[Pkg-samba-maint] [Git][samba-team/samba][experimental] 2988 commits: smbd: call exit_server_cleanly() to avoid panicking
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Jan 29 18:45:43 GMT 2024
Michael Tokarev pushed to branch experimental at Debian Samba Team / samba
Commits:
36bb9480 by Ralph Boehme at 2023-07-06T11:56:19+00:00
smbd: call exit_server_cleanly() to avoid panicking
The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.
However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.
Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224
(cherry picked from commit 083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc)
- - - - -
bdaf1b1c by Stefan Metzmacher at 2023-07-06T11:56:19+00:00
s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries
Commit 8132edf119757ee91070facffef016c93de9c2a6 introduced a retry loop
arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0
for the retries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jul 5 11:17:43 UTC 2023 on atb-devel-224
(cherry picked from commit 6965e77268e1abfc21f1793c7cd006444938ac03)
- - - - -
3b2f3cf8 by Stefan Metzmacher at 2023-07-06T11:56:19+00:00
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit cb59fd43bbf758e4bad774cfc19ef87b157052c2)
- - - - -
156bafb2 by Stefan Metzmacher at 2023-07-06T11:56:19+00:00
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)
- - - - -
12043529 by Stefan Metzmacher at 2023-07-06T11:56:19+00:00
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
Otherwise we could treat a local problem as non-authoritative.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86)
- - - - -
ddd61699 by Stefan Metzmacher at 2023-07-06T11:56:19+00:00
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b317b10dffd99d1add3ff0b85b958edd9639abc8)
- - - - -
9b25d901 by Stefan Metzmacher at 2023-07-06T13:01:55+00:00
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.
This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 50e771c12f84f9268c2e9ddeef0965f79f85de3d)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Thu Jul 6 13:01:55 UTC 2023 on atb-devel-224
- - - - -
10828732 by Jule Anger at 2023-07-19T17:01:18+02:00
Merge tag 'samba-4.18.5' into v4-18-test
samba: tag release samba-4.18.5
- - - - -
9100d5ac by Jule Anger at 2023-07-19T17:04:23+02:00
VERSION: Bump version up to Samba 4.18.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
5ac859e9 by Günther Deschner at 2023-07-19T15:14:13+00:00
s3-net: no secrets access required when processing a ODJ provisioning
It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 5 09:23:22 UTC 2023 on atb-devel-224
(cherry picked from commit bf7fbf7e2b675145e25ce7bffc29abbf44c35540)
- - - - -
96793d42 by Ralph Boehme at 2023-07-19T16:23:17+00:00
smbd: don't leak the fsp if close_file_smb() fails
This can happen if DELETE-ON-CLOSE is set, but the deletion fails for some
reason.
The bug was introduced by 1808e5c133474eabc9d3cf91c2a92ec4d92d9fdd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15417
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 10 21:32:32 UTC 2023 on atb-devel-224
(cherry picked from commit 4da50463e1b75c06d5f8c066e8b4eff48186afb0)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Wed Jul 19 16:23:17 UTC 2023 on atb-devel-224
- - - - -
14ce7756 by Noel Power at 2023-07-24T10:19:13+00:00
python/samba: Adjust tarfile extraction filter
The 'data_filter' is far too restrictive, this filter doesn't apply any
mode bits to directories which in turn will result in unexpected
directory permissions of the amongst others msg.[ls]ock directories.
With 'data_filter' and a 'patched' python at best we experience
CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server
startup failures, at worst user/admins will need to adjust directory
permissions post backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e401ae44b2f952fc2686065fbfb3a563e3d4066a)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Jul 24 10:19:13 UTC 2023 on atb-devel-224
- - - - -
c403201a by Stefan Metzmacher at 2023-07-28T10:48:33+00:00
VERSION: Bump version up to 4.20.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1771ee69 by Stefan Metzmacher at 2023-07-28T10:48:33+00:00
WHATSNEW: Start release notes for Samba 4.20.0pre1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7319c759 by Jule Anger at 2023-07-28T11:49:02+00:00
ldb: change the version to 2.9.0 for Samba 4.20
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jul 28 11:49:02 UTC 2023 on atb-devel-224
- - - - -
c052d8bd by Pavel Filipenský at 2023-07-28T12:41:12+00:00
s3:tests: Add rpcclient 'dfsgetinfo' test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe)
- - - - -
19e110d7 by Pavel Filipenský at 2023-07-28T12:41:12+00:00
s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8c10f53928653d02bbb75d6ab05510e87ee97420)
- - - - -
aa2af3c0 by Pavel Filipenský at 2023-07-28T12:41:12+00:00
s3:rpc_server: Fix double blackslash issue in dfs path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224
(cherry picked from commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb)
- - - - -
c1c2a0ec by Pavel Filipenský at 2023-07-28T13:37:01+00:00
s3:winbindd: Fix double close(fd)
Reported by Red Hat internal coverity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224
(cherry picked from commit dd998cc163358edd6c748e40900247877f91eb1f)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224
- - - - -
b57cdfd7 by Noel Power at 2023-07-28T23:50:32+00:00
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d2e9db8 by Noel Power at 2023-07-28T23:50:32+00:00
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2668dcd0 by Noel Power at 2023-07-28T23:50:32+00:00
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bf8b25a by Noel Power at 2023-07-29T00:43:52+00:00
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
- - - - -
b6e80733 by Arvid Requate at 2023-07-31T06:18:32+00:00
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2d461844 by Arvid Requate at 2023-07-31T06:18:32+00:00
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
25b0e110 by Andrew Bartlett at 2023-07-31T06:18:33+00:00
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
97b682e0 by Andrew Bartlett at 2023-07-31T06:18:33+00:00
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3669caa9 by Andrew Bartlett at 2023-07-31T06:18:33+00:00
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4e18066f by Andrew Bartlett at 2023-07-31T06:18:33+00:00
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a900f6aa by Andrew Bartlett at 2023-07-31T06:18:33+00:00
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
13eed1e0 by Andrew Bartlett at 2023-07-31T06:18:33+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b4f3f3c by Andrew Bartlett at 2023-07-31T06:18:33+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4250d07e by Andrew Bartlett at 2023-07-31T06:18:33+00:00
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5571ce96 by Andrew Bartlett at 2023-07-31T07:20:21+00:00
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
- - - - -
160b7dc0 by Ralph Boehme at 2023-07-31T08:05:13+00:00
mdssvc: set query state for continued queries to SLQ_STATE_RUNNING
SLQ_STATE_RESULTS implies that there are already results attached to the slq
which is not the case. Instead the backend will start processing from where it
left off when it hits the maximum result limit and had set the state to
SLQ_STATE_FULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4149ef97e5906604be1587622f390f121db183e2)
- - - - -
7d5e9f5f by Ralph Boehme at 2023-07-31T08:05:13+00:00
mdssvc: fix long running backend queries
If a query is still running in the backend and we have no results yet, returning
0 triggers a search termination by the client in latest macOS releases. macOS
returns 0x23 in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 925fefae20e52a3c89a56bdd0cd5b98cc951db5f)
- - - - -
60fdb3ad by Ralph Boehme at 2023-07-31T08:05:13+00:00
mdssvc: add and use SL_PAGESIZE
SL_PAGESIZE is the number of entries we want to process per paged search result
set. This is different from MAX_SL_RESULTS which ought to be a default maximum
value for total number of results returned for a search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 086c2602d074d4dc0d44f5534857e5f59a8690b2)
- - - - -
39c2b556 by Ralph Boehme at 2023-07-31T08:05:14+00:00
mdssvc: fix enforcement of "elasticsearch:max results"
This wasn't enforced at all thus a query would return all available matches
without limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d8fa5c8e2a1794ea8dc663485315ebd9401b2628)
- - - - -
3036f3cb by Ralph Boehme at 2023-07-31T08:05:14+00:00
tests/mdssvc: match hits:total:value to be the actual amount of entries in hits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7f5e4edf64f7e4175f652bf8762d4edc110ad6b1)
- - - - -
590c9164 by Ralph Boehme at 2023-07-31T08:05:14+00:00
mdssvc: reduce pagesize to 50
Lastest macOS queries additional file metadata per search result, which causes
the mashalled paged result set including metadata to exceed the 64 KB result
fragment buffer.
Lacking fragementation support in mdssvc (it's supported by the protocol), for
now just reduce the maximum number of results per search page.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 724a0518c901589fe1171d94648391832e056f4d)
- - - - -
aa4db8a3 by Ralph Boehme at 2023-07-31T08:05:14+00:00
mdssvc: prepare for returning timestamps with sub-seconds granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9dc66fecf7c1743d264c5c4f8978b77bab75ed86)
- - - - -
f4a33735 by Ralph Boehme at 2023-07-31T08:05:14+00:00
mdssvc: fix date marshalling
Did this ever work? Possible just copied over from Netatalk and was always
broken... The Mac client expects the timevalue as seconds relative to
2001-01-01 00:00:00 UTC, packed as IEEE float.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 620ca1e68d02be45a94aa41217a141d211fceb1f)
- - - - -
35573c04 by Ralph Boehme at 2023-07-31T09:11:21+00:00
mdssvc: fix returning file modification date for older Mac releases
Mac 10.10 uses kMDItemContentModificationDate instead of
kMDItemFSContentChangeDate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224
(cherry picked from commit c2e83ebe726b7bc42b329198214c784936f19888)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Jul 31 09:11:21 UTC 2023 on atb-devel-224
- - - - -
217beca6 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure Firewalld tests don't flop
This test was failing depending on the system it
was run on, since the result depends on whether
firewalld python bindings were installed. This
wasn't failing in CI (and so there is no flopping
test marked), but does fail on some local systems.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b49d150d by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying firewalld policy enforces changes
Ensure that modifying the firewalld policy and
re-applying will enforce the correct policy.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32a70df7 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying firefox policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef0c54d7 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying MOTD policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae752b8c by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying Messages policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5571718 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying Issue policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c2dc0cc by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying smb.conf policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70d3601f by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying script user policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7db3b63e by David Mulder at 2023-07-31T09:58:30+00:00
gp: Test modifying centrify crontab user policy enforces changes
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ac22de7 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure Firewalld preforms proper cleanup
Now uses gp_applier to ensure old settings are
properly cleaned up.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f59ce54 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Add a misc applier, to assist some gp exts
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03d796c6 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure Firefox policy preforms proper cleanup
Now uses gp_misc_applier to ensure old settings
are properly cleaned up.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a248290 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure Messages policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8bdb1b65 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure Issue policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a330ad7b by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure MOTD policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b278f158 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure smb.conf policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cc706c1 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure script user policy performs proper cleanup
This resolves cleanup issues for scripts user
policy.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab2cda79 by David Mulder at 2023-07-31T09:58:30+00:00
gp: Ensure centrify crontab user policy performs proper cleanup
This resolves cleanup issues for user and group
centrify compatible policies. It also ensures the
crontab policies use functions from the scripts
policy, to avoid code duplication and simplify
cleanup.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16eaf7fd by David Mulder at 2023-07-31T10:55:26+00:00
gp: Cleanup some unused code
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jul 31 10:55:26 UTC 2023 on atb-devel-224
- - - - -
f374da1d by Pavel Filipenský at 2023-07-31T10:56:54+00:00
s4:auth: Fix trailing whitespaces in kerberos_util.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
dfc26dc4 by Pavel Filipenský at 2023-07-31T10:56:54+00:00
auth:kerberos: Fix resource leak in parse_principal()
Reported by Red Hat internal covscan
leaked_storage: Variable "princ" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1356805 by Pavel Filipenský at 2023-07-31T10:56:54+00:00
auth:kerberos: Fix resource leak in smb_krb5_get_keytab_container()
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
25647129 by Pavel Filipenský at 2023-07-31T10:56:54+00:00
auth:kerberos: Fix resource leak in smb_krb5_update_keytab()
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3ef5162d by Pavel Filipenský at 2023-07-31T10:56:54+00:00
auth:credentials: Fix resource leak in cli_credentials_set_from_ccache()
Reported by Red Hat internal covscan
leaked_storage: Variable "princ" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c58a7142 by Pavel Filipenský at 2023-07-31T10:56:54+00:00
lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries
Reported by Red Hat internal covscan
leaked_storage: Variable "cursor" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5cc86160 by Andrew Bartlett at 2023-07-31T10:56:54+00:00
lib/util: Move DEBUG() calls in gendb_search_v to common levels and new DBG_*() pattern
This moves success logs 6 -> 10, failure logs 4 -> 5.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
acf6d89c by Andrew Bartlett at 2023-07-31T10:56:54+00:00
dsdb: Add dsdb_search_scope_as_string() and use in ldap_backend.c
This will be useful when adding debugging to other routines.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
78669a04 by Andrew Bartlett at 2023-07-31T10:56:54+00:00
dsdb: Add tracing to dsdb_search() similar to gendb_search_v()
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d23dd3e2 by Andrew Bartlett at 2023-07-31T11:49:19+00:00
dsdb: Add tracing to dsdb_search_dn() similar to gendb_search_v()
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 11:49:19 UTC 2023 on atb-devel-224
- - - - -
3b3b92f5 by Arvid Requate at 2023-08-01T09:53:17+00:00
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049)
- - - - -
364730e9 by Arvid Requate at 2023-08-01T09:53:17+00:00
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b)
- - - - -
c14fbf24 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb)
- - - - -
820752e3 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2)
- - - - -
8e45b202 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a)
- - - - -
32704194 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee)
- - - - -
c3595310 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87)
- - - - -
ae64a438 by Andrew Bartlett at 2023-08-01T09:53:17+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
- - - - -
5f908aef by Andrew Bartlett at 2023-08-01T09:53:17+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
- - - - -
da03582f by Andrew Bartlett at 2023-08-01T09:53:17+00:00
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
- - - - -
ed62f4fa by Andrew Bartlett at 2023-08-01T10:57:04+00:00
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Aug 1 10:57:04 UTC 2023 on atb-devel-224
- - - - -
8f4c1c67 by Jones Syue at 2023-08-02T11:16:40+00:00
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c67534fe by Andrew Bartlett at 2023-08-02T11:16:41+00:00
selftest: Add test for combination of anr and paged_results
This combination was known to cause a segfault in Samba 4.13, fixed by
5f0590362c5c0c5ee20503a67467f9be2d50e73b in later versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14970
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1b68bd97 by Stefan Metzmacher at 2023-08-02T11:16:41+00:00
paged_results: add no memory checks in paged_search()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Arvid Requate <requate at univention.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org combination of two patches by the above authors]
- - - - -
3b51091c by Andrew Bartlett at 2023-08-02T11:16:41+00:00
dsdb: Replace talloc_steal() with a shallow copy and reference in dsdb_paged_results
We should not be stealing caller memory like this, and while a
talloc_reference() is not much better, this combined with a
shallow copy should be a little better in terms of polite
memory management.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
00316255 by Andrew Bartlett at 2023-08-02T12:10:19+00:00
dsdb: Make a shallow copy of ldb_parse_tree in operational module
We should not be making modifications to caller memory. In
particular, this causes problems for logging of requests if the
original request becomes modified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Aug 2 12:10:20 UTC 2023 on atb-devel-224
- - - - -
06d673a1 by Joseph Sutton at 2023-08-03T05:40:28+00:00
third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
This import fixes the build on 32-bit FreeBSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15443
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Thu Aug 3 05:40:28 UTC 2023 on atb-devel-224
- - - - -
e50f377b by Noel Power at 2023-08-03T07:42:17+00:00
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b57cdfd7efb161cf96b3a39dc7a1652db817e602)
- - - - -
5db858c1 by Noel Power at 2023-08-03T07:42:17+00:00
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3d2e9db8b95f9f45d486f8272e53584975f177fa)
- - - - -
e949750d by Noel Power at 2023-08-03T07:42:17+00:00
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87)
- - - - -
c40f1619 by Noel Power at 2023-08-03T08:44:47+00:00
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
(cherry picked from commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Thu Aug 3 08:44:47 UTC 2023 on atb-devel-224
- - - - -
d0b2c27d by Andreas Schneider at 2023-08-03T14:31:34+00:00
lib:fuzzing: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
edcebcd4 by Andreas Schneider at 2023-08-03T14:31:34+00:00
lib:tevent: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0ed62798 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s3:utils: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
01c31c8f by Andreas Schneider at 2023-08-03T14:31:34+00:00
s3:spoolss: Remove dead code
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
795e464c by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:auth: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
69498022 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:cldap_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
dbb1fbe8 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:client: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ed3c1fcb by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dns_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2304ec43 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:common: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e3319795 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:kcc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3ebe11cd by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:repl: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f34ef1ef by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:samdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
969bcc28 by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:schema: Fix trailing white spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bedc978c by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:schema: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b29793ff by Andreas Schneider at 2023-08-03T14:31:34+00:00
s4:dsdb:tests: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
85c8222b by Andreas Schneider at 2023-08-03T15:25:01+00:00
s4:kdc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 3 15:25:01 UTC 2023 on atb-devel-224
- - - - -
5949adab by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: turn user.py into module netcmd.user
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87aae028 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user add command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e85070b0 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user delete command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
970c2bcb by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user enable command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0385e4a9 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user disable command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69536ff7 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user list command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c621183c by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user setexpiry command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84c13a86 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move common code used by various password commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b47a424 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user password command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f20b5f60 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user getgroups command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6e1b569 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user setprimarygroup command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65fc1472 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user setpassword command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5145683 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user getpassword and syncpasswords commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d08f7260 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user edit command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a34b681 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user show command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41492dad by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user move command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44a974e1 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user rename command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95f6abeb by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user unlock command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c4a6e55 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user add_unix_attrs command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10aa17a4 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: move user sensitive command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fab69e47 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: readpasswords: turn getpassword.py into readpasswords module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6319df10 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: readpasswords: move show command to readpasswords
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24c56761 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: readpasswords: move common.py to readpasswords
it only contains code relating to the getpassword module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1929cca2 by Rob van der Linde at 2023-08-04T04:31:37+00:00
netcmd: user: readpasswords: move getpassword command to readpasswords
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3452b0d2 by Rob van der Linde at 2023-08-04T05:27:53+00:00
netcmd: user: readpasswords: move syncpasswords command to readpasswords
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Aug 4 05:27:53 UTC 2023 on atb-devel-224
- - - - -
7f87d028 by Andrew Bartlett at 2023-08-04T07:02:15+00:00
lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 848fea1a01a4ddc1598150823d5d0784d3ef0be4)
- - - - -
2ed39136 by Andrew Bartlett at 2023-08-04T07:02:15+00:00
python: Move PyList_AsStringList to common code so we can reuse
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fd81759e2ed44cac3bc67243a39256f953969103)
- - - - -
534425ba by Andrew Bartlett at 2023-08-04T07:02:15+00:00
python: Remove const from PyList_AsStringList()
The returned strings are not owned by python, so need not be const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 5afd206d1d8f0344a2f1fa7a238204d1fb164eda)
- - - - -
8c2c1b54 by Andrew Bartlett at 2023-08-04T07:02:15+00:00
python: Add glue.burn_commandline() method
This uses samba_cmdline_burn() to as to have common
command line redaction code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3f9e455898554b726bf1689f743b2d9cb6b59537)
- - - - -
e724909a by Andrew Bartlett at 2023-08-04T07:02:15+00:00
samba-tool: Use samba.glue.get_burnt_cmdline rather than regex
This use avoids having two different methods to match on command-line
passwords. We already have a dependency on the setproctitle python
module, and this does not change as the (C) libbsd setproctitle()
can't be run from within a python module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a53ebc288f47329c997d52325eeeb5e91ce43b75)
- - - - -
c11b6d6b by Andrew Bartlett at 2023-08-04T07:02:15+00:00
lib/cmdline: Also burn the --password2 parameter if given
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 414b3803bb6a1b12c44b52ab1ff64a8b7f61fd03)
- - - - -
e9114241 by Andrew Bartlett at 2023-08-04T08:05:00+00:00
lib/cmdline: Also redact --newpassword in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jul 21 06:16:30 UTC 2023 on atb-devel-224
(cherry picked from commit 76ad44f446c42832e87b2c60a4731a8de3a0018f)
RN: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Fri Aug 4 08:05:00 UTC 2023 on atb-devel-224
- - - - -
f01a179a by Martin Schwenke at 2023-08-07T08:43:39+00:00
ctdb-tools: Fix CID 1539212 - signed/unsigned issue
>>> CID 1539212: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "p >= 0UL".
216 while (p >= 0 && output[p] == '\n') {
This is a real problem in the unlikely event that the output contains
only newlines.
