU handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40f831e67e1f312b1db52c74c119899245d03e32)
- - - - -
75197f52 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour
Azure AD Connect will send a GUID but no DummyDN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit db16366b0bbefcdb91a0b36c903ed63456a081b8)
- - - - -
5243f55e by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie
This demonstrates the behaviour used by the "Azure AD Connect" cloud sync tool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b323169d6ff8357f7c999ae346137166c98218ac)
- - - - -
bd4ce525 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves
The NC root, on any replication when it appears, is the first object to be
replicated, including for all subsequent chunks in the replication.
However the tmp_highest_usn is not updated by that USN, it must
only be updated for the non-NC changes (to match Windows exactly),
or at least only updated with the non-NC changes until it would
naturally appear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 87414955212143b8502b4c02aca150bc72cb8de5)
- - - - -
91c7c77a by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication
This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.
This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.
Azure AD will do a sequence of (roughly)
* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)
However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.
RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 99579e706312192f46df33d55949db7f1475d0d0)
- - - - -
a596e4cd by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
This avoids the indentation correction being in the previous patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fe7418e1765b79f60945b787536b4d84a548fe02)
- - - - -
a33689ad by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges
This tries to avoid it appearing that ncRoot is a value that can
be trusted and used internally by not updating it and instead leaving
it just as an input/echo-back value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 548f141f11e89d335d8f9d74ab6925fa6b90fb84)
- - - - -
de10a323 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse
Because of the requirement to echo back the original string, we can
not force this to be a trustworthy value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2ed9815eeacfcf3a58871bafe0212398cc34c39e)
- - - - -
e5dc7e82 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Update getnc_state to be != NULL
This is closer to our READDME.Coding style
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2aba9e230ea62efcbd829f6f073894dfa3180c91)
- - - - -
7310afa3 by Andrew Bartlett at 2023-08-18T09:17:13+00:00
s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15407
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 17359afa627a3086ec8d6862f007a3479574a8b4)
- - - - -
fd2fdecd by Andrew Bartlett at 2023-08-18T10:33:44+00:00
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
We send the NC root first, as a special case for every chunk
that we send until the natural point where it belongs.
We do not bump the tmp_highest_usn in the highwatermark that
the client and server use (it is meant to be an opauqe cookie)
until the 'natural' point where the object appears, similar
to the cache for GET_ANC.
The issue is that without this, because the NC root was sorted
first in whatever chunk it appeared in but could have a 'high'
highwatermark, Azure AD Connect will send back the same
new_highwatermark->tmp_highest_usn, and due to a bug,
a zero reserved_usn, which makes Samba discard it.
The reserved_usn is now much less likely to ever be set because
the tmp_higest_usn is now always advancing.
RN: Avoid infinite loop in initial user sync with Azure AD Connect
when synchronising a large Samba AD domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 79ca6ef28a6f94965cb030c4a7da8c1b9db7150b)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Aug 18 10:33:44 UTC 2023 on atb-devel-224
- - - - -
8db3885d by Jule Anger at 2023-08-18T13:14:58+02:00
WHATSNEW: Add release notes for Samba 4.19.0rc3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6be33d37 by Jule Anger at 2023-08-18T13:15:48+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
ab0365cf by Jule Anger at 2023-08-18T13:16:15+02:00
VERSION: Bump version up to Samba 4.19.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3a5f7eae by Michael Tokarev at 2023-08-22T08:04:07+03:00
d/changelog: add 2 forgotten changelog entries for the previous upload
- - - - -
a3ce262a by Andrew Bartlett at 2023-08-25T09:02:28+00:00
WHATSNEW: Add Resource Based Constrained Delegation (RBCD) feature for Heimdal
This landed in master as 34760dfc89e879a889d64b48c606ccbaf10e8ba3.
(This text based strongly on e25d6c89bef298ac8cd8c2fb7b49f6cbd4e05ba5
and b3e043276017c6323afa681df9154df9a4292bd1 in Samba 4.17's WHATSNEW)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15457
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Aug 25 09:02:28 UTC 2023 on atb-devel-224
- - - - -
645fc88b by Joseph Sutton at 2023-08-28T08:39:15+00:00
samba-tool: Allow LDB URL to be None
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15458
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 776597bce922d291257e34f1e3304227265a1dbc)
- - - - -
fb774d5d by Martin Schwenke at 2023-08-28T09:36:36+00:00
util: Avoid logging to multiple backends for stdout/stderr
Commit 83fe7a0316d3e5867a56cfdc51ec17f36ea03889 converted the
stdout/stderr logging types to DEBUG_FILE to get a header when using
DEBUG_SYSLOG_FORMAT_ALWAYS. However, this causes all configured
backends to be invoked. When syslog is one of those backends then
this is almost certainly not what is intended.