Fix the issue by using a pointer and add a test to cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f87f02f6 by Martin Schwenke at 2023-08-07T09:43:33+00:00
ctdb-doc: Fix documentation for ctdb event status
Behaviour was changed, documentation wasn't.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Aug 7 09:43:33 UTC 2023 on atb-devel-224
- - - - -
8ed69553 by Joseph Sutton at 2023-08-08T04:39:36+00:00
lib:dbwrap: Remove unneeded space in debug message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa9ca519 by Joseph Sutton at 2023-08-08T04:39:36+00:00
lib/replace: Const-qualify sys_errlist
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa0d17a7 by Joseph Sutton at 2023-08-08T04:39:36+00:00
auth: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50c6ca69 by Joseph Sutton at 2023-08-08T04:39:36+00:00
auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8085b3d by Joseph Sutton at 2023-08-08T04:39:36+00:00
ctdb: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c67b452 by Joseph Sutton at 2023-08-08T04:39:36+00:00
lib/util: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8090e595 by Joseph Sutton at 2023-08-08T04:39:36+00:00
lib/ldb-samba: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
731e233a by Joseph Sutton at 2023-08-08T04:39:36+00:00
s4:auth: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e653af8 by Joseph Sutton at 2023-08-08T04:39:36+00:00
libcli: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b33c919 by Joseph Sutton at 2023-08-08T04:39:36+00:00
libcli/auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60f4d873 by Joseph Sutton at 2023-08-08T04:39:36+00:00
libcli/security: Remove unnecessary code
The revision has already been set at the start of this function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
748cbac2 by Joseph Sutton at 2023-08-08T04:39:36+00:00
libcli/security: Cast isupper() argument to ‘unsigned char’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e69968d2 by Joseph Sutton at 2023-08-08T04:39:36+00:00
librpc/rpc: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
448ed84c by Joseph Sutton at 2023-08-08T04:39:36+00:00
librpc/ndr: Remove unneeded casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a2604bf by Joseph Sutton at 2023-08-08T04:39:36+00:00
ndr_string: Add overflow check in ndr_pull_charset_to_null()
This matches ndr_pull_charset().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd53e052 by Joseph Sutton at 2023-08-08T04:39:36+00:00
ndr_string: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87216413 by Joseph Sutton at 2023-08-08T04:39:36+00:00
ndr_string: Remove dodgy-looking casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee6ef91f by Joseph Sutton at 2023-08-08T04:39:36+00:00
ndr/dns-utils: Make error message slightly more readable
max_length will always be greater than one, so we can use the plural.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64834e26 by Joseph Sutton at 2023-08-08T04:39:36+00:00
librpc/ndr: Format NDR pull sizes as ‘size_t’
The arguments to these macros are occasionally of type size_t.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b25a6b12 by Joseph Sutton at 2023-08-08T04:39:36+00:00
librpc/py_security: Don’t pass a NULL pointer to PyUnicode_FromString()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae9e56a1 by Joseph Sutton at 2023-08-08T04:39:36+00:00
librpc/ndr: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d17dda03 by Joseph Sutton at 2023-08-08T04:39:37+00:00
pidl: Remove unneeded semicolon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae684939 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:eventlog: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d6118e4 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:utils: Fix debug message formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af8fbe85 by Joseph Sutton at 2023-08-08T04:39:37+00:00
nmbd_become_lmb.c: Fix debug message formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abcfaa79 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:dsdb: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57969727 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:dsdb: Move comment to more appropriate place
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c868428 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4d73ee8 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
119067e4 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Check that client and server are not NULL (CID 1534695)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfad7f87 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8648c9f6 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1286b952 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Remove redundant comment
We don’t need two copies of the same comment.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b86cd80f by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Remove casts in debug messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54c38cf9 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0182ddf9 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Use newer debugging macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1713f255 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Inline some variables
IMO, this code is easier to read if the reader can tell at a glance what
the values of these enumerations are, rather than having to think about
where the values come from.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bc1dd32 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85beb883 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:kdc: Avoid operator precedence issues
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1dc8cb3e by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:libcli/ldap: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
936c9ae1 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:libcli/smb_composite: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c880e86 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13a04d67 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:rpc_server: Add missing newlines to debugging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebfa5ff6 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s4:rpc_server/backupkey: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4a643e6 by Joseph Sutton at 2023-08-08T04:39:37+00:00
selftest: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26429996 by Joseph Sutton at 2023-08-08T04:39:37+00:00
selftest: Add missing import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fc549ae by Joseph Sutton at 2023-08-08T04:39:37+00:00
testprogs: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a7a5dcd by Joseph Sutton at 2023-08-08T04:39:37+00:00
samba-tool/ntacl: Remove unused and unnecessary return
setntacl() just returns None.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c15ff6e by Joseph Sutton at 2023-08-08T04:39:37+00:00
samba-tool/ntacl: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
245044d6 by Joseph Sutton at 2023-08-08T04:39:37+00:00
samba-tool/ntacl: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f47aef77 by Joseph Sutton at 2023-08-08T04:39:37+00:00
python: Use correct function signatures
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0efff68 by Joseph Sutton at 2023-08-08T04:39:37+00:00
python:samba:kcc: Fix log message formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b270333f by Joseph Sutton at 2023-08-08T04:39:37+00:00
python: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa9f9d49 by Joseph Sutton at 2023-08-08T04:39:37+00:00
python: Check return value of talloc_strndup()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a123429 by Joseph Sutton at 2023-08-08T04:39:37+00:00
pyglue: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07299ab7 by Joseph Sutton at 2023-08-08T04:39:37+00:00
pyglue: Add missing whitespace in docstrings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccf99477 by Joseph Sutton at 2023-08-08T04:39:37+00:00
python:tests: Remove references to now-gone files
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3e684b5 by Joseph Sutton at 2023-08-08T04:39:37+00:00
tests/krb5: Correct comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40b529f8 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libgpo:admx: Fix code spelling
(NEGOgiation → NEGOtiation)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6a6dcc0 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/ldap: Don’t try to encode NULL name
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ce9c6a3 by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Don’t pass NULL pointer into strcasecmp()
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5c309a5 by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Account for ‘name’ possibly being NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1cb91c6a by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41e0951d by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Don’t decrement reference count until object is no longer needed
If ‘tmp’ happens to be garbage-collected, ‘name’ will become invalid.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58205585 by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Check talloc_strdup() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc89fabb by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Don’t leak ‘msg’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
229d270d by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Check talloc_zero_array() return value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77015f3c by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Don’t leak ‘el’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d278f97d by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Clarify documentation for PyObject_AsMessageElement()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
150d457b by Joseph Sutton at 2023-08-08T04:39:37+00:00
ldb: Work around inconsistent behaviour in PyObject_AsMessageElement()
PyObject_AsMessageElement() has ‘flags’ and ‘attr_name’ parameters to
set properties of the returned MessageElement, but they apply only
*sometimes*.
‘attr_name’ not being set can result in cryptic and misleading error
messages from various ldb operations.
Changing the function’s behaviour to be more consistent could break
existing code, so we work around the issue instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45ef3ab9 by Joseph Sutton at 2023-08-08T04:39:37+00:00
smbXcli: Remove call to utf16_len_n()
This code was probably intended to refer to ‘blob1’ rather than to
‘blob2’. As it is, it fails to achieve anything.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6c35d03 by Joseph Sutton at 2023-08-08T04:39:37+00:00
ndr_string: Move string length calculation fallback into default case
We are about to add a new enumeration constant (NUM_CHARSETS) to
charset_t. To do that we must have a default case in this switch
statement, or the compiler will refuse to compile it, stating that we
haven’t handled all the cases.
The alternative, adding a case for NUM_CHARSETS, would just look silly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
355fd3c7 by Joseph Sutton at 2023-08-08T04:39:37+00:00
lib:charset: Update NUM_CHARSETS to reflect true value
CH_DISPLAY was removed in commit
125a2ff262aa312df20eec68802fd5f8a47f492f, but NUM_CHARSETS was not
updated to match.
By assigning to NUM_CHARSETS the last enumeration value in charset_t, we
guard against its falling out of sync again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6babaa9 by Joseph Sutton at 2023-08-08T04:39:37+00:00
nsswitch:libwbclient: Fix memory leak
Found by Balazs Scheidler <bazsi at balabit.hu>.
Reported by Ferenc Wágner <wferi at niif.hu> at
https://lists.samba.org/archive/samba-technical/2023-June/138271.html
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
def62de1 by Joseph Sutton at 2023-08-08T04:39:37+00:00
auth: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9769b594 by Joseph Sutton at 2023-08-08T04:39:37+00:00
ctdb: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f14d5a01 by Joseph Sutton at 2023-08-08T04:39:37+00:00
talloc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea888d69 by Joseph Sutton at 2023-08-08T04:39:37+00:00
lib:mscat: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ee008d2 by Joseph Sutton at 2023-08-08T04:39:37+00:00
lib:socket: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ff5c514 by Joseph Sutton at 2023-08-08T04:39:37+00:00
lib/util: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f05ed662 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/auth: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3870e00f by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain()
The two functions are identical in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d658eaf by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:modules: Call dom_sid_compare_domain() instead of sid_compare_domain()
The two functions are identical in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5cf61ed2 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/security: Remove unused function sid_compare_domain()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbf53bf3 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/security: Fix integer overflow
On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa0cddad by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/security: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38b93532 by Joseph Sutton at 2023-08-08T04:39:37+00:00
libcli/security: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6913aebd by Joseph Sutton at 2023-08-08T04:39:37+00:00
librpc:ndr: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc3bcd5e by Joseph Sutton at 2023-08-08T04:39:37+00:00
librpc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29b2dcb4 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:auth: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8505094b by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:client: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34545cdf by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:lib: Consistently return a string with a trailing newline
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45a50fa9 by Joseph Sutton at 2023-08-08T04:39:37+00:00
s3:client: Remove unnecessary newline from logging message
time_to_asc() adds a trailing newline of its own.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ea7b8a0 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:groupdb: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7d71dd1 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:lib: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
769aa901 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:lib: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09a13ca4 by Joseph Sutton at 2023-08-08T04:39:38+00:00
tldap: Use portable integer constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67decfc7 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:libads: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f798cf93 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:libnet: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
956c7a28 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:librpc: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bba1613d by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:libsmb: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
728eebbf by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:libsmb: Add missing parenthesis to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cef6692b by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:modules: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa24c5de by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:modules: Remove redundant newlines in logging messages
ctime() and time_to_asc() each add a trailing newline of their own.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae147ebc by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:modules: Correct escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9882f82 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:modules: Fix error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fef81f1 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:nmbd: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b082f7b by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:passdb: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f80a8516 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:passdb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fbfe050 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:printing: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
575f0016 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:printing: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6489f313 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:printing: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd3d9aa2 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:registry: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
687a0f01 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:rpc_client: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c172de6e by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:rpc_server: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7e86f50 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:rpc_server: Fix incomplete logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce0ace67 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:rpc_server: Add missing space to debug message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
867b192c by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:rpc_server: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aff878dc by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:smbd: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44d3f17a by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:smbd Remove unnecessary newlines from logging messages
time_to_asc() adds a trailing newline of its own.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
732923e7 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aec5307e by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:smbd: Add missing space to warning message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a30b6d1e by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:utils: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88acf7de by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90a3aca4 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:vfs: Add missing space in debug message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac0f599c by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:winbindd: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
146a9260 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s3:winbindd: Fix debug messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
703978c7 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:auth: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c590d8d3 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:auth: Check return value of talloc_reference()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e663c1d9 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:auth: Correct condition and remove redundant check
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3076bb6c by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:cldap_server: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffbd69ed by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:client: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e753542 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dns_server: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79cc9adf by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb2053ee by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Improve grammar
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54714b35 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Remove unnecessary parentheses
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4db9a27 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c850ffde by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Correct error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fad62d9 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Check result of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68388153 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb: Do not dereference a NULL pointer
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a19ea9b by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb:tests: Use control that was (presumably) intended
Otherwise ‘control4’ goes unused.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
178a7ed8 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:dsdb:tests: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd6c3e6b by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:ldap_server: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b07dd255 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:lib: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45abe285 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:libnet: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90a9f78a by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:librpc: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4d055de by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:ntvfs: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36bbfe62 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:param: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b2e6058 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:policy: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68bf480b by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:rpc_server: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e1adcfc by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:rpc_server/backupkey: Fix leaks
Allocate these objects on a shorter-lived memory context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29c92705 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:rpc_server: Remove unnecessary parentheses
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56561fd0 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:rpc_server: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63863066 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:samba: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d61c3684 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:smb_server: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ec0c61c by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:smb_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43b44827 by Joseph Sutton at 2023-08-08T04:39:38+00:00
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c81f349 by Douglas Bagnall at 2023-08-08T04:39:38+00:00
lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t*
We have been using `uint8_t *`, which works fine as far as
linking goes, but leads fuzz target developers to sometimes
forget why they can't just modify the passed in string instead of
copying it for modification (e.g. to NUL-terminate).
REF: https://llvm.org/docs/LibFuzzer.html#fuzz-target
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3ded9d9 by Douglas Bagnall at 2023-08-08T04:39:38+00:00
lib/fuzzing:fuzz_sddl_access_check fix nul-term check
We were wanting to ensure the string contains a zero byte, but
instead were checking for a non-zero byte.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c007600 by Douglas Bagnall at 2023-08-08T04:39:38+00:00
util/base64: add a note about zero length strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f404ef3c by Douglas Bagnall at 2023-08-08T04:39:39+00:00
libcli:auth:sess_crypt_blob: ensure key has 7 bytes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
019bee54 by Douglas Bagnall at 2023-08-08T04:39:39+00:00
fuzz: add fuzzer for sess_crypt_blob
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17e35c26 by Douglas Bagnall at 2023-08-08T04:39:39+00:00
fuzz: add fuzzer for ldb_comparison_fold
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0e0ff26 by Douglas Bagnall at 2023-08-08T04:39:39+00:00
tldap: avoid infinite loop when filter contains "\)"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14600
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
269738d6 by Douglas Bagnall at 2023-08-08T05:35:08+00:00
lib/replace: fix strlcat/strlcpy compile for Honggfuzz
Otherwise we getthis kind of thing:
../../lib/replace/replace.c:837:3: error: implicit declaration of function 'strlcpy' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
strlcpy(buf, s, buflen);
../../third_party/heimdal/lib/roken/getarg.c:288:6: error: implicit declaration of function 'strlcat' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
strlcat(buf, "]", sizeof(buf));
because we found the symbol names in libc, but didn't check that the
functions are declared in <string.h>. We already include
<bsd/string.h> whenever we have it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 8 05:35:08 UTC 2023 on atb-devel-224
- - - - -
c37adb76 by Stefan Metzmacher at 2023-08-08T08:02:40+00:00
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5c724a3e by Stefan Metzmacher at 2023-08-08T08:02:40+00:00
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9ec22e68 by Stefan Metzmacher at 2023-08-08T08:57:46+00:00
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
- - - - -
cf7a0c9d by Stefan Metzmacher at 2023-08-08T11:43:09+00:00
vfs_aio_pthread: don't crash without a pthreadpool
During 'samba-tool ntacl sysvolreset' and similar.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3694f2ce6205a647eb5dab2115785fb45decaf0b)
- - - - -
bace04c3 by Jones Syue at 2023-08-08T11:43:09+00:00
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
- - - - -
f2604db1 by Stefan Metzmacher at 2023-08-08T11:43:09+00:00
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8)
- - - - -
30f317cf by Stefan Metzmacher at 2023-08-08T11:43:09+00:00
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834)
- - - - -
1b3197ff by Stefan Metzmacher at 2023-08-08T12:56:30+00:00
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Aug 8 12:56:30 UTC 2023 on atb-devel-224
- - - - -
ade663ee by Stefan Metzmacher at 2023-08-08T12:57:29+00:00
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc5a500f by Stefan Metzmacher at 2023-08-08T12:57:29+00:00
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2b93058b by Stefan Metzmacher at 2023-08-08T12:57:29+00:00
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4028d658 by Stefan Metzmacher at 2023-08-08T12:57:29+00:00
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
50d61e53 by Stefan Metzmacher at 2023-08-08T12:57:29+00:00
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f348b84f by Stefan Metzmacher at 2023-08-08T13:59:58+00:00
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
- - - - -
874c693b by Volker Lendecke at 2023-08-10T13:40:31+00:00
smbd: Don't crash in cli_fsctl_send()
If you run "allinfo" on a symlink with NT1, cli_readlink_send sends a
NULL "in" blob. Do the same as smb2cli_ioctl_send() does, just send
NULL/0 in that case and don't crash.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9831fbeb by Volker Lendecke at 2023-08-10T13:40:31+00:00
libcli: Make symlink_reparse_buffer_parse() more flexible
Allow the destination struct to be preallocated
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97ba7b68 by Volker Lendecke at 2023-08-10T13:40:31+00:00
libcli: Add general reparse point data parsing
When we retrieve reparse point data, we don't know before what we
get. Right now all we do is expect a symlink, but we could get other
types as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e20e984 by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Use reparse_data_buffer_parse() in cli_readlink()
Gives the chance of better debug higher up (not used yet)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e20919af by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Use reparse_data_buffer_parse() to get symlink error resp
Gets a nicer error message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e71a6ab5 by Volker Lendecke at 2023-08-10T13:40:31+00:00
pylibsmb: Use reparse_data_buffer_parse()
Remove the last direct caller of symlink_reparse_buffer_parse()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e99e676b by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Some README.Coding for symlink_reparse_buffer_parse()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ad55c38 by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Move symlink_reparse_buffer_parse() to reparse.c
The goal of this is to eventually remove reparse_symlink.c once we
have marshalling routines for symlinks in reparse.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eb3e9315 by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Factor out cli_get_reparse_data() from cli_readlink()
Will be used in smbclient's allinfo command: Reparse points are more
than just symlinks.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a0edab50 by Volker Lendecke at 2023-08-10T13:40:31+00:00
libsmb: Retry with OPEN_REPARSE_POINT on IO_REPARSE_TAG_NOT_HANDLED
Eventually we'll have to make STOPPED_ON_SYMLINK special to handle the
symlink response, but for now they are the same.
STOPPED_ON_SYMLINK will tell us where the symlink is,
REPARSE_TAG_NOT_HANDLED won't. So if there's an unhandled reparse
point somewhere in the path, there's no really good way to handle
this. We'll get the REPARSE_TAG_NOT_HANDLED the second time as
well. Even SMB1 QPATHINFO gets this when you try to cross a NFS
reparse point.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ec66016 by Volker Lendecke at 2023-08-10T14:36:40+00:00
smbclient3: Get all reparse data for allinfo
If we hit a reparse point in point, it might be something but a
symlink.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Aug 10 14:36:40 UTC 2023 on atb-devel-224
- - - - -
aec49671 by Stefan Metzmacher at 2023-08-11T08:48:12+00:00
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ade663ee6ca1a2813b203ea667d933f4dab9e7b7)
- - - - -
208bece1 by Stefan Metzmacher at 2023-08-11T08:48:12+00:00
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea)
- - - - -
76c6234a by Stefan Metzmacher at 2023-08-11T08:48:12+00:00
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e)
- - - - -
28e68be9 by Stefan Metzmacher at 2023-08-11T08:48:12+00:00
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4028d6582907cf582730ceec56872d8584ad02e6)
- - - - -
4dcefc01 by Stefan Metzmacher at 2023-08-11T08:48:12+00:00
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9)
- - - - -
cd866f5c by Stefan Metzmacher at 2023-08-11T09:49:53+00:00
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
(cherry picked from commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Fri Aug 11 09:49:53 UTC 2023 on atb-devel-224
- - - - -
fd8324d5 by Michael Tokarev at 2023-08-11T13:07:45+03:00
d/control: python3-testtools is only needed for selftest, remove from Build-Depends for now
- - - - -
0d9ea6c5 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0c1ce53 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Improve debugging of invalid DNs
This is still unreachable, so but improve the logging
to give more detail in this area anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a12bcce8 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
63843a22 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
At this layer we can make a reasonable assumption about being able
to read ldb_errstring() to print that for extra useful debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0550e469 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn
This check was valuable before aee2039e63ceeb5e69a0461fb77e0f18278e4dc4
but now only checks things we know to be true, as the value has come
from Samba via drs_ObjectIdentifier_to_dn_and_nc_root() either on this
or a previous call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c30bb876 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Save the server dnsname on the DcConnection object
This object is used to hold one of many possible connections and
it is helpful for debugging and uniqueness to know which DC is being
connected to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
628eab11 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Create temp OU with a unique name per test
It is always better to keep the testing OUs unique if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
40f831e6 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Use addCleanup() in getchanges.py for OU handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
db16366b by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour
Azure AD Connect will send a GUID but no DummyDN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b323169d by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie
This demonstrates the behaviour used by the "Azure AD Connect" cloud sync tool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
87414955 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves
The NC root, on any replication when it appears, is the first object to be
replicated, including for all subsequent chunks in the replication.
However the tmp_highest_usn is not updated by that USN, it must
only be updated for the non-NC changes (to match Windows exactly),
or at least only updated with the non-NC changes until it would
naturally appear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
99579e70 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication
This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.
This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.
Azure AD will do a sequence of (roughly)
* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)
However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.
RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fe7418e1 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
This avoids the indentation correction being in the previous patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
548f141f by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges
This tries to avoid it appearing that ncRoot is a value that can
be trusted and used internally by not updating it and instead leaving
it just as an input/echo-back value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2ed9815e by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse
Because of the requirement to echo back the original string, we can
not force this to be a trustworthy value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2aba9e23 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Update getnc_state to be != NULL
This is closer to our READDME.Coding style
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
17359afa by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15407
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
79ca6ef2 by Andrew Bartlett at 2023-08-13T21:59:29+00:00
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
We send the NC root first, as a special case for every chunk
that we send until the natural point where it belongs.
We do not bump the tmp_highest_usn in the highwatermark that
the client and server use (it is meant to be an opauqe cookie)
until the 'natural' point where the object appears, similar
to the cache for GET_ANC.
The issue is that without this, because the NC root was sorted
first in whatever chunk it appeared in but could have a 'high'
highwatermark, Azure AD Connect will send back the same
new_highwatermark->tmp_highest_usn, and due to a bug,
a zero reserved_usn, which makes Samba discard it.
The reserved_usn is now much less likely to ever be set because
the tmp_higest_usn is now always advancing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
58260e1e by Michael Tokarev at 2023-08-13T22:54:55+00:00
python/samba/netcmd/domain/schemaupgrade.py: fix missing newline
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Aug 13 22:54:55 UTC 2023 on atb-devel-224
- - - - -
26329a69 by Andrew Bartlett at 2023-08-14T03:46:35+00:00
WHATSNEW: Remove unusual box around 'REMOVED FEATURES'
We do not normally put the ==== above the titles, per recent practice.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8744e5df by Andrew Bartlett at 2023-08-14T03:46:35+00:00
bootstrap: Heimdal no longer requires perl-JSON
Heimdal after lorikeet-heimdal-202307040259
(commit 33d117b8a9c11714ef709e63a005d87e34b9bfde)
includes Heimdal master commit f62e2f278437ff6c03d2d09bd628381c795bba78.
This has PR https://github.com/heimdal/heimdal/pull/1176 and no
longer requires the external JSON module, as JSON::PP is builtin.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15394
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4ae3e9b2 by Andrew Bartlett at 2023-08-14T03:46:35+00:00
selftest: Allow MIT Krb5 1.21 to still start to fl2000dc
This is the simplest way to keep this test environment alive.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b896da35 by Andrew Bartlett at 2023-08-14T03:46:35+00:00
krb5: Increase the minimum MIT Krb5 version to 1.21
This is the version we test with in CI after the image update
in the next commit. This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures
that Samba builds against the MIT version that allows us to
avoid that attack.
The hooks to allow these expectations to be disabled in the tests
are kept for now, to allow this to be reverted or to test
older servers.
With MIT 1.21 as the new test standard for the MIT KDC build
we update the knownfail_mit_kdc - this was required regadless
after the CI image update.
Any update to the CI image, even an unrelated one, brings in
a new MIT Krb5, version 1.21-3 in this case. This has new
behaviour that needs to be noted in the knownfail files or
else the tests, which haven't changed, will fail and
pipelines won't pass.
(The image generated by the earlier bootstrap commit brought
in krb5-1.21-2 which was buggy with CVE-2023-39975)
Further tweaks to tests or the server should reduce the number
of knownfail entries, but this keeps the pipelines passing for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
57672e45 by Andreas Schneider at 2023-08-14T04:40:03+00:00
bootstrap: Install codespell
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 14 04:40:03 UTC 2023 on atb-devel-224
- - - - -
329bfe47 by Joseph Sutton at 2023-08-14T04:57:34+00:00
auth: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28b84ac6 by Joseph Sutton at 2023-08-14T04:57:34+00:00
auth: Use portable format specifier
Also, correctly format the value as unsigned.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
830efcfe by Joseph Sutton at 2023-08-14T04:57:34+00:00
docs-xml: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
993ff035 by Joseph Sutton at 2023-08-14T04:57:34+00:00
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
578c1d39 by Joseph Sutton at 2023-08-14T04:57:34+00:00
ldb:ldb_sqlite3: Access correct member of union
Accessing the wrong member of a union invokes undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b3a8aa5 by Joseph Sutton at 2023-08-14T04:57:34+00:00
lib:krb5_wrap: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a643ac45 by Joseph Sutton at 2023-08-14T04:57:34+00:00
lib/replace: Ensure that __STDC_WANT_LIB_EXT1__ is set to 1
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d35e7f10 by Joseph Sutton at 2023-08-14T04:57:34+00:00
tsocket: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44df4771 by Joseph Sutton at 2023-08-14T04:57:34+00:00
librpc:ndr: Format sizes as ‘size_t’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c68b8cf1 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s3:lib: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
816ceb27 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s3:registry: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
939bd3d9 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e076b37 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:dsdb: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a202264 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:dsdb: Access correct member of union
Accessing the wrong member of a union invokes undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fd501df by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2de67b71 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Correct comments mentioning Heimdal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1755501 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7da7b81d by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c320f75 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Refer to correct function in error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
928f898e by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Allow cached=True with an assigned silo or policy
We might want to create an account with an assigned silo or policy in
setUp() or setUpClass() to be reused in subsequent tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5529337 by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Rename compatability_tests class
We should not have two unrelated classes both named SimpleKerberosTests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
942cc0b6 by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Keep claim types for subsequent tests
We want to be able to reuse them across several tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55c09c91 by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Move some functions round to prepare for splitting the class
No effective code change.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5492d76 by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Split out new AuthnPolicyBaseTests class
This class provides a useful base for other tests to build upon.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da89b86e by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Allow specifying additional details for a test account
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9d6a3dd by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Allow specifying KDC options when requesting a TGT
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7026b08e by Joseph Sutton at 2023-08-14T04:57:34+00:00
tests/krb5: Test that neither forwardable nor proxiable tickets are issued to Protected Users
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0cf658cd by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users
If an authentication policy enforces a maximum TGT lifetime for a
Protected User, that limit should stand in place of the four-hour limit
usually applied to Protected Users; we should nevertheless continue to
ensure that forwardable or proxiable tickets are not issued to such
users.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e035cfab by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Don’t log secret keys
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f34645b8 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Initialize entry->modified_by
If smb_krb5_make_principal() fails without setting the principal,
sdb_entry_free() will try to free whatever memory the uninitialized
member points to.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cfddcbf by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Check result of samdb_result_dom_sid()
We must not pass a NULL pointer into dom_sid_split_rid().
While we’re at it, switch to using samdb_result_dom_sid_buf(), which
doesn’t require a heap allocation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26e2e891 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Ensure we don’t increase the value of entry->etypes->len
The value of entry->etypes->len ought to be equal to that of
entry->keys.len, and so should be nonzero. But it’s safer not to rely on
that assumption.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09e13845 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Fix leak of sdb_entry
We should take the common ‘out’ path to ensure that we call
sdb_entry_free() on the entry.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bc1103e9 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Check return value from ldb_dn_get_linearized()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79738178 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Free samba_kdc_seq context on failure to allocate memory
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
902ed79b by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Call krb5_free_principal() directly after to-be-freed principal is used
This simplifies the ‘out’ path.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf78c603 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Remove unnecessary talloc context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9c275b4 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Move calls to talloc_steal() out of the ‘out’ paths
This simplifies the ‘out’ paths.
Every code path that reaches ‘out’ via a goto ensures that ‘ret’ is set
to a nonzero value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5129c07 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Fix leaks
Use a temporary context to allocate these variables. Each variable that
needs to be transferred to the caller is stolen onto an appropriate
talloc context just prior to the function’s returning.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93c0f355 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84929c68 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Return an error code if sdb_entry_to_hdb_entry() fails
This condition was written backwards — if samba_kdc_fetch() returned
zero, we would ignore any error code returned by
sdb_entry_to_hdb_entry().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f127875 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Correct error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb78ad7b by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Use portable format specifier
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
406af84b by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Correctly report length of KDC packet
If the data was received over TCP, it would have had four bytes
subtracted from its length already, in kdc_tcp_call_loop().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5465872 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Fail PAC checksum verification if the krbtgt entry has no keys
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75a1beee by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Fix leaks of sdb_entry’s members
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e496d77 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Consistently zero HDB structures
To these conversion functions we sometimes pass malloc-allocated HDB
structures, which we free afterwards if conversion fails. If parts of
these structures are still uninitialized when we try to free them, all
sorts of fun things can result.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7dd13e8d by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Ensure the value of h->len is accurate
If we exited this function early due to an error, h->len would contain
the number of elements that *ought* to be in h->val, but not all of
those elements must have been initialized. Subsequently trying to free
this partially-uninitialized structure with free_Keys() could have bad
results.
Avoid this by ensuring that h->len accurately reports the actual number
of initialized elements.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e5e2f0b by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Erase key data
If we’re going to zero the keys before freeing them, we might as well do
it properly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dadfc06c by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Use type bool for ‘is_tgs’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18569f81 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:auth: Add missing space to error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45ca5e23 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:auth: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9e2dfa5 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:auth: Check return value of talloc_new()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e67c0226 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Return (possibly) more appropriate error codes
This change ultimately won’t make much difference to responses, as
unrecognized codes are mapped to ERR_GENERIC in any case. But it might
provide some help for debugging.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc99b903 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Make some functions static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d6ebfe4 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Return krb5_error_code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
914f1700 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Switch to using samdb_result_dom_sid_buf()
This function doesn’t require a heap allocation.
We also check the result of the function, which we weren’t doing before.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63f79844 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Don’t enforce a server authentication policy for the krbtgt
As the server authentication policy will be non-NULL only for entries
looked up as servers, the krbtgt shouldn’t have an authentication policy
anyway. But we might as well be explicit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab098c24 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Inline samba_get_claims_blob()
Wrapping a function this simple doesn’t gain us very much.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d485b26 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Use common out path in mit_samba_kpasswd_change_password()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c1061ae8 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Free error message returned by krb5_get_error_message()
Also check whether the message is NULL. Passing NULL to vasprintf() is
undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37c8c343 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:dsdb: Use uint32_t for ‘num_sids’
This matches the use of uint32_t for security_token::num_sids.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
479ebdd0 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:dsdb: Make ‘sids’ parameter const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
365455b6 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:dsdb: Check for overflow in security_token_create()
Overflow is unlikely ever to occur, but you never know.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78fc6fbb by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Have encode_claims_set return NTSTATUS
This change will simplify things later. Probably.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6cd6b25 by Joseph Sutton at 2023-08-14T04:57:34+00:00
s4:kdc: Remove ldb_context parameter as being no longer needed
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58371c33 by Joseph Sutton at 2023-08-14T04:57:35+00:00
s4:kdc: Properly allocate claims set on a talloc context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6b78ef7 by Joseph Sutton at 2023-08-14T04:57:35+00:00
s4:kdc: Ensure that we don’t dereference a NULL pointer
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
504a36f3 by Joseph Sutton at 2023-08-14T04:57:35+00:00
s4:kdc: Rename get_claims_for_principal() to get_claims_blob_for_principal()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21e0c258 by Joseph Sutton at 2023-08-14T04:57:35+00:00
s4:kdc: Rename ‘claims_blob’ parameter to ‘claims_blob_out’
Just to make perfectly clear that it is an out parameter.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b24bce2 by Michael Tokarev at 2023-08-14T08:34:11+03:00
d/rules: export PYTHONDONTWRITEBYTECODE=1 to stop python from generating .pyc caches (#1048754)
- - - - -
c01c206d by Joseph Sutton at 2023-08-14T05:51:45+00:00
s4:kdc: Add get_claims_set_for_principal()
Add a new function, get_claims_set_for_principal(), that returns the
claims as a CLAIMS_SET structure rather than as a blob. To accommodate
this, move the call to encode_claims_set() out of get_all_claims() and
into get_claims_blob_for_principal().
Being able to get the unencoded claims will save us from having to
decode claims that we just needlessly encoded.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 14 05:51:45 UTC 2023 on atb-devel-224
- - - - -
e7bf94b4 by Jeremy Allison at 2023-08-14T14:57:32+00:00
s3: smbd: Deliberately currupt an uninitialized pointer.
We will need this to show smbd crashing in the test code.
This will be removed once we're passing the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
963fd8aa by Jeremy Allison at 2023-08-14T14:57:32+00:00
s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
Shows that we indirect through an uninitialized pointer and the client crashes
it's own smbd.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9220c45c by Jeremy Allison at 2023-08-14T14:57:32+00:00
s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
Robert Morris <rtm at lcs.mit.edu> noticed that in the case
where srvstr_pull_req_talloc() is being called with
buffer remaining == 0, we don't NULL out the destination
pointed which is *always* done in the codepaths inside
pull_string_talloc(). This prevents a crash in the caller.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5bc50d2e by Jeremy Allison at 2023-08-14T14:57:32+00:00
s3: smbd: Uncorrupt the pointer we were using to prove a crash.
Rather than restore to uninitialized, set to NULL as per
modern coding practices.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5379b8d5 by Jeremy Allison at 2023-08-14T15:55:43+00:00
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224
- - - - -
044cb8f9 by Jones Syue at 2023-08-14T18:11:37+00:00
mdssvc: Do an early talloc_free() in _mdssvc_open()
Environment setup:
When macOS Finder connect to a samba server with 'spotlight = yes',
macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
through api _mdssvc_open().
After applied 578e434a94147dc2d7dbfc006d2ab84807859c1d,
(this is reported by jaywei at qnap.com)
this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
so memory is lazy de-allocate: delayed to
smbd_tevent_trace_callback() @ smb2_process.c. [1]
Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
just like abnormal exit, do not wait for main loop to free 'path' which is
no longer used, this is more consistent while reading source code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
[1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
<...cut...>
[2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
<...cut...>
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224
- - - - -
63895e03 by Jeremy Allison at 2023-08-14T18:56:38+00:00
s3: torture: Add a test doing an SMB1 negotiate+exit.
Robert Morris <rtm at lcs.mit.edu> noticed a missing
return in reply_exit_done().
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
d79d0508 by Jeremy Allison at 2023-08-14T19:52:49+00:00
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224
- - - - -
b6938025 by Volker Lendecke at 2023-08-14T19:53:37+00:00
passdb: Fix a DBG message
This is not dsdb_add_domain_alias()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
753e271e by Volker Lendecke at 2023-08-14T19:53:37+00:00
passdb: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2bea8a80 by Volker Lendecke at 2023-08-14T19:53:37+00:00
passdb: Fix a DBG statement
This is not pdb_getsampwent()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0c6ac321 by Volker Lendecke at 2023-08-14T19:53:37+00:00
idmap: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b7e0f342 by Volker Lendecke at 2023-08-14T19:53:37+00:00
idmap_tdb: Remove a variable never used
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bcba393 by Volker Lendecke at 2023-08-14T19:53:37+00:00
idmap:fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac738e30 by Volker Lendecke at 2023-08-14T19:53:37+00:00
lib: Move few bytes of R/W data to R/O text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0c645107 by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbd: Use struct initialization
Avoid an explicit ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d40d130b by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbd: Fix DBG macro
This augments 5c37615efa2, the DBG macros already prepend the the function name
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad098665 by Volker Lendecke at 2023-08-14T19:53:37+00:00
dbwrap: Simplify dbwrap_change_uint32_atomic_action()
Use dbwrap_do_locked()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0382e072 by Volker Lendecke at 2023-08-14T19:53:37+00:00
dbwrap: Simplify dbwrap_change_int32_atomic_action()
Use dbwrap_do_locked()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
688891f4 by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbstatus: Fix CID 1507870 Uninitialized pointer read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6527211a by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbstatus: Fix CID 1507865 Uninitialized pointer read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4da367c3 by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbd: Use "dirfsp" in smb_posix_open()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3ee9fe28 by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbd: Use "dirfsp" in smb_posix_unlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fab10b58 by Volker Lendecke at 2023-08-14T19:53:37+00:00
smbd: Pass down "dirfsp" to smb_unix_mknod()
Avoids a call to parent_pathref()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
544c7285 by Volker Lendecke at 2023-08-14T19:53:37+00:00
libsmb: A bit README.Coding for cli_qpathinfo2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a9f358f7 by Volker Lendecke at 2023-08-14T19:53:37+00:00
tevent: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42e4691c by Volker Lendecke at 2023-08-14T20:51:11+00:00
audit_logging: Simplify json_add_stringn() with json_stringn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 14 20:51:11 UTC 2023 on atb-devel-224
- - - - -
783eff3f by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:lib: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a749d885 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:libcli: Remove tailing white spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
950f0b47 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:libcli: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37664f4c by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:libnet: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42f094af by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:librpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6427dafe by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:ntvfs: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d85b998 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:rpc_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee1bc66e by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:samba: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c13765f by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:scripting: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ebd645e by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:selftest: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
541f4d08 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s3:ldap_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a0201e8 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:setup: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1da1fc9 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:smb_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5dd07a44 by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:torture:auth: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dd7625a by Andreas Schneider at 2023-08-14T21:45:29+00:00
s4:torture:dfs: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69b78769 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:drs: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5850ea63 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:basic: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2c952cf by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:dns: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56fdc3c5 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:krb5: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f023d74 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:ldap: Remove trailing white spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c4e84fd by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:ldap: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
faa06e5e by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:ldb: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
664f6961 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:libnetapi: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4ed99a2 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:nbench: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
428c1556 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:nbt: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff2f813b by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:raw: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
085cfe0c by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:rpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d241305 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture:smb2: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
920ffe5d by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:torture: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbfc239f by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:wrepl_server: Remove trailing white spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f024d57 by Andreas Schneider at 2023-08-14T21:45:30+00:00
s4:wrepl_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7ed7405 by Andreas Schneider at 2023-08-14T21:45:30+00:00
testprogs: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be56ec0a by Andreas Schneider at 2023-08-14T21:45:30+00:00
tests: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45e17b70 by Andreas Schneider at 2023-08-14T21:45:30+00:00
wintest: Fix code spelling
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e54939c8 by Andreas Schneider at 2023-08-14T21:45:30+00:00
scripts: Add codespell check
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61d97ebf by Andreas Schneider at 2023-08-14T22:44:58+00:00
gitlab-ci: Add running codespell
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 14 22:44:58 UTC 2023 on atb-devel-224
- - - - -
d87041d8 by Martin Schwenke at 2023-08-15T09:49:38+00:00
ctdb-common: Improve error handling
Factor out a failure label, which will get more use in subsequent
commits, and only set private_data when success is certain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ffc2ae61 by Martin Schwenke at 2023-08-15T09:49:38+00:00
ctdb-common: Replace pcap_open_live() by lower level calls
A subsequent commit will insert an additional call before
pcap_activate().
This sequence of calls is taken from the source for pcap_open_live(),
so there should be no change in behaviour.
Given the defaults set by pcap_create_common(), it would be possible
to omit the calls to pcap_set_promisc() and pcap_set_timeout().
However, those defaults don't seem to be well documented, so continue
to explicitly set everything that was set before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dc7b48c4 by Martin Schwenke at 2023-08-15T10:53:52+00:00
ctdb-common: Set immediate mode for pcap capture
Fix a problem where ctdb_killtcp (almost always) fails to capture
packets with --enable-pcap and libpcap ≥ 1.9.1. The problem is due to
a gradual change in libpcap semantics when using
pcap_get_selectable_fd(3PCAP) to get a file descriptor and then using
that file descriptor in non-blocking mode.
pcap_set_immediate_mode(3PCAP) says:
pcap_set_immediate_mode() sets whether immediate mode should be set
on a capture handle when the handle is activated. In immediate
mode, packets are always delivered as soon as they arrive, with no
buffering.
and
On Linux, with previous releases of libpcap, capture devices are
always in immediate mode; however, in 1.5.0 and later, they are, by
default, not in immediate mode, so if pcap_set_immediate_mode() is
available, it should be used.
However, it wasn't until libpcap commit
2ade7676101366983bd4f86bc039ffd25da8c126 (before libpcap 1.9.1) that
it became a requirement to use pcap_set_immediate_mode(), even with a
timeout of 0.
More explanation in this libpcap issue comment:
https://github.com/the-tcpdump-group/libpcap/issues/860#issuecomment-541204548
Do a configure check for pcap_set_immediate_mode() even though it has
existed for 10 years. It is easy enough.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 15 10:53:52 UTC 2023 on atb-devel-224
- - - - -
f02f74e9 by Jeremy Allison at 2023-08-15T11:12:32+00:00
s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.
If a client does a SMB1 NEGPROT followed by SMB1 TCON
then req->session is left uninitialized.
Show this causes a crash by deliberately initializing
req->session to an invalid pointer. This will be removed
once the test shows the crash, and the fix is added to
cause init_smb1_request() to zero the memory passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c32df3bb by Jeremy Allison at 2023-08-15T11:12:32+00:00
s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session.
Found by Robert Morris <rtm at lcs.mit.edu>.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <nopower at samba.org>
- - - - -
4145bfb1 by Jeremy Allison at 2023-08-15T12:06:36+00:00
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224
- - - - -
2c915e74 by Joseph Sutton at 2023-08-15T18:46:33+00:00
tests/krb5: Remove unused import
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0cce6168 by Joseph Sutton at 2023-08-15T18:46:33+00:00
tests/krb5: Shorten long lines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
631e26e1 by Joseph Sutton at 2023-08-15T18:46:33+00:00
tests/krb5: Add a test decoding INT64 PAC claims issued by Windows
Our NDR code currently handles INT64 claims incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
402bb176 by Joseph Sutton at 2023-08-15T18:46:33+00:00
librpc:ndr: Add ‘int64’ type
This type behaves like a signed variant of ‘hyper’. Unlike the existing
‘dlong’ type, which has four byte alignment, ‘int64’ is aligned to eight
bytes.
Bump the NDR version to 3.0.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa181551 by Joseph Sutton at 2023-08-15T18:46:33+00:00
claims.idl: Use ‘int64’ instead of ‘dlong’ for INT64 claims
This field is supposed to be aligned to eight bytes, but the ‘dlong’
type is aligned to only four bytes. This discrepancy resulted in claims
being encoded and decoded incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37fdd79c by Joseph Sutton at 2023-08-15T19:41:50+00:00
tests/krb5: Remove incorrect comments
Now that the INT64 claim IDL definition has been corrected, these tests
should pass against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 15 19:41:50 UTC 2023 on atb-devel-224
- - - - -
9e5f1a30 by Jones Syue at 2023-08-16T10:48:14+00:00
mdssvc: Do an early talloc_free() in _mdssvc_open()
Environment setup:
When macOS Finder connect to a samba server with 'spotlight = yes',
macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
through api _mdssvc_open().
After applied 578e434a94147dc2d7dbfc006d2ab84807859c1d,
(this is reported by jaywei at qnap.com)
this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
so memory is lazy de-allocate: delayed to
smbd_tevent_trace_callback() @ smb2_process.c. [1]
Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
just like abnormal exit, do not wait for main loop to free 'path' which is
no longer used, this is more consistent while reading source code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
[1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
<...cut...>
[2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
<...cut...>
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224
(cherry picked from commit 044cb8f9d558bfcd7658cae0f05ff36330538748)
- - - - -
8e31fd2d by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: smbd: Deliberately currupt an uninitialized pointer.