Instead, call debug_file_log() directly in that special case and
revert the parts of the above commit that convert to file logging.
Most of the changes to debughdrclass() still seem necessary, since
they handle the change of debug_syslog_format from a bool to an enum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15460
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Aug 28 01:21:07 UTC 2023 on atb-devel-224
(cherry picked from commit c7672779128ff12eb7a5cb34052559e62adbd5cb)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Aug 28 09:36:36 UTC 2023 on atb-devel-224
- - - - -
23b4753d by Jule Anger at 2023-08-28T15:52:29+02:00
WHATSNEW: Add release notes for Samba 4.19.0rc4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
0e9c171f by Jule Anger at 2023-08-28T15:55:11+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
087e7cdc by Jule Anger at 2023-08-28T15:55:30+02:00
VERSION: Bump version up to Samba 4.19.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
ca8edd2d by Michael Tokarev at 2023-08-28T19:25:24+03:00
New upstream version 4.19.0~rc4+dfsg
- - - - -
9f573711 by Martin Schwenke at 2023-08-29T08:25:12+00:00
ctdb-common: Improve error handling
Factor out a failure label, which will get more use in subsequent
commits, and only set private_data when success is certain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit d87041d8968e91db9d257445321b85693303f95e)
- - - - -
58e7d6a9 by Martin Schwenke at 2023-08-29T08:25:12+00:00
ctdb-common: Replace pcap_open_live() by lower level calls
A subsequent commit will insert an additional call before
pcap_activate().
This sequence of calls is taken from the source for pcap_open_live(),
so there should be no change in behaviour.
Given the defaults set by pcap_create_common(), it would be possible
to omit the calls to pcap_set_promisc() and pcap_set_timeout().
However, those defaults don't seem to be well documented, so continue
to explicitly set everything that was set before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit ffc2ae616d8fab7528fbdfd8c6b94c5b9a0e3a7c)
- - - - -
1af8a099 by Martin Schwenke at 2023-08-29T09:34:35+00:00
ctdb-common: Set immediate mode for pcap capture
Fix a problem where ctdb_killtcp (almost always) fails to capture
packets with --enable-pcap and libpcap ≥ 1.9.1. The problem is due to
a gradual change in libpcap semantics when using
pcap_get_selectable_fd(3PCAP) to get a file descriptor and then using
that file descriptor in non-blocking mode.
pcap_set_immediate_mode(3PCAP) says:
pcap_set_immediate_mode() sets whether immediate mode should be set
on a capture handle when the handle is activated. In immediate
mode, packets are always delivered as soon as they arrive, with no
buffering.
and
On Linux, with previous releases of libpcap, capture devices are
always in immediate mode; however, in 1.5.0 and later, they are, by
default, not in immediate mode, so if pcap_set_immediate_mode() is
available, it should be used.
However, it wasn't until libpcap commit
2ade7676101366983bd4f86bc039ffd25da8c126 (before libpcap 1.9.1) that
it became a requirement to use pcap_set_immediate_mode(), even with a
timeout of 0.
More explanation in this libpcap issue comment:
https://github.com/the-tcpdump-group/libpcap/issues/860#issuecomment-541204548
Do a configure check for pcap_set_immediate_mode() even though it has
existed for 10 years. It is easy enough.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 15 10:53:52 UTC 2023 on atb-devel-224
(cherry picked from commit dc7b48c404337891b5105df4d6751cf549a533eb)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 29 09:34:35 UTC 2023 on atb-devel-224
- - - - -
8a34b378 by MikeLiu at 2023-09-04T10:17:37+00:00
vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn()
1. Set 'aio_allow_open' to false if fsp->fsp_flags.is_pathref
2. Move !(how->flags & O_CREAT) and !(how->flags & O_EXCL) up and set 'aio_allow_open' to false
3. Use SMB_VFS_NEXT_OPENAT() instead of openat() for disable async opens case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15453
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 22 17:44:00 UTC 2023 on atb-devel-224
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Sep 4 10:17:37 UTC 2023 on atb-devel-224
- - - - -
a21e0936 by Jule Anger at 2023-09-04T14:34:46+02:00
WHATSNEW: Add release notes for Samba 4.19.0.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b7921852 by Jule Anger at 2023-09-04T14:35:46+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f4f3ea67 by Michael Tokarev at 2023-09-04T22:39:27+03:00
d/gbp.conf, d/README.source.md, d/watch: prepare for 4.19
- - - - -
f9931b55 by Michael Tokarev at 2023-09-04T22:40:31+03:00
New upstream version 4.19.0+dfsg
- - - - -
b61c5785 by Michael Tokarev at 2023-09-04T22:41:09+03:00
Update upstream source from tag 'upstream/4.19.0+dfsg'
Update to upstream version '4.19.0+dfsg'
with Debian dir 68feca235038b9ca86e9dc5ffcfa3341b3dbe53b
- - - - -
51a401e2 by Michael Tokarev at 2023-09-04T22:42:04+03:00
d/changelog: start 4.19
- - - - -
27b5a891 by Michael Tokarev at 2023-09-04T22:42:18+03:00
d/patches: remove patches applied upstream
heimdal-to-support-KEYRING-ccache.patch
spelling.patch
- - - - -
a4422caf by Michael Tokarev at 2023-09-04T22:42:27+03:00
refresh patches
meaningful-error-if-no-python3-markdown.patch
meaningful-error-if-no-samba-ad-provision.patch
- - - - -
f0f35506 by Michael Tokarev at 2023-09-04T22:42:38+03:00
d/control: update talloc/tevent/tdb build-deps
- - - - -
d9b2de05 by Michael Tokarev at 2023-09-04T22:42:46+03:00
d/smbclient.install: remove smbgetrc.5
- - - - -
36507736 by Michael Tokarev at 2023-09-04T22:42:52+03:00
d/patches: add ldb 2.7.1 & 2.7.2 ABI files
ldb-2.7.2 contains a few actual new symbols, it is not just a version
bump. Get ldb-2.7.2.sigs from ldb-2.7.2 tag.