We will need this to show smbd crashing in the test code.
This will be removed once we're passing the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit e7bf94b4e3a7f994aa6f0b859089c5add2ad380f)
- - - - -
6fef9767 by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
Shows that we indirect through an uninitialized pointer and the client crashes
it's own smbd.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 963fd8aa9b76361ab9aeb63307773f2498b17879)
- - - - -
4c27dfe3 by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
Robert Morris <rtm at lcs.mit.edu> noticed that in the case
where srvstr_pull_req_talloc() is being called with
buffer remaining == 0, we don't NULL out the destination
pointed which is *always* done in the codepaths inside
pull_string_talloc(). This prevents a crash in the caller.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 9220c45cc191b34e293190f6a923ba463edd5db9)
- - - - -
f025f51a by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: smbd: Uncorrupt the pointer we were using to prove a crash.
Rather than restore to uninitialized, set to NULL as per
modern coding practices.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5bc50d2ea4444244721e72b4264311c7005d2f3c)
- - - - -
e6c0d4f1 by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224
(cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb)
- - - - -
122afc37 by Jeremy Allison at 2023-08-16T10:48:14+00:00
s3: torture: Add a test doing an SMB1 negotiate+exit.
Robert Morris <rtm at lcs.mit.edu> noticed a missing
return in reply_exit_done().
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 63895e03c4e8ed79a3b2cda928f58ec278cd6608)
- - - - -
320d6540 by Jeremy Allison at 2023-08-16T11:49:39+00:00
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224
(cherry picked from commit d79d0508a4b8bdc4582a350d109181ecae0bf1e2)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Wed Aug 16 11:49:39 UTC 2023 on atb-devel-224
- - - - -
87e193d9 by Jule Anger at 2023-08-16T18:36:14+02:00
WHATSNEW: Add release notes for Samba 4.18.6.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2613f2b2 by Jule Anger at 2023-08-16T18:36:51+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.18.6 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
124758a0 by Michael Tokarev at 2023-08-16T20:06:52+03:00
New upstream version 4.18.6+dfsg
- - - - -
7f1e477b by Michael Tokarev at 2023-08-16T20:07:26+03:00
Update upstream source from tag 'upstream/4.18.6+dfsg'
Update to upstream version '4.18.6+dfsg'
with Debian dir 928ac93eb5074cfafd18152754a55a9c3c072389
- - - - -
a1bb3bd5 by Michael Tokarev at 2023-08-16T20:12:47+03:00
update changelog; upload version 4.18.6+dfsg-1 to unstable
- - - - -
02b54677 by Joseph Sutton at 2023-08-21T23:37:29+00:00
lib:krb5_wrap: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d608dc17 by Joseph Sutton at 2023-08-21T23:37:29+00:00
lib:krb5_wrap: Fix references to incorrect function names
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
593a7fb6 by Joseph Sutton at 2023-08-21T23:37:29+00:00
libcli/auth: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5cbb542 by Joseph Sutton at 2023-08-21T23:37:29+00:00
librpc:ndr: Use portable integer types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a836b433 by Joseph Sutton at 2023-08-21T23:37:29+00:00
pidl: Use non-existent function dissect_ndr_int64()
This function does not exist yet, but Wireshark can implement it if they
ever choose to regenerate their NDR dissectors.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d40293e0 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:netcmd: Add missing newlines to error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
859bbef4 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:netcmd: Remove semicolon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c052b175 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:subunit: Fix docstring
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7e00680 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:subunit: Use ‘is’ to compare variables with singletons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a985873c by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:tests: Make getSamDB() a static method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f71893c1 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:tests: Reuse claims created by setUp() across all tests
We now create the claims in setUp() only once, preserving them so as to
reuse them across all of the tests in this class. Then we finally delete
them all in tearDownClass().
addClassCleanup() could make this cleaner, but it’s available only in
Python 3.8 and above.
This change reduces the time taken by my machine to run these tests from
four minutes to twenty seconds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
981c3413 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:tests: Reuse policies and silos created by setUp() across all tests
We now create the claims in setUp() only once, preserving them so as to
reuse them across all of the tests using this class. Then we finally
delete them all in tearDownClass().
addClassCleanup() could make this cleaner, but it’s available only in
Python 3.8 and above.
This change reduces the time taken by my machine to run
samba.tests.samba_tool.domain_auth_policy from two minutes to ten
seconds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d6b10da by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:tests: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
683dab11 by Joseph Sutton at 2023-08-21T23:37:29+00:00
python:tests: Save files with intended contents
We presumably here meant to use the variable ‘contents’, not
‘test_contents’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4004ded9 by Joseph Sutton at 2023-08-21T23:37:29+00:00
s3:libnet: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3c47b65 by Joseph Sutton at 2023-08-21T23:37:29+00:00
s3:libnet: Fix reference to incorrect function names
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
448cc122 by Joseph Sutton at 2023-08-21T23:37:29+00:00
s3:rpc_server: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b580f73 by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:kdc: Do not panic if authsam_logon_success_accounting() fails
In hdb_samba4_audit(), ERR_GENERIC signals an unexpected situation — if
we encounter that error code while running under selftest, we’ll panic.
In response to an expected event such as the failure of
authsam_logon_success_accounting(), it’s more appropriate to continue to
run.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbfa98ec by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:kdc: Remove support code for older versions of MIT Kerberos
The oldest version we now support is 1.21. For every supported version
we can be certain that KRB5_KDB_API_VERSION >= 10 and
KRB5_KDB_DAL_MAJOR_VERSION >= 9.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9166d01b by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:kdc: Set SAMBA_KDC_FLAG_PROTOCOL_TRANSITION flag for MIT Kerberos
This flag was set in commit 461dc44e740aacad41bb0df0552560d1eb3c6ea8,
but only in mit_samba_reget_pac(); it was not set in the newer function,
mit_samba_update_pac(), used with MIT Kerberos 1.20 and above.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d2c7c45 by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:kdc: Use ‘krb5_error_code’ for return types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b03aabe by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:kdc: Use smb_krb5_make_data()
smb_krb5_make_data() sets the magic field, which we were previously
ignoring. We should also not set krb5_data::length if krb5_data::data is
NULL.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
783f09cc by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:smb_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
892c1b0a by Joseph Sutton at 2023-08-21T23:37:29+00:00
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2126e08 by Joseph Sutton at 2023-08-21T23:37:29+00:00
selftest: Remove semicolon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ce6e3c9 by Joseph Sutton at 2023-08-21T23:37:29+00:00
selftest: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbc0ff18 by Joseph Sutton at 2023-08-21T23:37:29+00:00
selftest: Remove leftover from debugging
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc41a35a by Joseph Sutton at 2023-08-21T23:37:29+00:00
selftest: Fix subunit reporting the time incorrectly
Although report_time() would output the time in UTC, it neglected to
specify the timezone offset. Thus subunithelper.parse_results() would
interpret the time string it was given as being in local time.
TestProtocolClient.time() then converted that *back* into UTC, giving an
incorrect result (unless UTC is your local timezone).
Fix this by having report_time() indicate that the time zone is UTC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15162
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aba7eb09 by Joseph Sutton at 2023-08-22T00:36:52+00:00
selftest: Report time at which testsuite starts
With no call to report_time() preceding it,
PlainFormatter.start_testsuite() would always claim that no time had
elapsed prior to the first testsuite starting to run. This gave a
misleading impression of the time spent running the first testsuite. Now
the time will be consistent with that reported for subsequent
testsuites, and will properly include any time that test environments
took to start up.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 22 00:36:52 UTC 2023 on atb-devel-224
- - - - -
3a5f7eae by Michael Tokarev at 2023-08-22T08:04:07+03:00
d/changelog: add 2 forgotten changelog entries for the previous upload
- - - - -
55539629 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Add cli_smb2_qpathinfo_send/recv()
Wrap the create/qfileinfo/close, to be used in next patches
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50edb026 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Use cli_smb2_qpathinfo() for streams
Remove sync cli_smb2_qpathinfo_streams() wrapper.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2d535db by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Use cli_smb2_qpathinfo() in cli_qpathinfo2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
47509eb7 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Use cli_smb2_qpathinfo_basic() in cli_getatr()
cli_smb2_qpathinfo_basic() uses the smb_create_returns and avoids a
round-trip.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
914e0cf6 by Volker Lendecke at 2023-08-22T16:45:31+00:00
smbclient: Don't give up in allinfo if getting advanced info fails
Getting streams might fail, but further down getting reparse info
might succeed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0db32b4 by Volker Lendecke at 2023-08-22T16:45:31+00:00
torture3: Avoid unused variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
087cddc9 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Move cli_qpathinfo1() to torture3
It's only used there, and it clutters general code. Re-adding the
async flavor is trivial should it ever be required.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6a5ce7b by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Move cli_raw_ioctl() to torture3
Only used there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
107beacf by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Use tevent_req_oom() where appropriate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
edc6e69e by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Remove a duplicate TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd801b69 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libsmb: Use tevent_req_nterror() properly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
939aa0e6 by Volker Lendecke at 2023-08-22T16:45:31+00:00
clifuse: Use direct FSCC info level
Avoid the magic -1000
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c6a01c8 by Volker Lendecke at 2023-08-22T16:45:31+00:00
libcli: Add required #includes to smbXcli_base.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81226b51 by MikeLiu at 2023-08-22T17:44:00+00:00
vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn()
1. Set 'aio_allow_open' to false if fsp->fsp_flags.is_pathref
2. Move !(how->flags & O_CREAT) and !(how->flags & O_EXCL) up and set 'aio_allow_open' to false
3. Use SMB_VFS_NEXT_OPENAT() instead of openat() for disable async opens case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15453
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 22 17:44:00 UTC 2023 on atb-devel-224
- - - - -
c291ab2a by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:param: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b9a73ff6 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
examples: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4a54b005 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:rpcclient: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
993ba8a8 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:rpc_server: Use lpcfg_set_cmdline() in test_mdsparser_es
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0534e1ca by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in dbwrap_tool
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
041e28d9 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in dbwrap_torture
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2eced254 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in mdsearch
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e6ea68b4 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in net
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
10e35d6c by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Remove trailing spaces in pdbedit; no changes
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
914d1a38 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in pdbedit
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed947b16 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in regedit
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6c00718f by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in sharesec
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0e2d13c5 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in smbcacls
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d0ca1114 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Remove trailing spaces in smbcacls; no changes
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a4cb09a by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in smbcontrol
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9ef35869 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Remove trailing spaces in smbcontrol; no changes
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
16a4c8c8 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in smbcquotas
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8f2a9f83 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Remove trailing spaces in smbcquotas; no changes
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
91e5859b by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in smbstatus
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b37269e0 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in testparm
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1502ef29 by Pavel Kalugin at 2023-08-23T08:27:30+00:00
s3:utils: Use lpcfg_set_cmdline() in vfstest
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
86f67f59 by Jeremy Allison at 2023-08-23T09:29:51+00:00
s3: libsmb: Add a missing return statement in the timeout case.
Obvious fix (needs a malicious server to recreate).
Found by Robert Morris <rtm at lcs.mit.edu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15426
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 23 09:29:51 UTC 2023 on atb-devel-224
- - - - -
4504324e by Douglas Bagnall at 2023-08-24T02:53:30+00:00
lib/util: strhex_to_data_blob checks talloc
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43e017d3 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
libcli/security/pysecurity: use NULL to mean NULL in C
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59a2d741 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
pytests: add helper to grab a directory from environment
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77967274 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
pytest/sddl: replace/export tests based on environment vars
We had a stupid system involving test functions with side-effects,
that needed to be enabled by editing the file. Now you get the same
effects by setting environment variables, the names of which you can
only learn by reading the file closely.
This works better because some stuff needs to happen at class-time
rather than instance-time.
Also the environment variables specify the import and export locations.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b9f42b3 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
pytest/sddl: environment option for exporting as fuzz seeds
We want realistic examples for sddl fuzzing seeds, and we want
realistic examples for sddl tests, so hopefully we only need to get
it right once.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8a0ae89 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
pytest/sddl: add option for case-insensitive tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a1848a1 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
pytest/sddl: tests for more invalid or weird cases
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31dadff3 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
s4/torture: initialise ACE structs to zero
Because soon these structs will have more members, which are typically
going to be zero.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a45a434 by Douglas Bagnall at 2023-08-24T02:53:30+00:00
s4/ntfvfs/pvfs_acl: initialise ACEs to zeroes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47edd41b by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: sddl ACL decode avoids early splitting on parenthesis
Soon we will have Conditional ACEs and Resource Attribute ACEs. It is
expected --indeed mandatory-- that the SDDL representations of these
ACEs will contain parentheses, so we can't use '(' and ')' to decide
where ACEs stop and start.
This means shifting where we make a mutable copy of the SDDL string
from per-ACE to per-ACL, and allowing sddl_decode_ace() to decide when
its ACE is finished.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c73034cf by Douglas Bagnall at 2023-08-24T02:53:31+00:00
librpc/security.idl: adjust size calculations for upcoming ace types
Soon we will get Conditional ACEs and Resource Attribute ACES, each of
which have trailing bytes at the end of the ACE. Here's a diagram:
____ The ACE size field may indicate a size bigger
.type / | than the known parts, even when you take
.flags / | rounding to a multiple of four into account.
.size --' | This extra data is meaningful in some ACEs.
.access_mask |
.trustee (sid) _| <- known data ends here.
:
"coda" ___: <- the trailing part, Zero size unless the size
field points beyond the end of the known data.
Probably empty for ordinary ACE types.
Until now we have thrown away these extra bytes, because they have no
meaning in the ACE types we recognise. But with conditional and
resource attribute ACEs we need to catch and process these bytes, so
we add an extra field for that.
Thus we can drop the manually written ndr_pull_security_ace() that
discarded the trailing bytes, because we just allow it to be pulled
into an unused blob. In the very common case, the blob will be empty.
Microsoft does not use a common name across different ACE types to
describe this end-data -- "coda" is a Samba term.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26722348 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: used sec_ace_object() in sddl encoding
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c1621d34 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: avoid leak in calculate_inherited_from_parent()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55cc6b52 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: remove unused tmp_ctx in calculate_inherited_from_parent()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c300790 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: script to turn token/descriptor pairs into sddl
We fuzz security descriptors in a couple of different ways, and this
maps seeds from one form into the other. The SDDL examples can also be
used in Windows tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a24ba4ea by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: add some test more Windows SDDL test strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f58372cc by Douglas Bagnall at 2023-08-24T02:53:31+00:00
python/colour: add a colour diff helper
Sometimes colour can help show what is different between two strings.
This is roughly the same as
`git diff --no-index --color-words=. <a> <b>`.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
641981c4 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: rewrite SDDL tests for running on Windows
This script never worked well because it had to shell out to
Powershell, which never worked well due to syntax conflicts and
Powershell's specialness. The attempted ctypes version did not work,
due to the difficulty in expressing things like "relative
PSECURITY_DESCRIPTOR" in ctypes.
It turns out that pywin32 is easy to install and use, and we can
extract the NDR bytes which is far more useful than just testing if
the SDDL parses.
On Windows:
1. install Python from python.org
2. run `pip install pywin32`
3. copy e.g. libcli/security/tests/data/conditional-aces.txt to Windows
4. run `python windows-sddl-tests.py conditional-aces.txt`
5. add `--help` to see how to export descriptor bytes.
The default output is a whole lot of multi-coloured text, indicating
what failed and what didn't.
With --export-json it writes a JSON file mapping SDDL strings to NDR
byte sequences, which can be used to compare with Samba's attempts. If
you are only interested in --export-json, you might also like --quiet.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
536b9a0c by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: move Windows test script to windows subdir
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
741ab485 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: test helper script extracts fuzz SDDL
This allows us to try the fuzz seeds as SDDL on Windows, then test
that Samba matches Windows' security descriptors in the cases where
the SDDL compiles. This will find SDDL edge cases that might otherwise
be missed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
882ad161 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
pytest: compare Samba vs Windows SDDL security descriptors
Can Samba understand Windows security descriptors? Does it parse SDDL
the same way?
Here we test on over 7000 SDDL/descriptor pairs and find the answer
is pleasing. In later commits we will add more tests using different
classes of ACE.
The test cases are derived from fuzz seeds, exported to Windows via
the script in the last commit, with the Windows descriptor bytes found
using libcli/security/tests/windows/windows-sddl-test.py.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
909a2af9 by Douglas Bagnall at 2023-08-24T02:53:31+00:00
libcli/security: rm unused sec_ace_copy()
Unused since 2014.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18f44f3b by Douglas Bagnall at 2023-08-24T03:47:08+00:00
selftest:ndrdump: adjust xattr_NTACL test for ACE coda
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Aug 24 03:47:08 UTC 2023 on atb-devel-224
- - - - -
c7672779 by Martin Schwenke at 2023-08-28T01:21:07+00:00
util: Avoid logging to multiple backends for stdout/stderr
Commit 83fe7a0316d3e5867a56cfdc51ec17f36ea03889 converted the
stdout/stderr logging types to DEBUG_FILE to get a header when using
DEBUG_SYSLOG_FORMAT_ALWAYS. However, this causes all configured
backends to be invoked. When syslog is one of those backends then
this is almost certainly not what is intended.
Instead, call debug_file_log() directly in that special case and
revert the parts of the above commit that convert to file logging.
Most of the changes to debughdrclass() still seem necessary, since
they handle the change of debug_syslog_format from a bool to an enum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15460
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Aug 28 01:21:07 UTC 2023 on atb-devel-224
- - - - -
8e7a62b6 by Andreas Schneider at 2023-08-28T02:04:36+00:00
waf: Build nmbd with -Wno-error=stringop-overflow
We use strlcpy() which has been added to glibc recently. This means we
also get fortification for strlcpy() now:
source3/nmbd/nmbd_browsesync.c: In function ‘find_domain_master_name_query_success’:
source3/nmbd/nmbd_browsesync.c:337:9: warning: ‘strlcpy’ writing 257 bytes into a
region of size 16 overflows the destination [-Wstringop-overflow=]
337 | strlcpy(userdata->data, work->work_group, size - sizeof(*userdata));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We allocate memory for the userdata struct + fstring. However the data
pointer we use only is 16 bytes. Also nowadays you would use offsetof()
for the allocation calculation, but it only works correctly on newer
compilers like gcc > 7. We could make use of it in future after CentOS 7
is gone.
As we don't want to touch nmbd anymore, just silence the warnings.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
776597bc by Joseph Sutton at 2023-08-28T02:04:36+00:00
samba-tool: Allow LDB URL to be None
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15458
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1b285e4 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Support more global trust directories
In addition to the SUSE global trust directory, add support for RHEL and
Debian-based distributions (including Ubuntu).
To determine the correct directory to use, we iterate over the variants
and stop at the first which is a directory.
In case none is found, fallback to the first option which will produce a
warning as it did previously.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
fa80d1d8 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Support update-ca-trust helper
This is used on RHEL/Fedora instead of update-ca-certificates. They
behave similarly so it's enough to change the command name.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
bce3a892 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Change root cert extension suffix
On Ubuntu, certificates must end in '.crt' in order to be considered by
the `update-ca-certificates` helper.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
1ef722cf by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Test with binary content for certificate data
This fails all GPO-related tests that call `gpupdate --rsop`.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
157335ee by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Convert CA certificates to base64
I don't know whether this applies universally, but in our case the
contents of `es['cACertificate'][0]` are binary, so cleanly converting
to a string fails with the following:
'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte
We found a fix to be encoding the certificate to base64 when
constructing the CA list.
Section 4.4.5.2 of MS-CAESO also suggests that the content of
`cACertificate` is binary (OCTET string).
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
2d6943a8 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Test adding new cert templates enforces changes
Ensure that cepces-submit reporting additional templates and re-applying
will enforce the updated policy.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
2a6ae997 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Template changes should invalidate cache
If certificate templates are added or removed, the autoenroll extension
should react to this and reapply the policy. Previously this wasn't
taken into account.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
ee814f77 by Gabriel Nagy at 2023-08-28T02:04:36+00:00
gp: Test disabled enrollment unapplies policy
For this we need to stage a Registry.pol file with certificate
autoenrollment enabled, but with checkboxes unticked.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
7dc18175 by Gabriel Nagy at 2023-08-28T03:01:22+00:00
gp: Send list of keys instead of dict to remove
`cache_get_all_attribute_values` returns a dict whereas we need to pass
a list of keys to `remove`. These will be interpolated in the gpdb search.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 28 03:01:22 UTC 2023 on atb-devel-224
- - - - -
087e7cdc by Jule Anger at 2023-08-28T15:55:30+02:00
VERSION: Bump version up to Samba 4.19.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9f573711 by Martin Schwenke at 2023-08-29T08:25:12+00:00
ctdb-common: Improve error handling
Factor out a failure label, which will get more use in subsequent
commits, and only set private_data when success is certain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit d87041d8968e91db9d257445321b85693303f95e)
- - - - -
58e7d6a9 by Martin Schwenke at 2023-08-29T08:25:12+00:00
ctdb-common: Replace pcap_open_live() by lower level calls
A subsequent commit will insert an additional call before
pcap_activate().
This sequence of calls is taken from the source for pcap_open_live(),
so there should be no change in behaviour.
Given the defaults set by pcap_create_common(), it would be possible
to omit the calls to pcap_set_promisc() and pcap_set_timeout().
However, those defaults don't seem to be well documented, so continue
to explicitly set everything that was set before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit ffc2ae616d8fab7528fbdfd8c6b94c5b9a0e3a7c)
- - - - -
1af8a099 by Martin Schwenke at 2023-08-29T09:34:35+00:00
ctdb-common: Set immediate mode for pcap capture
Fix a problem where ctdb_killtcp (almost always) fails to capture
packets with --enable-pcap and libpcap ≥ 1.9.1. The problem is due to
a gradual change in libpcap semantics when using
pcap_get_selectable_fd(3PCAP) to get a file descriptor and then using
that file descriptor in non-blocking mode.
pcap_set_immediate_mode(3PCAP) says:
pcap_set_immediate_mode() sets whether immediate mode should be set
on a capture handle when the handle is activated. In immediate
mode, packets are always delivered as soon as they arrive, with no
buffering.
and
On Linux, with previous releases of libpcap, capture devices are
always in immediate mode; however, in 1.5.0 and later, they are, by
default, not in immediate mode, so if pcap_set_immediate_mode() is
available, it should be used.
However, it wasn't until libpcap commit
2ade7676101366983bd4f86bc039ffd25da8c126 (before libpcap 1.9.1) that
it became a requirement to use pcap_set_immediate_mode(), even with a
timeout of 0.
More explanation in this libpcap issue comment:
https://github.com/the-tcpdump-group/libpcap/issues/860#issuecomment-541204548
Do a configure check for pcap_set_immediate_mode() even though it has
existed for 10 years. It is easy enough.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 15 10:53:52 UTC 2023 on atb-devel-224
(cherry picked from commit dc7b48c404337891b5105df4d6751cf549a533eb)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Aug 29 09:34:35 UTC 2023 on atb-devel-224
- - - - -
93d37f8b by Joseph Sutton at 2023-08-30T02:15:28+00:00
pyldb: Check whether Python object is a list
If we’re going to call PyList_Size() on an object, we should be sure
that it is a list first.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5794b8c by Joseph Sutton at 2023-08-30T02:15:28+00:00
pyldb: Check return values of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e9187ba by Joseph Sutton at 2023-08-30T02:15:28+00:00
pyldb: Check return values of Python functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6668d213 by Joseph Sutton at 2023-08-30T02:15:28+00:00
pyldb: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94f46f0c by Joseph Sutton at 2023-08-30T02:15:28+00:00
buildtools: Fix comments and documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6df81630 by Joseph Sutton at 2023-08-30T02:15:28+00:00
buildtools: Use ‘is’ to compare with singletons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d61d3f8 by Joseph Sutton at 2023-08-30T02:15:28+00:00
buildtools: Prefer ‘x not in y’ to ‘not x in y’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84dc7129 by Joseph Sutton at 2023-08-30T02:15:28+00:00
buildtools: Properly set global variable
Since we didn’t declare ‘old_refill_task_list’ as global, we were just
assigning a value to a local variable that was destroyed after we
returned from this function. We clearly intended instead to assign to a
global variable of the same name.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4ab1de4 by Joseph Sutton at 2023-08-30T02:15:29+00:00
lib:ldb:tests: Remove explicit comparison with False
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b440732e by Joseph Sutton at 2023-08-30T02:15:29+00:00
ldb: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5de640fc by Joseph Sutton at 2023-08-30T02:15:29+00:00
ldb: Heed return code from Python testsuite
When we added a second run of the Python testsuite, the return code from
the first run began to go ignored.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c6db88d by Joseph Sutton at 2023-08-30T02:15:29+00:00
python: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fce882ab by Joseph Sutton at 2023-08-30T02:15:29+00:00
python: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12f1c782 by Joseph Sutton at 2023-08-30T02:15:29+00:00
python: Remove redundant backslashes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b068592d by Joseph Sutton at 2023-08-30T02:15:29+00:00
python: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b076cad4 by Joseph Sutton at 2023-08-30T02:15:29+00:00
python:join: Fix references to undefined variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c5045ee by Joseph Sutton at 2023-08-30T02:15:29+00:00
samba-tool: Remove useless return
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83230577 by Joseph Sutton at 2023-08-30T02:15:29+00:00
python: Fix reference to undefined name ‘samba’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4e0d4fb by Joseph Sutton at 2023-08-30T02:15:29+00:00
python:tests: Fix usage line
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbd0e35f by Joseph Sutton at 2023-08-30T02:15:29+00:00
python:tests: Complete assertion messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3bc6faa by Joseph Sutton at 2023-08-30T02:15:29+00:00
python:tests: Rename test method so as not to mask previously-defined method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e5c998b by Joseph Sutton at 2023-08-30T02:15:29+00:00
pytest/dns_aging: Check value of ‘dtime’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
472d80c1 by Joseph Sutton at 2023-08-30T02:15:29+00:00
pytest/dns_aging: Correctly check that record is tombstoned
We were passing in as the name parameter to assert_tombstoned() an NDR
Python object, rather than a string. This meant that the LDAP search
filter would look something like this:
(&(objectClass=dnsNode)(name=<dnsp.DnssrvRpcRecord talloc based object at 0x29abee0>))
and we would fail to find any records.
These searches should have a better chance of working if we pass in the
name of the record instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de04333b by Joseph Sutton at 2023-08-30T02:15:29+00:00
pytest/dns_aging: Assert that the name of the node to search for is a string
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5755b4a4 by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Add missing import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94afa3b1 by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Don’t shadow imports
Rename a variable that shadows an import of ‘gp_ext’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
036a523e by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Prefer ‘x not in y’ to ‘not x in y’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
953bc918 by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Check correct variables
We were intending to check the keys, not the certificates.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
928f2bbc by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Use assertEqual() instead of assertEquals()
assertEquals() is deprecated and could be removed in a future version of
Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34042677 by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Fix resource leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b566979 by Joseph Sutton at 2023-08-30T02:15:29+00:00
gp: Use read_file() instead of readfp()
readfp() is deprecated and could be removed in a future version of
Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e390e674 by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Remove test of pre-1.20 MIT Kerberos behaviour
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1def8f04 by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Move KDC TGT tests to new file
We can now rely on having MIT Kerberos 1.20 available.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04cdb13c by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Remove local variable
This seems a bit clearer to me.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f01cf91 by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Correctly assert that we found a LOGON_INFO PAC buffer
Because ‘found_logon_info’ was invariably true, we would miss the case
in which set_pac_sids() failed to accomplish anything, having been
unable to find the LOGON_INFO PAC buffer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b4b03e5 by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Re-raise any LdbError other than ERR_ENTRY_ALREADY_EXISTS
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4a2e641 by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Add KerberosCredentials.get_rid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
357b520b by Joseph Sutton at 2023-08-30T02:15:29+00:00
tests/krb5: Have modified_ticket() not modify its arguments
Inexplicable behaviour could result when the same arguments were passed
in across multiple calls.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e20afeb by Joseph Sutton at 2023-08-30T02:15:29+00:00
s4:dsdb:tests: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fec8d228 by Joseph Sutton at 2023-08-30T02:15:29+00:00
s4:dsdb:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c7ef6d0 by Joseph Sutton at 2023-08-30T02:15:29+00:00
s4:dsdb:tests: Fix usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6db02afa by Joseph Sutton at 2023-08-30T02:15:29+00:00
selftest: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fe4a12b by Joseph Sutton at 2023-08-30T02:15:29+00:00
selftest: Remove star imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0898329b by Joseph Sutton at 2023-08-30T02:15:29+00:00
selftest: Don’t use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfe25969 by Joseph Sutton at 2023-08-30T02:15:29+00:00
third_party/heimdal_build: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6c442ac by Joseph Sutton at 2023-08-30T02:15:29+00:00
third_party/heimdal_build: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
752a1c40 by Joseph Sutton at 2023-08-30T02:15:29+00:00
third_party/heimdal_build: Use ‘is’ to compare with singletons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5cc15fd by Joseph Sutton at 2023-08-30T02:15:29+00:00
wscript: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6d0323b by Joseph Sutton at 2023-08-30T02:15:29+00:00
wscript: Use ‘is’ to compare with singletons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f430492 by Joseph Sutton at 2023-08-30T02:15:29+00:00
wscript: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54ebd103 by Joseph Sutton at 2023-08-30T02:15:29+00:00
wscript: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70dea37d by Joseph Sutton at 2023-08-30T03:15:05+00:00
wscript: Refer to correct ConfigSet variable
LIB_GSSAPI appears to be an error of copy-and-pasting.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 30 03:15:05 UTC 2023 on atb-devel-224
- - - - -
3afa27a0 by Ralph Boehme at 2023-08-30T10:51:40+00:00
mdssvc: better support for search with mdfind from Macs
When searching Samba via Spotlight from a Mac with mdfind, only 50 results are
returned.
It seems the changes for bug #15342 where one step in the right
direction. There, a status indicator meaning "search is still being processed"
was implemented, returning a special status indicator (0x23) in a response, when
the query was still running in the backend, eg Elasticsearch, and we haven't got
any result when when the Mac already comes along asking for results of a query.
Turns out, we should also return 0x23, ie "search is still being processed" when
we have some initial search results from the backend. Otherwise mdfind will stop
querying for more results. It works in Finder, as the Finder by default employs
a "live" search where it just keeps polling for more results even after the
server returned an empty result set. The Finder just keeps on querying in some
interval, typically 4 seconds, and a Mac server Spotlight server might return
new results if new files where created that match the query, hence "live"
search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15463
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224
- - - - -
b13d4370 by Pavel Filipenský at 2023-08-30T12:42:29+00:00
s3:winbindd: Avoid doing the same assignment twice
Done already in setup_child(): child->domain = domain
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8abac097 by Pavel Filipenský at 2023-08-30T12:42:29+00:00
s3:winbindd: Use a correct value for the length of domain children
We often loop over the array of domain children. However, the size of
the array is calculated as lp_winbind_max_domain_connections() which can
change (it is based on smb.conf). The fix is the talloc_array_length().
Reproducer:
winbind max domain connections = 100
smbcontrol all reload-config
smbcontrol all debug 10
/var/log/samba/log.winbindd shows many lines with random garbage pid:
[2023/08/25 10:03:49.898994, 10, pid=158296, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_dual.c:885(winbind_msg_relay_fn)
winbind_msg_relay_fn: sending message to pid 1037686087.
[2023/08/25 10:03:49.899010, 3, pid=158296, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
In this scenario we dereference only a garbage PID, but if we would
dereference some garbage pointer we would segfault.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3fbc514a by Pavel Filipenský at 2023-08-30T13:37:37+00:00
docs:smbdotconf: Inform that changing 'winbind max domain connections' needs a restart
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Aug 30 13:37:37 UTC 2023 on atb-devel-224
- - - - -
8a34b378 by MikeLiu at 2023-09-04T10:17:37+00:00
vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn()
1. Set 'aio_allow_open' to false if fsp->fsp_flags.is_pathref
2. Move !(how->flags & O_CREAT) and !(how->flags & O_EXCL) up and set 'aio_allow_open' to false
3. Use SMB_VFS_NEXT_OPENAT() instead of openat() for disable async opens case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15453
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 22 17:44:00 UTC 2023 on atb-devel-224
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Sep 4 10:17:37 UTC 2023 on atb-devel-224
- - - - -
a21e0936 by Jule Anger at 2023-09-04T14:34:46+02:00
WHATSNEW: Add release notes for Samba 4.19.0.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b7921852 by Jule Anger at 2023-09-04T14:35:46+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.0 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
a8c5fe34 by Jule Anger at 2023-09-04T14:36:48+02:00
VERSION: Bump version up to Samba 4.19.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f4f3ea67 by Michael Tokarev at 2023-09-04T22:39:27+03:00
d/gbp.conf, d/README.source.md, d/watch: prepare for 4.19
- - - - -
f9931b55 by Michael Tokarev at 2023-09-04T22:40:31+03:00
New upstream version 4.19.0+dfsg
- - - - -
b61c5785 by Michael Tokarev at 2023-09-04T22:41:09+03:00
Update upstream source from tag 'upstream/4.19.0+dfsg'
Update to upstream version '4.19.0+dfsg'
with Debian dir 68feca235038b9ca86e9dc5ffcfa3341b3dbe53b
- - - - -
51a401e2 by Michael Tokarev at 2023-09-04T22:42:04+03:00
d/changelog: start 4.19
- - - - -
27b5a891 by Michael Tokarev at 2023-09-04T22:42:18+03:00
d/patches: remove patches applied upstream
heimdal-to-support-KEYRING-ccache.patch
spelling.patch
- - - - -
a4422caf by Michael Tokarev at 2023-09-04T22:42:27+03:00
refresh patches
meaningful-error-if-no-python3-markdown.patch
meaningful-error-if-no-samba-ad-provision.patch
- - - - -
f0f35506 by Michael Tokarev at 2023-09-04T22:42:38+03:00
d/control: update talloc/tevent/tdb build-deps
- - - - -
d9b2de05 by Michael Tokarev at 2023-09-04T22:42:46+03:00
d/smbclient.install: remove smbgetrc.5
- - - - -
36507736 by Michael Tokarev at 2023-09-04T22:42:52+03:00
d/patches: add ldb 2.7.1 & 2.7.2 ABI files
ldb-2.7.2 contains a few actual new symbols, it is not just a version
bump. Get ldb-2.7.2.sigs from ldb-2.7.2 tag.
- - - - -
d97627f9 by Michael Tokarev at 2023-09-04T22:43:03+03:00
d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0)
- - - - -
a41f5b69 by Michael Tokarev at 2023-09-04T22:43:09+03:00
d/python3-ldb.symbols: remove unused versions, add new version
- - - - -
8f616bcf by Michael Tokarev at 2023-09-04T22:43:15+03:00
d/samba-common-bin.install: install samba-log-parser (for winbindd for now)
- - - - -
aa3a9626 by Michael Tokarev at 2023-09-04T22:43:21+03:00
d/samba-libs.install: 2 new libs
- - - - -
865181e3 by Michael Tokarev at 2023-09-04T22:43:27+03:00
d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0 from samba-libs to samba-testsuite
- - - - -
af22355e by Michael Tokarev at 2023-09-04T22:43:34+03:00
d/samba-libs.install, d/samba-vfs-modules.install: move libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules
- - - - -
12ca65a9 by Michael Tokarev at 2023-09-04T22:43:39+03:00
d/samba-libs.install, d/samba-common-bin.install: move libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net only)
- - - - -
5a0523a0 by Michael Tokarev at 2023-09-04T22:43:47+03:00
d/samba-libs.install, d/samba-common-bin.install: move libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin (used by usr/libexec/samba/rpcd_*)
- - - - -
b0bc6d2d by Michael Tokarev at 2023-09-04T22:43:56+03:00
d/source/lintian-overrides: remove unused source-is-missing override
- - - - -
9f334e6a by Michael Tokarev at 2023-09-04T22:44:04+03:00
d/samba-vfs-modules.lintian-overrides: remove unused spelling-error-in-binary override
- - - - -
1e6603c1 by Michael Tokarev at 2023-09-04T22:44:14+03:00
d/control: add Breaks/Replaces for moved libraries
- - - - -
1ffd116b by Michael Tokarev at 2023-09-04T22:44:39+03:00
d/samba-libs.symbols new libndr 3.0.1 symbols
- - - - -
4cdc2620 by Michael Tokarev at 2023-09-04T22:57:51+03:00
update changelog; upload version 4.19.0+dfsg-1 to unstable
- - - - -
0e244ff7 by Andreas Schneider at 2023-09-05T07:30:12+00:00
s3:torture: Remove masktest.c
The file is not built.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Sep 5 07:30:12 UTC 2023 on atb-devel-224
- - - - -
eadd7e5f by Ralph Boehme at 2023-09-05T09:33:16+00:00
mdssvc: better support for search with mdfind from Macs
When searching Samba via Spotlight from a Mac with mdfind, only 50 results are
returned.
It seems the changes for bug #15342 where one step in the right
direction. There, a status indicator meaning "search is still being processed"
was implemented, returning a special status indicator (0x23) in a response, when
the query was still running in the backend, eg Elasticsearch, and we haven't got
any result when when the Mac already comes along asking for results of a query.
Turns out, we should also return 0x23, ie "search is still being processed" when
we have some initial search results from the backend. Otherwise mdfind will stop
querying for more results. It works in Finder, as the Finder by default employs
a "live" search where it just keeps polling for more results even after the
server returned an empty result set. The Finder just keeps on querying in some
interval, typically 4 seconds, and a Mac server Spotlight server might return
new results if new files where created that match the query, hence "live"
search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15463
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224
(cherry picked from commit 3afa27a01ca0b81b0044d5d543a999936582e67a)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Sep 5 09:33:17 UTC 2023 on atb-devel-224
- - - - -
17117156 by Andrew Bartlett at 2023-09-05T14:20:48+00:00
.gitlab-ci: Do builds under /builds as this is never an overlayfs
On the GitLab shared runners / is overlayfs, which /builds being ext,
so we want this real filesystem, which should be faster in any case.
This may allow us to use GitLab shared runners for more jobs.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Sep 5 14:20:48 UTC 2023 on atb-devel-224
- - - - -
3f3fccab by Noel Power at 2023-09-05T21:18:32+00:00
pidl/lib: Add recursion detection logic to prevent looping.
Under some circumstances 'can_contain_deferred' & 'align_type functions' can
loop.
This prevents a hang when processing sample idl like
interface hang
{
typedef [public] struct {
wsp_cbasestoragevariant variant[NUM_ENTRIES];
} vt_variant_wrap;
typedef [public,nodiscriminant,switch_type(uint16)] union {
[case(VT_I1)] int8 vt_i1;
[case(VT_VARIANT)] vt_variant_wrap vt_variant_wrap;
} variant_types;
typedef [public] struct {
[switch_is(vtype)] variant_types vvalue;
} wsp_cbasestoragevariant;
};
which will hang with the following command
pidl --header --ndr-parser -- foo.idl
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3f3c401 by Noel Power at 2023-09-05T21:18:32+00:00
pidl/tests: Add tests for hang with nested struct.
make sure hang test calls Parse::Pidl::Typelist::LoadIdl which triggers
part of the hang
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4afb211 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Return error from RequestOfflineJoin
The error code must be returned to caller even if the error string is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdab834d by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Add some comments to document ODJ blob charset conversions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
740e704b by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
532701e3 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cabbec2 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8bd8f22 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a1f2071 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:net: Add "net offlinejoin composeodj" command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2399b69 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:net: Load ODJ blob from file only if "loadfile" parameter is present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c14a4f51 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
s3:net: Allow to load ODJ blob from stdin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e92e4b95 by Samuel Cabrero at 2023-09-05T21:18:32+00:00
testprogs: Cleanup machine account in net offlinejoin tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f3c632e7 by Samuel Cabrero at 2023-09-05T22:11:46+00:00
testprogs: Add net offlinejoin composeodj tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 5 22:11:46 UTC 2023 on atb-devel-224
- - - - -
16f46601 by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: avoid ZERO_STRUCT*() in the core code
We should avoid calling memset_s() in the core smbd processing,
we can use struct initializers instead.
This reduces the overhead...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
948d19b0 by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: move struct msghdr to smbd_smb2_request_read_state
This makes the code a little bit faster, but the main reason
is the preparation of io_uring support, as it can't be on the
stack for async operations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02e0ba71 by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: remove state->hdr.done and always set state->vector first
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76f9a41f by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: split smbd_smb2_advance_incoming() out of smbd_smb2_io_handler()
The logic in smbd_smb2_advance_incoming() will be reused for io_uring.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a9c53b9e by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
lib/util: inline iov_{buflen,buf,advance}()
The main reason for this change was the use of
iov_advance() in the next commits in
source3/smbd/smb2_server.c
And the function calls to iov_advance() showed up
in profiling with callgrind.
While there iov_buf() and iov_buflen() are moved as
well, as they are also used there.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
72d86d49 by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: change smbd_smb2_advance_incoming() to use iov_advance()
In future we may use vectors with more elements, so we convert to
a single element array now...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
153323ef by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: simplify smbd_smb2_advance_incoming() recvfile logic
This will make further changes easier...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ca825c4 by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: split out smbd_smb2_advance_send_queue() out of smbd_smb2_flush_send_queue()
The logic in smbd_smb2_advance_send_queue() will be reused for io_uring.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02df6bda by Stefan Metzmacher at 2023-09-06T19:30:35+00:00
smb2_server: split out smbd_smb2_flush_with_sendmsg() out of smbd_smb2_flush_send_queue()
We'll have an smbd_smb2_flush_with_io_uring() later...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3fc35827 by Stefan Metzmacher at 2023-09-06T20:31:04+00:00
smb2_server: move struct msghdr to smbd_smb2_send_queue
The main reason is the preparation of io_uring support,
as it can't be on the stack for async operations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 6 20:31:04 UTC 2023 on atb-devel-224
- - - - -
a420aa91 by Andreas Schneider at 2023-09-07T04:53:41+00:00
s4:samdb: Avoid memory leaks in partition_metadata_get_uint64()
==395==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f4c5dedc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: b10bafa0ba3304197db35cc24e0024cb0492168a)
#1 0x7f4c5d252b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f4c5d2543cc in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f4c5d2543cc in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f4c5d2543cc in talloc_named_const ../../lib/talloc/talloc.c:1751
#5 0x7f4c504acc53 in partition_metadata_get_uint64 ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:50
#6 0x7f4c504add29 in partition_metadata_sequence_number_increment ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:398
#7 0x7f4c504a66aa in partition_sequence_number ../../source4/dsdb/samdb/ldb_modules/partition.c:1401
#8 0x7f4c504a66aa in partition_extended ../../source4/dsdb/samdb/ldb_modules/partition.c:1680
#9 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#10 0x7f4c503980c8 in replmd_extended ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:8455
#11 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#12 0x7f4c502fae5c in samldb_extended ../../source4/dsdb/samdb/ldb_modules/samldb.c:5718
#13 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#14 0x7f4c52f0b94c in acl_extended ../../source4/dsdb/samdb/ldb_modules/acl.c:2854
#15 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#16 0x7f4c52eb019c in descriptor_extended ../../source4/dsdb/samdb/ldb_modules/descriptor.c:1450
#17 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#18 0x7f4c52ed8687 in log_extended ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1824
#19 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#20 0x7f4c505aa337 in unlazy_op ../../source4/dsdb/samdb/ldb_modules/lazy_commit.c:40
#21 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#22 0x7f4c502d0f82 in schema_load_extended ../../source4/dsdb/samdb/ldb_modules/schema_load.c:593
#23 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#24 0x7f4c5035a010 in rootdse_extended ../../source4/dsdb/samdb/ldb_modules/rootdse.c:1780
#25 0x7f4c5c4914ef in ldb_request ../../lib/ldb/common/ldb.c:1244
#26 0x7f4c5c492a2d in ldb_extended ../../lib/ldb/common/ldb.c:1714
#27 0x7f4c5c492bdf in ldb_sequence_number ../../lib/ldb/common/ldb.c:1943
#28 0x7f4c503a9abd in replmd_add ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1316
#29 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#30 0x7f4c50458783 in rdn_name_add ../../lib/ldb/modules/rdn_name.c:206
#31 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#32 0x7f4c504f4852 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:334
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
1de2af9f by Douglas Bagnall at 2023-09-07T04:53:41+00:00
pytests:security: don't use invalid domain SID S-2-0-0
The '2' is a version number, but there is not yet a version 2, so we
can't even say what the rest of the string should look like.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d012757 by Joseph Sutton at 2023-09-07T04:53:41+00:00
libcli/security: make sddl_decode_sid an external function
We are going to need it in for parsing SDDL for conditional ACEs and
resource ACEs, which will go in a separate file because it's huge.