- - - - -
d97627f9 by Michael Tokarev at 2023-09-04T22:43:03+03:00
d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0)
- - - - -
a41f5b69 by Michael Tokarev at 2023-09-04T22:43:09+03:00
d/python3-ldb.symbols: remove unused versions, add new version
- - - - -
8f616bcf by Michael Tokarev at 2023-09-04T22:43:15+03:00
d/samba-common-bin.install: install samba-log-parser (for winbindd for now)
- - - - -
aa3a9626 by Michael Tokarev at 2023-09-04T22:43:21+03:00
d/samba-libs.install: 2 new libs
- - - - -
865181e3 by Michael Tokarev at 2023-09-04T22:43:27+03:00
d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0 from samba-libs to samba-testsuite
- - - - -
af22355e by Michael Tokarev at 2023-09-04T22:43:34+03:00
d/samba-libs.install, d/samba-vfs-modules.install: move libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules
- - - - -
12ca65a9 by Michael Tokarev at 2023-09-04T22:43:39+03:00
d/samba-libs.install, d/samba-common-bin.install: move libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net only)
- - - - -
5a0523a0 by Michael Tokarev at 2023-09-04T22:43:47+03:00
d/samba-libs.install, d/samba-common-bin.install: move libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin (used by usr/libexec/samba/rpcd_*)
- - - - -
b0bc6d2d by Michael Tokarev at 2023-09-04T22:43:56+03:00
d/source/lintian-overrides: remove unused source-is-missing override
- - - - -
9f334e6a by Michael Tokarev at 2023-09-04T22:44:04+03:00
d/samba-vfs-modules.lintian-overrides: remove unused spelling-error-in-binary override
- - - - -
1e6603c1 by Michael Tokarev at 2023-09-04T22:44:14+03:00
d/control: add Breaks/Replaces for moved libraries
- - - - -
1ffd116b by Michael Tokarev at 2023-09-04T22:44:39+03:00
d/samba-libs.symbols new libndr 3.0.1 symbols
- - - - -
4cdc2620 by Michael Tokarev at 2023-09-04T22:57:51+03:00
update changelog; upload version 4.19.0+dfsg-1 to unstable
- - - - -
30 changed files:
- + .clangd
- + .git-blame-ignore-revs
- .gitlab-ci-main.yml
- + .gitleaks.toml
- Makefile
- README.Coding.md
- VERSION
- WHATSNEW.txt
- auth/auth_log.c
- auth/auth_sam_reply.c
- auth/auth_sam_reply.h
- + auth/authn_policy.c
- + auth/authn_policy.h
- source4/lib/com/com.h → auth/authn_policy_impl.h
- auth/common_auth.h
- auth/credentials/credentials.c
- auth/credentials/credentials.h
- auth/credentials/credentials_internal.h
- auth/credentials/credentials_krb5.c
- auth/credentials/credentials_ntlm.c
- auth/credentials/credentials_secrets.c
- auth/credentials/pycredentials.c
- auth/gensec/gensec.c
- auth/gensec/gensec_start.c
- auth/gensec/gensec_util.c
- auth/gensec/schannel.c
- auth/gensec/spnego.c
- auth/kerberos/gssapi_pac.c
- auth/kerberos/kerberos_pac.c
- auth/ntlmssp/ntlmssp.h
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a1bb3bd5c59d6e6c2a5a2b4b5483509558bd47ee...4cdc262063fb374fd4afc5b9e7e688077c4b521d
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a1bb3bd5c59d6e6c2a5a2b4b5483509558bd47ee...4cdc262063fb374fd4afc5b9e7e688077c4b521d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230904/c6e98f00/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list