This means changing the interface for `sddl_decode_sid` to that from
before 7d466a913f2c0038b30424403a7355db849fee7a which introduced
sddl_transition_state to deal ease the shift to disambiguated machine/
domain/forest SIDs. Internal callers use `sddl_transition_decode_sid()`
which is the old function; external callers use the same shim pattern as
the other externally available functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2bf404eb by Douglas Bagnall at 2023-09-07T04:53:41+00:00
libcli/security: make sddl_encode_sid an external function
Mirroring the last commit for sddl_decode_sid, we want to be able to
encode SIDs from sibling source files.
The dom_sid functions are insufficient for this because they don't know
the SDDL short aliases, like "WD".
sddl_transition_encode_sid() is used internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
676a7152 by Douglas Bagnall at 2023-09-07T04:53:41+00:00
librpc/idl: add conditional ACE structures and constants
This will be used to decode the expressions on conditional ACEs.
At the moment it changes nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a84e89aa by Douglas Bagnall at 2023-09-07T04:53:41+00:00
libcli/security: create_descriptor handles unknown ACE types
Because we're going to add more ACE types.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
416f6ef7 by Douglas Bagnall at 2023-09-07T04:53:41+00:00
librpc:security.idl: add more ACE enum types, with annotations
The callback types are used for conditional ACEs. The others are just
there and we might as well know them.
Several ACE types are "reserved for future use" by Microsoft.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
601d60e3 by Douglas Bagnall at 2023-09-07T04:53:41+00:00
libcli:sec:display: print callback ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89589347 by Douglas Bagnall at 2023-09-07T04:53:41+00:00
libcli:sec:display: use macro for more ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d6c7bea by Douglas Bagnall at 2023-09-07T04:53:41+00:00
librpc:security.idl: add enums for resource attribute aces
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f57b5ed by Douglas Bagnall at 2023-09-07T04:53:41+00:00
librpc:security.idl: add Resource Attribute claim types
This will be used in Resource Attribute ACEs, and in security tokens
when security tokens become claim-aware.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f893cf85 by Douglas Bagnall at 2023-09-07T05:50:24+00:00
security.idl: extend security token for claims
A security token contains the context needed to make access decisions
for a particular client, which has until now been a number of SIDs and
flags. Claims are arbitrary attributes that can be tacked onto the
security token. Typically they will arrive via a Kerberos PAC, but we
don't need to worry about that now -- only that they are stored on the
token.
The security token in [MS-DTYP] 2.5.2 is described in abstract terms
(it is not transmitted on the wire) as behaving *as if* it held claims
in three arrays of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structures. We
take that suggestion literally. This is *almost* the same as storing
the [MS-ADTS] 2.2.18 claims wire structures that the claims are
presumably derived from, and doing that might seem like a small
optimisation. But we don't do that because of subtle differences and
we already need CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 in security.idl
for resource attribute ACEs.
The three stored claim types are user claims, device claims, and local
claims. Local claims relate to local Windows accounts and are unlikely
to occur in Samba. Nevertheless we have the array there just in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 7 05:50:24 UTC 2023 on atb-devel-224
- - - - -
03ce770e by Volker Lendecke at 2023-09-08T16:27:39+00:00
tests: Create symlinks using posix extensions
This way we can run the tests and more easily put them into knownfail
individually. Before this, everything went into the error category,
which was not so easy to catch in something like knownfail.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9a000be by Volker Lendecke at 2023-09-08T16:27:39+00:00
tests: Add test_symlink_reparse_data_buffer_parse
The blob was taken from a smbclient allinfo command for a Windows
symlink. Show that reparse_data_buffer_parse() is broken.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebb6eb9c by Volker Lendecke at 2023-09-08T17:24:19+00:00
libsmb: Fix parsing symlink reparse points
Untested code is broken code. For symlinks we need to hand over the
full reparse buffer into symlink_reparse_buffer_parse(), as this is
also used for the smb2 error response handling. For that, the
"reserved" field in [MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data
Buffer is used for the "unparsed" field.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 8 17:24:19 UTC 2023 on atb-devel-224
- - - - -
88e06dfc by Michael Tokarev at 2023-09-09T14:34:24+03:00
drop attempts to keep ldb ABI versioning
- - - - -
f51efc40 by Joseph Sutton at 2023-09-11T02:42:40+00:00
Makefile: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e69ba9a0 by Joseph Sutton at 2023-09-11T02:42:41+00:00
auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6249147 by Joseph Sutton at 2023-09-11T02:42:41+00:00
ctdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6ff6f7c by Joseph Sutton at 2023-09-11T02:42:41+00:00
docs-xml: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c35195f by Joseph Sutton at 2023-09-11T02:42:41+00:00
lib:compression: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74580daa by Joseph Sutton at 2023-09-11T02:42:41+00:00
lib:crypto: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d9edb82 by Joseph Sutton at 2023-09-11T02:42:41+00:00
lib:krb5_wrap: Fix spelling in documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fbbf9b9 by Joseph Sutton at 2023-09-11T02:42:41+00:00
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d699895 by Joseph Sutton at 2023-09-11T02:42:41+00:00
lib:printer_driver: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53caec3c by Joseph Sutton at 2023-09-11T02:42:41+00:00
tdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a303be5 by Joseph Sutton at 2023-09-11T02:42:41+00:00
tevent: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd2b5687 by Joseph Sutton at 2023-09-11T02:42:41+00:00
lib:charset: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87749b55 by Joseph Sutton at 2023-09-11T02:42:41+00:00
libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5292c774 by Joseph Sutton at 2023-09-11T02:42:41+00:00
libgpo: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df24eced by Joseph Sutton at 2023-09-11T02:42:41+00:00
librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c8750428 by Joseph Sutton at 2023-09-11T02:42:41+00:00
pidl: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb79de4c by Joseph Sutton at 2023-09-11T02:42:41+00:00
python:tests: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26fd734d by Joseph Sutton at 2023-09-11T02:42:41+00:00
selftest: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e2a93d5 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a4d35ed by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:lib: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06816117 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:libads: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7331a68 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbd9fabf by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47dcdb31 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:nmbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4a02d8e by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:registry: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32a1e742 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:rpc_client: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72e79e13 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b60f86a0 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6c1b55a by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e74350f by Joseph Sutton at 2023-09-11T02:42:41+00:00
s3:winbindd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
354eff14 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20ab21e6 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:client: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a93a4fa by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:dns_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65c26c0b by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0834b309 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:kdc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0cef5daf by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bb5cfef by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1e23155 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:ntvfs: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36ccc9cf by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
882a4674 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:samba: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39a88a83 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebdaaf92 by Joseph Sutton at 2023-09-11T02:42:41+00:00
s4:wrepl_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a842c14d by Andrew Bartlett at 2023-09-11T02:42:41+00:00
.gitlab-ci.yml: Move coverity build to internal Heimdal
The opensuse155 image has MIT 1.20, not the required MIT 1.21, so build
with intenral Heimdal instead.
The opensuse155 image was chosen deliberatly in commit
f2eb411646bbc3cbedd4aecaba98bd363a6cd3df so this changes
the KDC choice rather than the image. Eventually we will
need to do both.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
da841a80 by Douglas Bagnall at 2023-09-11T02:42:41+00:00
s3:rpc: bump named_pipe_auth_req_info version number
This is because commit f893cf85cc387b66c496661e11073b1215270022
changed the security token in secuirty.idl, and bumping the version
was missed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5cad8278 by Samuel Cabrero at 2023-09-11T02:42:41+00:00
netapi: Pass loadparm_context to libnetapi_net_init()
The net's tool cmdline lp_ctx can be reused, no need to init a new one except
for external library users.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cdb4f29 by Samuel Cabrero at 2023-09-11T02:42:41+00:00
netapi: Pass net's cmdline credentials to libnetapi_net_init()
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.
Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.
Example:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar
Password is read from STDIN twice.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65b21109 by Samuel Cabrero at 2023-09-11T03:36:28+00:00
auth:credentials: Check if password_obtained > obtained
Fixes reading the password from STDIN or environment vars if it was already
given in the command line:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...> --password=FOO
<Waiting to read password from STDIN>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 11 03:36:28 UTC 2023 on atb-devel-224
- - - - -
0f1443d9 by Ralph Boehme at 2023-09-12T17:08:17+00:00
smbd: make vfs_stat_fsp() a no-op on fake file-handles
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
- - - - -
416ff2c6 by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
.gitlab-ci: restore starting ubuntu2204-samba-o3 for the default pipeline
This got lost in commit bcc22d00569551cfa25851c8c267ec9decc63d21
for ubuntu1804-samba-o3 at the time...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1e83b6c by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
.gitlab-ci: make it explicit that some tests require ext4/5.15 kernel
This is better then requiring private runners,
as we'll be able to use shared runners for ext4 soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19fb9a97 by Andrew Bartlett at 2023-09-14T17:56:30+00:00
.gitlab-ci: Allow ext4 jobs to run on shared runners
At the time of this commit, GitLab shared runners
tagged "gce" were 2x AMD EPYC 7B12 with 8GB ram.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62af25d4 by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
nsswitch: add test for pthread_key_delete missuse (bug 15464)
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
written by Krzysztof Piotr Oledzki <ole at ans.pl>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4faf8064 by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
nsswitch/wb_common.c: fix build without HAVE_PTHREAD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
836823e5 by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
required magic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91b30a72 by Stefan Metzmacher at 2023-09-14T17:56:30+00:00
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Reported-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Tested-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4af3faac by Stefan Metzmacher at 2023-09-14T18:53:07+00:00
nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Tested-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
- - - - -
74e1bb05 by Joseph Sutton at 2023-09-14T21:35:28+00:00
lib:mscat: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bcf44c8 by Joseph Sutton at 2023-09-14T21:35:28+00:00
lib:tdr: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c8603809 by Joseph Sutton at 2023-09-14T21:35:28+00:00
libgpo: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f78cc3b by Joseph Sutton at 2023-09-14T21:35:28+00:00
librpc:ndr: Avoid overflow in size calculation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f566703 by Joseph Sutton at 2023-09-14T21:35:29+00:00
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9846da6f by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:scripting: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b208c8e8 by Joseph Sutton at 2023-09-14T21:35:29+00:00
libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c92fac94 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97906d27 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Remove duplicate function signature
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffbd95e6 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Use smb_krb5_data_from_blob()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
716bf29d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Remove unused flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39340f65 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Check result of dom_sid_parse()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ef5e655 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Handle invalid enum values
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f20e557 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Check result of talloc_realloc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ac99b19 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Make functions to add special SIDs non‐static
This allows us to call them from elsewhere.
Change their names accordingly to start with ‘samba_kdc_’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
571ff5f3 by Joseph Sutton at 2023-09-14T21:35:29+00:00
claims.idl: Allow empty claim value buffers
Windows doesn’t reject these, nor do we have any reason to do so.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba175008 by Joseph Sutton at 2023-09-14T21:35:29+00:00
claims.idl: Be more lenient in our expectations for the compression of claims
384 bytes is not a strict threshold below which claims are never to be
compressed. Windows has been known to compress claims a mere 368 bytes
in size.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49b96243 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Check return value of samdb_result_dom_sid()
We should not pass a NULL pointer into dom_sid_split_rid().
Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d929f13 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Remove unused talloc context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f4438c5 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Check return value of smb_krb5_principal_get_comp_string()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acda12a7 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Correct error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e427b5b7 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
afd48f8d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3387140d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Inline samba_get_requester_sid_pac_blob()
A wrapper doesn’t add much utility to a function this small. We might as
well join these two into a single function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2981a7f0 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Allocate contents of PAC blobs on blob talloc contexts
The lifetime of a blob’s contents should be tied to the lifetime of the
blob itself.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bac02f08 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Don’t operate directly on caller‐owned pointer
This is more consistent with the other PAC blob functions, and easier to
reason about.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30db0126 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb071bc3 by Joseph Sutton at 2023-09-14T21:35:29+00:00
docs-xml: Add missing paragraph section
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3fca94cd by Joseph Sutton at 2023-09-14T21:35:29+00:00
python:tests: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd8c3afe by Joseph Sutton at 2023-09-14T21:35:29+00:00
python:tests: Fix invalid escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0669af30 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s3:rpc_server: Fix inverted error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d736bd9 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Inline samba_get_pac_attrs_blob()
A wrapper doesn’t add much utility to a function this small. We might as
well join these two into a single function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4954443e by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:scripting: Fix comments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b96c55c2 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:scripting: Prefer ‘x not in y’ to ‘not x in y’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e8bbaea by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:dsdb: Parenthesize macro expression
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd05237d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:dsdb: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b2e1405 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:auth: Check return values of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4933dd4 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:auth: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c580dbd by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.
A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.
Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e48df091 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix leaks
Allocate variables on to a temporary context rather than on to the
potentially long‐lived context passed in by the caller.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7718a9d6 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Use common exit point for functions
This makes it less likely that we forget to clean up resources.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf9b1688 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19b616d1 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Avoid potential use‐after‐free
We must allocate the domain groups on to the correct memory context,
lest they get freed prematurely.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d045809c by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Check for overflow when adding a domain group SID
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6dae90bd by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
Introduce a temporary variable instead of assigning the result of
talloc_realloc() directly to samr_RidWithAttributeArray::rids. In this
way we avoid having a structure with a non‐zero ‘count’ but with ‘rids’
set to the NULL pointer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4ceac44 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Assign RID and attribute together
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
446e45be by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Directly zero‐initialize PAC_DOMAIN_GROUP_MEMBERSHIP structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
953af6c3 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Increment PAC_DEVICE_INFO::domain_group_count only after SID has been successfully added
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf2bde73 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Allocate variables on to more suitable memory context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d2d3a90 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix leak
Introduce a temporary memory context and allocate working structures on
to it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b49e058 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Use temporary memory context in samba_kdc_verify_pac()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbf1e0c8 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Introduce a temporary talloc context in samba_kdc_update_pac()
This avoids allocating working structures on to a potentially long‐lived
context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9590ac7 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Add common out path to pac_blobs_from_krb5_pac()
This helps to make error‐checking and cleanup more systematic.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb400950 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Don’t corrupt pac_blobs structure if talloc_realloc() fails
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed843609 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
Having pac_blobs::type_blobs be managed both by talloc and by the
‘pac_blobs’ structure itself (with pac_blobs_destroy()) is very prone to
error. So is the current situation of having the other ‘pac_blobs’
functions each take in a memory context.
Improve these circumstances by requiring ‘pac_blobs’ to be managed by
talloc. Now the other functions can dispense with their ‘mem_ctx’
parameters, being instead able to allocate on to the ‘pac_blobs’
structure itself. pac_blobs_init() no longer must be a separate
function; inline it into pac_blobs_from_krb5_pac(). pac_blobs_destroy(),
being no longer of use, can go too.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5308a2d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Make pac_blobs_remove_blob() never fail
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c72d784a by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Have samba_krbtgt_is_in_db() return a krb5_error_code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8368ed3 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Have samba_krbtgt_is_in_db() take a const KDC entry
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed8d7497 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Rename ‘status’ variables to ‘reply_status’
This makes it clearer what these variables are used for, and avoids
confusion with the similarly‐named ‘nt_status’ variables — also used in
these functions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
617f87a9 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Make RODC ID checks easier to understand with more clearly‐named variables
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41d97438 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d902c134 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Be sure not to pass a NULL pointer into strcmp()
To do so is to invoke undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa56750f by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Fix leaks
Create a temporary memory context on which to allocate things.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8ca4dea by Joseph Sutton at 2023-09-14T21:35:29+00:00
lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d901fe9c by Joseph Sutton at 2023-09-14T21:35:29+00:00
lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eec9e545 by Joseph Sutton at 2023-09-14T21:35:29+00:00
lib:krb5_wrap: Add smb_krb5_princ_component()
For now this function is a mere wrapper round krb5_princ_component(),
but one whose interface allows for a more sensible implementation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
229d26e2 by Joseph Sutton at 2023-09-14T21:35:29+00:00
lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation
This implementation doesn’t rely on a variable of static storage
duration being used as a conduit for the return value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bb80c27 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:dsdb: Switch to using smb_krb5_princ_component()
This function has the handy feature of being able to be called twice in
succession without mysteriously breaking your code. Now, doesn’t that
sound useful?
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cec4ebbe by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Switch to using smb_krb5_princ_component()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e62f392 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:rpc_server: Switch to using smb_krb5_princ_component()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
187d74d9 by Joseph Sutton at 2023-09-14T21:35:29+00:00
lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation
This implementation is no longer called: using a variable of static
storage duration as a conduit for return values is only asking for
trouble.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
716c3a25 by Joseph Sutton at 2023-09-14T21:35:29+00:00
nsswitch: Fix script usage
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74624bd9 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s3:script: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31212b0c by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:selftest: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ff2d9bf by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:setup: Fix script usage line
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
208f452e by Joseph Sutton at 2023-09-14T21:35:29+00:00
testprogs: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
238b5a8a by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Remove ks_is_tgs_principal()
This function is a near‐duplicate of smb_krb5_principal_is_tgs().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
477dc8f2 by Joseph Sutton at 2023-09-14T21:35:29+00:00
ldb: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d16337bd by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:wrepl_server: Correctly read ‘type’ element
winsdb_message() stores this element as hexadecimal, which format
ldb_msg_find_attr_as_uint() cannot cope with. Permit this element to be
in either decimal or hexadecimal format.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb17b170 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
If we pass an empty string as the ‘whoami’ parameter, MIT’s logging
facilities will prepend a mysterious colon to the message. Printing
“mitkdc: ” ought at least to be more sensible, and perhaps more closely
to match our behaviour prior to commit
dd8138236bec3635c25e5b482b7a14faa0a9c36b.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
253ca786 by Joseph Sutton at 2023-09-14T21:35:29+00:00
s3:net: Check return value of data_blob_talloc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4a81f26 by Joseph Sutton at 2023-09-14T21:35:29+00:00
tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’
This variable is used not only for client claims, but for device claims
as well.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ef494c1 by Joseph Sutton at 2023-09-14T21:35:29+00:00
fsrvp.idl: Remove excess zero digit from literal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a9861b5 by Joseph Sutton at 2023-09-14T21:35:29+00:00
dsgetdcname: Remove excess zero digits from literals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41df712d by Joseph Sutton at 2023-09-14T21:35:29+00:00
s3:winbindd: Add zero digit to literal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df3816eb by Joseph Sutton at 2023-09-14T21:35:29+00:00
s4:dsdb: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e659702 by Andrew Bartlett at 2023-09-14T21:35:29+00:00
build: Remove -Wno-error=missing-field-initializers from Heimdal build
This allows this warning (error) to be used in Samba for cases where a
non-designated initialiser is under-specified. We can do this now as
the GCC versions we build on do not regard foo = {} as an error.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
58e45b35 by Andrew Bartlett at 2023-09-14T21:35:29+00:00
build: Reduce heimdal_no_error_flags to a more minimal set
Heimdal does not seem to give as many errors as in the past, so we
can reduce the set of errors we ignore warnings for.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b6e46432 by Pavel Kalugin at 2023-09-14T21:35:29+00:00
s3:notifyd: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f00a088 by Pavel Kalugin at 2023-09-14T21:35:29+00:00
s3:torture: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea59632b by Pavel Kalugin at 2023-09-14T21:35:29+00:00
s3:utils: Use lpcfg_set_cmdline() in smbpasswd
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b624673 by Pavel Kalugin at 2023-09-14T21:35:29+00:00
libnetapi: Use lpcfg_set_cmdline()
Replace lp_set_cmdline() with lpcfg_set_cmdline() in netapi.c.
For this purpose:
1. Add loadparm_context to the libnetapi_ctx because we need it
in libnetapi_set_debuglevel() and libnetapi_set_logfile().
2. Move loadparm_context creation from libnetapi_net_init()
to libnetapi_init() and add the lp_ctx parameter to the former.
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04d20c3a by Pavel Kalugin at 2023-09-14T21:35:29+00:00
s3:netapi: Fix a leak in libnetapi_net_init()
Allow libnetapi_net_init() to be called more than once without
leaking libnetapi_ctx allocated on a previous call, which is
currently the case in the `net rpc` code.
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7a06f3a by Pavel Kalugin at 2023-09-14T21:35:29+00:00
s3:libsmb: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c839a25d by Andreas Schneider at 2023-09-14T21:35:29+00:00
s3:client: Use lpcfg_set_cmdline()
This lp_set_cmdline() leaks memory and we want to get rid of it.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96e18e17 by Andreas Schneider at 2023-09-14T22:30:06+00:00
s3:param: Remove unused lp_set_cmdline()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224
- - - - -
5b7f9840 by Stefan Metzmacher at 2023-09-17T18:04:18+00:00
selftest: add some basic testing for the io_uring vfs module
We're now able to build it on all linux systems and
the ci runners have at least a 5.4 kernel. That's
all the current vfs_io_uring requires.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Sep 17 18:04:18 UTC 2023 on atb-devel-224
- - - - -
340b7fd1 by Stefan Metzmacher at 2023-09-18T15:59:16+00:00
nsswitch: add test for pthread_key_delete missuse (bug 15464)
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
written by Krzysztof Piotr Oledzki <ole at ans.pl>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 62af25d44e542548d8cdecb061a6001e0071ee76)
- - - - -
61f6f46b by Stefan Metzmacher at 2023-09-18T15:59:16+00:00
nsswitch/wb_common.c: fix build without HAVE_PTHREAD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4faf806412c4408db25448b1f67c09359ec2f81f)
- - - - -
9c10f828 by Stefan Metzmacher at 2023-09-18T15:59:16+00:00
nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
required magic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 836823e5047d0eb18e66707386ba03b812adfaf8)
- - - - -
7d04c32e by Stefan Metzmacher at 2023-09-18T15:59:16+00:00
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Reported-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Tested-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 91b30a7261e6455d3a4f31728c23e4849e3945b9)
- - - - -
374ba0d2 by Stefan Metzmacher at 2023-09-18T16:55:30+00:00
nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Tested-by: Krzysztof Piotr Oledzki <ole at ans.pl>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
(cherry picked from commit 4af3faace481d23869b64485b791bdd43d8972c5)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Sep 18 16:55:30 UTC 2023 on atb-devel-224
- - - - -
e61a956b by Jeremy Allison at 2023-09-19T18:59:34+00:00
s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions.
So it never looks at any passed in dst_dirfsp.
Prove this by passing NULL.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
33845e09 by Jeremy Allison at 2023-09-19T18:59:34+00:00
s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c38815b4 by Jeremy Allison at 2023-09-19T18:59:34+00:00
s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e94796e7 by Jeremy Allison at 2023-09-19T18:59:34+00:00
s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3fba7872 by Jeremy Allison at 2023-09-19T18:59:34+00:00
s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp.
Show this by sending NULL in all cases.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
05291d2b by Jeremy Allison at 2023-09-19T19:51:47+00:00
s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Sep 19 19:51:47 UTC 2023 on atb-devel-224
- - - - -
82e88f70 by Jeremy Allison at 2023-09-20T01:49:34+00:00
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
Make this DEVELOPER-only as it walks the entire open
file list on every file close (with associated aio).
This helps catch really subtle problems with orphaned
aio lnk structs.
Reproducer test case to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f32bf88 by Jeremy Allison at 2023-09-20T01:49:34+00:00
s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ea062c3b by Jeremy Allison at 2023-09-20T01:49:34+00:00
s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
66398dd0 by Jeremy Allison at 2023-09-20T01:49:35+00:00
s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
Shows the server crashes if we open a named pipe, do an async read
and then disconnect.
Adds knownfail:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
11280f17 by Jeremy Allison at 2023-09-20T02:43:18+00:00
s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
Matches file and directory closes.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 20 02:43:18 UTC 2023 on atb-devel-224
- - - - -
d70374c3 by Jeremy Allison at 2023-09-20T16:23:32+00:00
s3: libsmb: Add a missing return statement in the timeout case.
Obvious fix (needs a malicious server to recreate).
Found by Robert Morris <rtm at lcs.mit.edu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15426
Signed-off-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d27c2f2a47dc488ee32dd28d01697bfc409dff77)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Wed Sep 20 16:23:32 UTC 2023 on atb-devel-224
- - - - -
56df75d4 by Volker Lendecke at 2023-09-20T21:48:36+00:00
tests: Add reproducer for BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3481bbfe by Volker Lendecke at 2023-09-20T22:42:48+00:00
smbd: Fix BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224
- - - - -
8b9f4644 by Martin Schwenke at 2023-09-21T00:46:50+00:00
ctdb-daemon: Call setproctitle_init()
Commit 19c82c19c009eefe975ae95c8b709fc93f5f4c39 changed the behaviour
of prctl_set_comment() so it now calls setproctitle(3bsd) by default.
In some Linux distributions (e.g. Rocky Linux 8.8), this results in
messages like this spamming the logs:
ctdbd: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
Most Samba daemons seem to call setproctitle_init(), so do it here.
In the longer term CTDB should also switch to using lib/util's
process_set_title(), like the rest of Samba, for more flexible process
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15479
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Sep 21 00:46:50 UTC 2023 on atb-devel-224
- - - - -
b3cae8dc by Volker Lendecke at 2023-09-21T17:43:23+00:00
conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
- - - - -
3ac07573 by Jeremy Allison at 2023-09-22T19:34:15+00:00
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
Make this DEVELOPER-only as it walks the entire open
file list on every file close (with associated aio).
This helps catch really subtle problems with orphaned
aio lnk structs.
Reproducer test case to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 82e88f70f181300f6f98691f6680839a94470e13)
- - - - -
68b8a5c4 by Jeremy Allison at 2023-09-22T19:34:15+00:00
s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3f32bf887d4425655e81da0b2234cbca3b1d56e6)
- - - - -
f3d07e12 by Jeremy Allison at 2023-09-22T19:34:15+00:00
s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ea062c3b0d4dbb1f0682f808ac893bf36a6fb194)
- - - - -
09e00c0a by Jeremy Allison at 2023-09-22T19:34:15+00:00
s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
Shows the server crashes if we open a named pipe, do an async read
and then disconnect.
Adds knownfail:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 66398dd03c46633b474438dddb771caa2d245e64)
- - - - -
c30984f0 by Jeremy Allison at 2023-09-22T19:34:15+00:00
s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
Matches file and directory closes.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 20 02:43:18 UTC 2023 on atb-devel-224
(cherry picked from commit 11280f1705c0faa1729f5aeaa1b6a1f79ab5a199)
- - - - -
9ba1c94e by Joseph Sutton at 2023-09-22T19:34:15+00:00
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.
A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.
Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c580dbdb3e6a70c8d2f5059e2b7293a7e780414)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15477
- - - - -
ebc4bbbf by Volker Lendecke at 2023-09-22T19:34:15+00:00
tests: Add reproducer for BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 56df75d44795582dcecb8676a0d80d6f4a46c7e9)
- - - - -
79101588 by Volker Lendecke at 2023-09-22T20:34:16+00:00
smbd: Fix BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224
(cherry picked from commit 3481bbfede5127e3664bcf464a0ae3dec9247ab7)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Fri Sep 22 20:34:16 UTC 2023 on atb-devel-224
- - - - -
6a7d404d by Pavel Filipenský at 2023-09-24T21:37:38+00:00
s3:tests: Fix smbspool_argv_wrapper.c
smbspool_argv_wrapper must copy also the last argument
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8f1298a by Pavel Filipenský at 2023-09-24T22:33:07+00:00
s3:tests: test_smbspool.sh should be calling smbspool_argv_wrapper
There is no variable named 'smbspool_argv_wrapper', the correct name is
'samba_argv_wrapper'. The smbspool_argv_wrapper was not called from this
test till now.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Sun Sep 24 22:33:07 UTC 2023 on atb-devel-224
- - - - -
efa7f6a1 by Pavel Filipenský at 2023-09-24T23:13:33+00:00
s3:tests: Fix init of samba_kdestroy in test_smbclient_kerberos.sh
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d7d37ad by Pavel Filipenský at 2023-09-24T23:13:33+00:00
s3:tests: Fix syntax error in test_smbclient_kerberos.sh
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e58805fe by Pavel Filipenský at 2023-09-25T00:14:47+00:00
s3:tests: Check if test_smbclient_kerberos.sh was successful
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Sep 25 00:14:47 UTC 2023 on atb-devel-224
- - - - -
88258e17 by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Add sync cli_mknod() for smbclient3's use
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
815ff26d by Volker Lendecke at 2023-09-25T17:09:37+00:00
smbclient: Add mkfifo command
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddc1f56c by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Add reparse_data_buffer_marshall()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41274da9 by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Use reparse_data_buffer_marshall() in py_reparse_symlink_put()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d19a28fd by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Factor out cli_create_reparse_point() from cli_symlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f21be82 by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Use reparse_data_buffer_marshall() in cli_symlink_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5d724ca by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Use reparse_data_buffer_marshall() in py_reparse_put()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af5756df by Volker Lendecke at 2023-09-25T17:09:37+00:00
libsmb: Remove reparse_symlink.c
Makes reparse_buffer_marshall static to reparse.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9c316623 by Volker Lendecke at 2023-09-25T18:08:01+00:00
libsmb: Extend cli_mknod to create NFS reparse points
Tested smbclient mkfifo manually against W2k22, the Windows NFS server
reports this as FIFO.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 25 18:08:01 UTC 2023 on atb-devel-224
- - - - -
aaf5821d by Volker Lendecke at 2023-09-25T19:01:34+00:00
smbclient: Save lines with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2399b105 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove unused cli_is_nt_error()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9ec7245b by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove a call to SMBC_errno()
All returns from cacl_get() now explicitly set the errno.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb8ec333 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15ff9c18 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove a call to SMBC_errno()
This involves converting cli_printjob_del() to NTSTATUS and thus
touches a few callers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3cfe1683 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05828c3e by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Eliminate a reader of cli->raw_status
At some point we should get rid of cli->raw_status.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0b1fc19 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove unused cli_dos_error()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6136139 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove unused cli_is_dos_error()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46f710c9 by Volker Lendecke at 2023-09-25T19:01:34+00:00
lib: Modernize tdb_fetch_lifetime()
Just came across this, avoid mallocs.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b8cfda1 by Volker Lendecke at 2023-09-25T19:01:34+00:00
lib: Avoid a tdb handle leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94433d1d by Volker Lendecke at 2023-09-25T19:01:34+00:00
examples: Use explicit SMBCCTX
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
446a3b3e by Volker Lendecke at 2023-09-25T19:01:34+00:00
smbd: Modernize a few DBG statements
Changes on level from 4 to 3 in store_file_unix_basic().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aef98c63 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Remove two #defines just used once
To me these two did not create clarity.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94dcda1e by Volker Lendecke at 2023-09-25T19:01:34+00:00
examples: Slightly modernize printfs in teststat
long long works, but it's a bit too specific now that we have intmax_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
27ae6bdb by Volker Lendecke at 2023-09-25T19:01:34+00:00
clifuse: Use an empty array for holding the inode path
Cleaner these days.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd2e6c45 by Volker Lendecke at 2023-09-25T19:01:34+00:00
clifuse: Start implementing forget()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a0181938 by Volker Lendecke at 2023-09-25T19:01:34+00:00
libcli: Correct guard #define
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b693b6ac by Volker Lendecke at 2023-09-25T19:01:34+00:00
libsmb: Make libsmb/clispnego.c static to libads/
It's only called there. The "+" part of this patch might not conform
to README.Coding because it's a literal cut&paste.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fab08854 by Volker Lendecke at 2023-09-25T19:59:17+00:00
libsmb: Pass neg contexts through sync smbXcli_negprot_recv()
Looks much larger than it is, there's a lot of callers too feed NULL to.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 25 19:59:17 UTC 2023 on atb-devel-224
- - - - -
d7394a90 by Samuel Cabrero at 2023-09-26T19:28:08+00:00
testparm: Allow idmap ranges overlap for idmap_nss
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Sep 26 19:28:08 UTC 2023 on atb-devel-224
- - - - -
4ef7845b by Douglas Bagnall at 2023-09-26T23:45:35+00:00
security.idl: extend security token with device SIDs
A device has SIDs too, and a modern security token needs to know
them in order to interpret conditional expressions like
"Device_member_of".
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34aa33a1 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
security.idl: use sec_ace_object() in object switch
At some point sec_ace_object() is going to gain awareness of
SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT and the like.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
617cfa0e by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: helper to find callback/conditional aces
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41e1b695 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: helper to find resource attribute ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e81e98c4 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: helper to find ACEs with meaningful codas
Only Resource Attribute ACEs and Conditional ACEs are expected to have
trailing data. Others sometimes might, but we don't care what it is.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
762646b5 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: use tabs in sec_ace_object()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
498c4110 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: callback object aces are object aces
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40d9b08d by Douglas Bagnall at 2023-09-26T23:45:35+00:00
librpc:security.idl: ace->coda can be resource attribute
And now we see why security_ace_coda was a union.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8192ddd by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/sec: reformat long line in wscript_build
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df8eec38 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
librpc:security.idl: add conditional ace coda
Conditional ACEs go into a DATA_BLOB just like the default ignored
coda, but we add a union field with a different name to preserve
sanity.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e1ed7b7 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
ndr_sec_helper: ndr_size_security_ace: do less work
Almost always the ACE has an `ignored` DATA_BLOB as the coda, and the
length of the coda is the length field of the blob, which is usually
zero.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8e3f5d3 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
ndr_sec_helper: ace length should be multiple of 4
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdd9424e by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: whitespace repair in sddl.c
tabs not spaces.
It appears that my emacs got its configuration mixed up and was using
spaces.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
672fc0a1 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: find SDDL coda for RA and conditional ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
140f7466 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: add stub of conditional ACE code.
This is just the outline of what will come, but first we'll add
conditional ACE SDDL decoding in sddl_conditional_ace.c
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94f0a108 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli:security: outline for sddl_conditional_ace.c
This is to show where we're going to end up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f588a1f by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli:security: helpers for converting claim types
There are three different forms for claims, and we need to convert
between them.
For now, we are only going to be converting between conditional ACE
type and the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 type used by
resource ACEs and in the security token, and later we will add the PAC
claim types.
It doesn't help that these all have incompatible definitions, but we
do our best.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
969cb79d by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: add conditional ACE SDDL functions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b8e9e3f by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli:security: add functions to decode and decode RA ACEs
Resource Attribute ACEs have similar syntactical components to
conditional ACEs -- enough so that it is worth reusing the same
functions, but not quite enough so that it is exactly simple.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6bd491e by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli:security: add code to interpret conditional ACES
This doesn't actually *do* anything yet, for two reasons:
1. conditional ACEs are not checked in the
libcli/security/access_check.c functions (or anywhere else), and
will be treated just as they are now, as unknown types.
2. this file isn't mentioned in the wscript, so aren't compiled.
We'll get to point 2 first.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e88ea32c by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: add conditional ace files to samba-security
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84fa3972 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: sdd_decode_ace handles callback types
Conditional ACEs will not actually be decoded until the CALLBACK types
are added to the ace_types flag table.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6683d611 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: sdd_decode_ace handles resource attribute types
The decoding will not happen until "RA" is added to the ace_types table.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed52c9ed by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: sddl_encode_ace encodes conditional ACEs
Will work when the ace_flags table is updated.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3959fba3 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: sddl_encode_ace encodes resource attribute ACEs
Will work when the ace_flags table is updated.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1cc8888b by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: SDDL: add callback and resource ace type flags
With this, Conditional ACEs and Resource Attribute ACEs in SDDL will
be parsed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2923898e by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security/create_descriptor: calc_inherited handles new types
*_CALLBACK_OBJECT types inherit like other _OBJECT types.
*_CALLBACK types do nothing, like other non-OBJECT types.
We also explicitly throw unused alarm callback types and
SEC_ACE_TYPE_SYSTEM_MANDATORY_LABEL and
SEC_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID into the fire.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b08093ed by Douglas Bagnall at 2023-09-26T23:45:35+00:00
lbcli/security: callback object ACES fall back with no GUID
As with other object ACEs, if there is not a GUID to refer to the ACE
becomes the corresponding non-object ACE.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4865a3b by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: test SDDL compilation in cmocka
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
295c609f by Douglas Bagnall at 2023-09-26T23:45:35+00:00
lib/fuzzing: fuzz SDDL conditional ACEs
Here we're not compiling the whole SD, just the single conditional
ACE.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
829d77b4 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
s4/librpc: build conditional ace Python bindings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5569c177 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: security_descriptors comparison is quieter
This matters when we have a millions failures.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63be8401 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: security_descriptors test for repetitive ACLs
If there are multiple identical ACEs in an SDDL ACL, Windows will decode
them all and put extra trailing zeroes at the end of the ACL.
In contrast, Samba will decode the ACEs and not put extra zeroes at the
end.
The problem comes when Samba tries to read a binary ACL from Windows that
has the extra zeroes, because Samba's ACL size calculation is based on
the size of its constituent ACEs, not the ACL size field.
There is no good reason for an ACL to have repeated ACEs, but they could
be added accidentally.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6a665cc by Douglas Bagnall at 2023-09-26T23:45:35+00:00
librpc/ndr:ndr_sec_helper: fix a typo
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
afec8524 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: use sec_object_ace() in size_security_ace
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b9462fa by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: security_descriptors: tests without revision number hack
ACL revision 4 (SECURITY_ACL_REVISION_ADS) is effectively a superset
of revision 2 (SECURITY_ACL_REVISION_NT4), so any revision 2
ACL can be called revision 4 without any problem. But not vice versa:
a revision 4 ACL can contain ACE types that a revision 2 ACL can't. The
extra ACE types relate to objects.
Samba currently simplifies things by calling all its ACLs revision 4,
even if (as is commonly the case) the ACLs contain only revision 2 ACEs.
On the other hand, Windows will use revision 2 whenever it can. In other
tests we skip past this by forcing Windows ACLs to v4 before comparison.
This test is to remind us of the incompatibility.
It would not be hard to fix.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
901f77c5 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: security descriptors: test some conditional and RA ACEs
We have two sets of tests: one that will succeed, and one that is going
to remain a knownfail. The latter involves Resource Attribute ACEs that
have the TX type, meaning "byte string".
In MS-DTYP, a bytestring is defined like "#6869210a", with a hash,
followed by an even number of hex digits. In other places on the web, it
is mentioned that zeroes in the string can be replaced by hashes, like so
"#686921#a". We discover via indirect fuzzing that a TX RA ACE can also
take bare integers, like "6869210a" or "2023". As it would be tricky to
support this, and there is no evidence of this occurring in the wild, we
will probably leave this as a knownfail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a392b403 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest:security descriptors: hack to capture results as json
This makes it easy to separate a large number of examples into
successes and knownfails.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28d23377 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest:security_descriptors: test collected conditional ACEs
These tests were named in the superclass, but were not actually run,
nor was the file in git.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee386021 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: windows-sddl-test: fix typo in --help
found by Rob van der Linde.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7c0948d by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: windows-sddl-test: fix read of text examples
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f30103f by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: sddl tests can be only externally defined
Currently a test suite needs a strings list in order to import new
strings. This lets us avoid that and have the actual tests defined
only in external lists, making it easier to see we're testing the same
thing on Windows and reducing duplication.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a4fc3fe by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: sddl strings dir can be defined in class
Before we had to do this in an environment variable. In that case we
are probably wanting to monitor changes, so we like it to print more
messages than we want to see in an autobuild run that will hopefully
never do anything interesting.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c13684e6 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security/tests: add some test strings
These will soon be used by python/samba/tests/sddl_conditional_ace.py,
and are a format understood by the Windows programs in
libcli/security/tests/windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fabc2f35 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: sddl tests with conditional ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
924d59fd by Douglas Bagnall at 2023-09-26T23:45:35+00:00
security.idl: drop claim v1 reserved field
It isn't used and ended up filled with junk. The alignment works out.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2a4f20d by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security/conditional ACEs: compare composites as sets
... or at least settishly.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7ae4304 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: cmocka test for running conditional ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
044370a0 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: tools for creating security tokens
Sometimes we need security tokens for tests, and the raw constructor
is not very ergonomic. This wraps it so you can do this:
from samba.tests.token_factory import token as Token
t = Token(['WD', 'AA'],
privileges=['SEC_PRIV_DEBUG'],
rights=0x840,
device_claims={'wheels': 2, 'smelly': 'no'},
device_sids=['BG'])
and get a security.token object with the expected qualities.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30e6249d by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: tests for conditional ACEs with security tokens
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b65ac100 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest:conditional_ace_claims: ease export of failing tests to C
When a test fails, this prints a little stanza like
static void test_something(void **state)
{
INIT();
USER_SIDS("WD", "AA");
DEVICE_SIDS("BA", "BG");
SD("D:(XA;;0x1f;;;AA;(! Member_of{SID(AA)}))");
DENY_CHECK(0x10);
}
which is exactly right for copying into
libcli/security/tests/test_run_conditional_ace.c
which is much easier to iterate over with compiling and debugging.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
327861dc by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: conditional ace access checks for AD
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7bd1f43 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: conditional ace access checks for file server
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6a62d69 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
lib/fuzzing: adapt fuzz_sddl_access_check for claims
The token has more stuff in it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea4caa45 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
lib/fuzzing: fuzz_conditional_ace_blob
This parses the blob as a conditional ACE, and if possible tries
decompiling it into SDDL.
There are not many round-trip assertions we can honestly make, but we
keep the trip going as long as possible, in case it reveals anything.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc17c3e2 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
lib/fuzzing: adjust access-check seed patch
Now that access_check.c includes headers for conditional ACEs, the patch
should take that into account.
Also, we check for a talloc failure.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15fe49a2 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: assembler for conditional ACEs
This is a helper module to construct conditional ACEs that can't be
created from SDDL.
There is a semi-infinite number of valid conditional ACEs that don't
have SDDL representations, and an even larger number of invalid (or
borderline invalid) ACEs.
This allows us to create those ACEs without having to deal with too
many array of numbers.
The next commit provides an example of its use.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14492945 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
libcli/security: beginning of tests for conditional ACE bytes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
978a9e46 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
pytest: conditional_ace assembler assembles full descriptor
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8215ed3 by Douglas Bagnall at 2023-09-26T23:45:35+00:00
librpc/ndr_claims: avoid 'bin/default' in #include
Obviously it works fine, but we don't do it anywhere else.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9cf90ae by Andrew Bartlett at 2023-09-26T23:45:35+00:00
s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push
The struct security_token can now contain complex claims as well as SIDs
so we can no longer just duplicate it by hand. Instead let PIDL and libndr
do the hard work for us.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5696f66d by Andrew Bartlett at 2023-09-26T23:45:35+00:00
librpc: Add context as to if this token should be used for claims evaluation
Claims evaluation is added to the core se_access_check() library, but
not all callers provide claims in the security_token and we want to
be able to disable this new and complex code if needed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1223b89d by Andrew Bartlett at 2023-09-26T23:45:35+00:00
docs-xml: Add new parameter "acl claims evaluation"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f1fcbc0f by Andrew Bartlett at 2023-09-26T23:45:35+00:00
s4-auth: pass lp_ctx to auth_generate_session_info() where possible
For non-testing callers of auth_generate_session_info(), passing
lp_ctx will allow us to correctly set a flag indicating if claims
should be evaluated.
For testing applications, the default will allow safe operation
inspecting the SID list.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e2cc29d1 by Andrew Bartlett at 2023-09-26T23:45:35+00:00
libcli/security: Pass in claims evaluation state when building any security token
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a8210ab1 by Andrew Bartlett at 2023-09-26T23:45:35+00:00
s3-net_rpc: Use security_token_initialise() to create struct security_token
This ensures that the full structure is initialised now and in the
future.
Because this is now a talloc based structure, we can now use
add_sid_to_array_unique() rather than a reimplementation in this file.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
934b0335 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
s3-net_rpc: Make the struct user_token array the parent talloc context
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4e8e35de by Andrew Bartlett at 2023-09-26T23:45:36+00:00
s3-winbind: Use token as parent for token->sids in check_info3_in_group()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
13d3c615 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libcli/security: Move dup_nt_token() to libcli/security
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dc7dc6f5 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libcli/security: Rename dup_nt_token() -> security_token_duplicate()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d027200a by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libgpo: Reimplmeent registry_create_system_token() using get_system_token()
This helps ensure we have a smaller number of places that
a struct security_token starts from.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d9e268db by Andrew Bartlett at 2023-09-26T23:45:36+00:00
python: Change the generic merge_nt_token() to being specific to the system_token
This allows us to punt on the question of merging the claims, as there are
none on the system token.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c8c86b81 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM
By making this specific to the only use case, merging with the SYSTEM
token for GPOs, we avoid having to merge the claims, as there are none
for SYSTEM.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e3f28c2e by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libcli/security: Hook in ability to disable conditional ACE evaluation
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
588a339d by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: adjust tests for evaluate_claims flag
Most tests were prepared in advance, but we left these ones to test
the change.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
117d4c55 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: access_check with MAXIMUM_ALLOWED checks callbacks
To help clarify the logic, we make new functions that separate the
deny and allow cases, which helps keep track of what 'yes' and 'no'
mean and which incorporate the logic of token->evaluate_claims
handling, which determines when we want to run a conditional ACE, when
we want to ignore it, and when we want to take offence. In the case
when we decide to run it, we then need to decide whether to apply it
or ignore it based on the result. This last bit differs between allow
and deny aces, hence the two functions.
These functions will replace check_callback_ace_access() over the next
few commits.
In the case where token->evaluate_claims is
CLAIMS_EVALUATION_INVALID_STATE and the DACL contains a conditional
ACE, the maximum allowed is 0, as if it was a "deny everything" ACE.
This is an unexpected case. Most likely the evaluate_claims state
will be NEVER or ALWAYS. In the NEVER case the conditional ACE is
skipped, as would have happened in all cases before 4.20, while in the
ALWAYS case the conditional ACE is run and applied if successful.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d6f0927 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: sec_access_check_ds uses new callback ACE checks
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5345f18 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: se_access_check uses new callback checks
With the last caller of check_callback_ace_access() gone, so is that
function.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e45a4d1 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: access_check handles CALLBACK_OBJECT types
These are like an object type if the callback (i.e. condtional ACE
conditions) succeeds, otherwise they are ignored.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94d1cfbd by Andrew Bartlett at 2023-09-26T23:45:36+00:00
conditional_aces: Avoid manual parsing for ace_condition_sid
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
793b86f4 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
conditional_aces: Avoid manual parsing for ace_condition_bytes, use DATA_BLOB
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fe835fc3 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
Make blob->data pointer in ace_sid_to_claim_v1_sid() a child of the DATA_BLOB
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
03d63fb0 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libcli/security: Make failure parsing where consumed == -1 clear
This was caught by the next condition, but this is clearer.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ab531abc by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libcli/security: Check for sddl_from_conditional_ace() failure in test_sddl_conditional_ace
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b9e90bae by Andrew Bartlett at 2023-09-26T23:45:36+00:00
conditional_aces: Avoid manual parsing for ace_condition_int
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5f4197bf by Andrew Bartlett at 2023-09-26T23:45:36+00:00
libndr: Add support for pulling strings with LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0ac979b2 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
conditional_aces: Avoid manual parsing for ace_condition_unicode
A consequence of this is that we remove the confusing "length"
from the IDL, as it was the internal UTF8 length, not a wire
value. We use null terminated strings internally now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a2e6df03 by Andrew Bartlett at 2023-09-26T23:45:36+00:00
add comment that ace_condition_composite is not representative of the wire format
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b3f92b47 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings
There is a borderline case where a conditional ACE unicode string
becomes longer than the SDDL parser wants to handle when control
characters are given canonical escaping. This can make the round trip
fail, but it isn't really a problem.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5650b511 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security/sddl_conditional_ace: ban empty expressions in SDDL
The trouble is with expressions like "(!(()))", which boil down to a
single NOT operation with no argument, which is invalid and can't be
run or expressed as SDDL.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
310c2540 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcl/security: conditional ACE sddl >= ops take literal parens only
You can't do things like '(a == b) == (c < d)'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65674cde by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: conditional ACE sddl doesn't have string escapes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4da279b by Douglas Bagnall at 2023-09-26T23:45:36+00:00
util/str: helper to check for utf-8 validity
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3be69fc3 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
fuzzing: fuzz_sddl_parse forgives bad utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96dbc71e by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: conditional ace sddl: do not write nested composites
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38247d39 by Douglas Bagnall at 2023-09-26T23:45:36+00:00
libcli/security: conditional ace sddl: do not read nested composites
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b6c1f1a by Douglas Bagnall at 2023-09-27T00:41:26+00:00
libcli/security: condtional ACE recursive composites are not supported
We can't add them via SDDL on Windows, and they aren't useful for
claims.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 27 00:41:26 UTC 2023 on atb-devel-224
- - - - -
c9aab312 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Add header guard
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40c5ed60 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Use correct union member
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5568a0a by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove bool_value member
‘bool_value’ has the same type as ‘uint_value’. Removing the former
avoids our having more duplicate code than is strictly necessary.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48606c8a by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Const‐qualify function parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4010c9b by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Add some missing declarations
so that users of this header file don’t have to declare them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f035985d by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Add function to convert token claims to security attribute claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cb3beee by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Emit error message if program is too large
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0795c80 by Joseph Sutton at 2023-09-27T02:43:28+00:00
tests/krb5: Match filter after transforming test name
If you just want to rerun a single test that failed, this removes the
need to successfully guess its untransformed name.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26ff87dc by Joseph Sutton at 2023-09-27T02:43:28+00:00
python:tests: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdbb5ab7 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli:security: Add SELF SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2782df62 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli:security: Use SELF SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
214f6c64 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli:security: Correct Asserted Identity SID definitions
These definitions were the wrong way round.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcca6bba by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:dsdb: Use NULL SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89985f6f by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:kdc: Use Asserted Identity SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56def24b by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli:security: Add Compounded Authentication and Claims Valid SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1b7d33b by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:kdc: Use Compounded Authentication and Claims Valid SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6bb3a34 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Use Anonymous and System SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4405e709 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:dsdb: Use Builtin SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bef3fd7 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:ntvfs: Use World and System SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b496331 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:rpc_server: Use Builtin SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc731603 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:torture: Use SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c94db7d2 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Correct error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37a32d3b by Joseph Sutton at 2023-09-27T02:43:28+00:00
python:tests: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21f765c1 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove unused macro
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1a45ec3 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55e198fc by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d4f60c8 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a064e2f2 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37ed2087 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Refer to UTF‐16 code units rather than to codepoints
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac34f48a by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Use ACL revision constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c755bbd6 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Fix code formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48969305 by Joseph Sutton at 2023-09-27T02:43:28+00:00
libcli/security: Test hex‐escapes that should be literals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bd7863e by Joseph Sutton at 2023-09-27T02:43:28+00:00
lib/krb5_wrap: Make use of smb_krb5_make_data()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58bd2f52 by Joseph Sutton at 2023-09-27T02:43:28+00:00
lib/krb5_wrap: Simplify assignments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f6083f5 by Joseph Sutton at 2023-09-27T02:43:28+00:00
lib:audit_logging: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31c7d7cf by Joseph Sutton at 2023-09-27T02:43:28+00:00
s3:lib: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
955fd832 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s3:modules: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67f3fead by Joseph Sutton at 2023-09-27T02:43:28+00:00
s3:passdb: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c278a1d3 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s3:rpc_server: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ce4e372 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s3:smbd: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdf0e1be by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:kdc: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bd9b9bf by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
strptime() will fail to parse the LDAP ‘whenCreated’ time string,
because the format string is wrong: it will expect to get a time like
“20230920043849Z”, but the time string seems to be actually formatted
“20230920043849.0Z” — like a GeneralizedTime.
Fix this by delegating to ldb_val_to_time().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2700cf6 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:torture: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
842f845c by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Make returning resource groups the last thing we do
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
219ee05d by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Introduce helper variable ‘resource_groups_in’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a9f2486 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Return a talloc‐allocated resource groups structure
Future callers will rely on resource_groups_out being talloc‐allocated.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab227bbe by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Fix ‘user_info_dc_out’ leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e164cc2 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:kdc: Move encode_claims_set() into the auth_session subsystem
Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58aa8d99 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4839adf9 by Joseph Sutton at 2023-09-27T02:43:28+00:00
s4:auth: Add functions to convert between different claims formats
The new ‘claims_data’ structure can store claims in three different
representations — as an encoded blob, as a CLAIMS_SET structure, or as a
series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of
claims, the accompanying functions provide a way to convert them into
the desired format.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0078a330 by Joseph Sutton at 2023-09-27T02:43:28+00:00
testdata: Mark compression test data as binary
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce43dd05 by Joseph Sutton at 2023-09-27T02:43:28+00:00
ndr: Display values for failed range checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb39bb19 by Joseph Sutton at 2023-09-27T02:43:28+00:00
pidl: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
267464f6 by Joseph Sutton at 2023-09-27T02:43:28+00:00
librpc/ndr: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acc614f2 by Joseph Sutton at 2023-09-27T02:43:28+00:00
librpc: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
464d86ca by Joseph Sutton at 2023-09-27T02:43:28+00:00
pidl: Use INT_MAX as enum constant for portability
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c8b90d8d by Joseph Sutton at 2023-09-27T03:38:00+00:00
librpc: Fix typos in error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 27 03:38:00 UTC 2023 on atb-devel-224
- - - - -
ad76bb2e by MikeLiu at 2023-09-27T08:42:25+00:00
streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Sep 27 08:42:25 UTC 2023 on atb-devel-224
- - - - -
c33ce174 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Sort imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
939a74e3 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Allow variation in PADATA_PW_SALT
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60e479d8 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Allow filter for tests that crash Windows
Set CRASH_WINDOWS=0 when running against a Windows DC. These crashes are
only possible because we can modify the PAC, but having these tests allows
us to lock down Samba behaviour, so we include them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d054f583 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Allow multiple ticket modification functions
This means that callers can specify a stack of possible modifications.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfd2027d by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Don’t bother regenerating the PAC if modify_pac_fn or update_pac_checksums are false
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6ec0e4f by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Allow passing mapping=None to map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34e72103 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Make set_pac_sids() parameters keyword‐only
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fb0380c by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Make optional ‘user_rid’ parameter to set_pac_sids()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc1dd00d by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Make optional ‘domain_sid’ parameter to set_pac_sids()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d0bdb5c by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Have set_pac_sids() accept lone RIDs as well as full SIDs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f5368dd by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Add method to replace the device SIDs in a PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e7e46c3 by Joseph Sutton at 2023-09-28T03:33:38+00:00
tests/krb5: Add method to replace client or device claims in a PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08b9d5c7 by Joseph Sutton at 2023-09-28T04:35:05+00:00
tests/krb5: Add samba.tests.krb5.conditional_ace_tests
This is a test using conditional ACEs and claims to confirm that we understand
the full end-to-end network behaviour of these all the way from the PAC to the
application in the access check of the KDC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 28 04:35:05 UTC 2023 on atb-devel-224
- - - - -
7f4db710 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: avoid the need to create a random command in GetSamDB
Also the code that looks over kwargs is somewhat confusing and unnecessary.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9d406dc by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: bugfix: argument -U was already in creds so listed twice
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71c191ca by Rob van der Linde at 2023-09-29T02:18:34+00:00
python: tests: implement setUpTestData overridable class method
On Python 3.6 and 3.7 the addClassCleanup method needs to be implemented, and tearDownClass must be called by setupClass if any exception is raised.
On Python 3.8 and higher, unittest already calls tearDownClass, even if it raises an exception in setUpClass.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16c19c47 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: make _run a classmethod in SambaToolCmdTest
So that it can be called from setUpClass as well
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91fa5088 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: tests tidyup and make use of setUpTestData
Still only load the test data once per test class, but much easier to read.
Made several methods static for creating/deleting claims, policies and silos.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1d5f93f by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: test that create objects make use of addCleanup
Since the samdb connection is on the class and hangs around between tests, we need to clean up what we created.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c01e9431 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: modify claim cli tests setup their own test data
Initially the test data was created in setUp, but it was moved to setUpClass.
The problem with this is tests modifying objects, which could affect the next test.
Create all required data in the test itself for clarity (and also is faster)
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a333554 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: modify auth policy cli tests setup their own test data
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27cd5982 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: modify auth silo cli tests setup their own test data
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
950a70a1 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: models: field to_db_value needs ldb param
Required by SDDL field type added in next commit
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83d321e7 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: models: add FieldError subclass which stores the field
This is so that errors on the CLI show the field name
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1325e013 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: models: add SDDL model field
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
385029fb by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: models: add SDDL fields to AuthenticationPolicy model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
645b7734 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: auth: add new SDDL fields to create and modify auth policy commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12a98ab4 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: tests: add some tests for valid and invalid SDDL in cli commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6af1a717 by Rob van der Linde at 2023-09-29T02:18:34+00:00
netcmd: auth: manpage documentation for conditional ace fields
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
272f26e3 by Douglas Bagnall at 2023-09-29T02:18:34+00:00
libcli/security: conditional ACEs check again for NULL/empty claims
CID 1545152.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2107889 by Douglas Bagnall at 2023-09-29T02:18:34+00:00
libcli/security: test_run_condtional_ace: va_end() on errors
CID 1545154, CID 1545155.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ff80465 by Douglas Bagnall at 2023-09-29T02:18:34+00:00
libcli/security: fix talloc context for integer values (CID 1545156)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90ba53ee by Kacper at 2023-09-29T03:15:18+00:00
samba-tool: Fix for gpo restore not working without --tmpdir
cmd_restore depends on cmd_create but the later cleans up
required temp files for cmd_restore to function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15462
RN: Fix for gpo restore not working without --tmpdir
Signed-off-by: Kacper Boström <kacper at kacper.se>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 29 03:15:18 UTC 2023 on atb-devel-224
- - - - -
e961783a by Joseph Sutton at 2023-10-01T22:45:38+00:00
lib:compression: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50c208fc by Joseph Sutton at 2023-10-01T22:45:38+00:00
lib/ldb-samba: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a77b90d8 by Joseph Sutton at 2023-10-01T22:45:38+00:00
ldb: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f92b5f1 by Joseph Sutton at 2023-10-01T22:45:38+00:00
lib/util: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
184a48d6 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s3:libads: Don’t do first loop iteration if ‘attr’ is NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10726fb3 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s3:libads: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b33a486e by Joseph Sutton at 2023-10-01T22:45:38+00:00
s3:rpc_server: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3eaa285 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s3:smbd: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2f55b06 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:ntvfs: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bc680b6f by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:torture: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ecd17c8 by Joseph Sutton at 2023-10-01T22:45:38+00:00
libcli/security: Conform to Samba’s brace style
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4d45d41 by Joseph Sutton at 2023-10-01T22:45:38+00:00
libcli/security: Parenthesize macro parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4437eb14 by Joseph Sutton at 2023-10-01T22:45:38+00:00
libcli/security: Have security_ace_equal() handle callback and resource ACEs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbb259e1 by Joseph Sutton at 2023-10-01T22:45:38+00:00
libcli/security: Handle new ACE types with sec_ace_object()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d30a6124 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:auth: Ensure that some parameters are not NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da202eb2 by Joseph Sutton at 2023-10-01T22:45:38+00:00
lib:krb5_wrap: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fff9b71b by Joseph Sutton at 2023-10-01T22:45:38+00:00
.gitattributes: Mark large data file as binary
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
452aeb21 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af22a655 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Check that principal being copied is not NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75875322 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove unnecessary assignments
These structures have been zero‐initialized already.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c45a24cc by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Initialize pointer to NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26e40717 by Joseph Sutton at 2023-10-01T22:45:38+00:00
ndr: Parenthesize expressions to be cast
We must parenthesize each expression that is to be cast to a specific
type, otherwise the cast will apply to only part of the full expression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
773c36ba by Joseph Sutton at 2023-10-01T22:45:38+00:00
pidl: Parenthesize expression to be cast
We must parenthesize each expression that is to be cast to a specific
type, otherwise the cast will apply to only part of the full expression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c829dd1b by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:dsdb: Add parameters for claims and device SIDs to security_token_create()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a621e9ab by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:dsdb: Add session info flag to indicate authentication with a device
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f0ba2b0 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:auth: Rename parameter to match function implementation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2b6c219 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:auth: Reformat function calls
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3a489fa by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Reformat function call
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a5921d9 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:auth: Add parameters for claims and device info to auth_generate_security_token()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54cd7f4f by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add parameters for claims and device info to authn_policy_access_check()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ae75998 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f9d2ff8 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add parameters for claims and device info to authn_policy_authenticate_to_service()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41527cfa by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove unused memory context from samba_kdc_lookup_realm()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e0a3dd54 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_get_user_info_dc()
It was never used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfeb3d75 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add the Claims Valid SID
samba_kdc_get_user_info_dc() does too much. It should be responsible
only for getting account information, not for adding extra SIDs.
By extracting the call to samba_kdc_add_claims_valid() into the former
function’s callers, we’ll be able to remove the ‘claims_valid’ parameter
in the next commit, reducing the function’s complexity.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f250a24e by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_get_user_info_dc()
It was not used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c480886 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add an Asserted Identity SID
samba_kdc_get_user_info_dc() does too much. It should be responsible
only for getting account information, not for adding extra SIDs.
By extracting the call to samba_kdc_add_asserted_identity() into the
former function’s callers, we’ll be able to remove the
‘asserted_identity’ parameter in the next commit, reducing the
function’s complexity.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68dc69d8 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove ‘asserted_identity’ parameter from samba_kdc_get_user_info_dc()
It was not used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eba1ab0c by Joseph Sutton at 2023-10-01T22:45:38+00:00
tests/krb5: Initialize variable
This avoids the following exception:
Exception: Traceback (most recent call last):
File "/samba/bin/python/samba/tests/krb5/kdc_tgs_tests.py", line 2500, in test_renew_pac_request_false
tgt = self._modify_tgt(tgt, renewable=True)
File "samba/bin/python/samba/tests/krb5/kdc_tgs_tests.py", line 3014, in _modify_tgt
return self.modified_ticket(
File "/samba/bin/python/samba/tests/krb5/raw_testcase.py", line 5694, in modified_ticket
auth_data, new_pac,
UnboundLocalError: local variable 'new_pac' referenced before assignment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
849ee959 by Joseph Sutton at 2023-10-01T22:45:38+00:00
tests/krb5: Add method to perform an armored AS‐REQ
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
989fb009 by Joseph Sutton at 2023-10-01T22:45:38+00:00
tests/krb5: Add tests performing AS‐REQs armored with unacceptable tickets
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3358b04a by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove device PAC validation
In the first place, this check was only applicable to the Heimdal KDC,
the MIT KDC not having support for compounded authentication. Secondly,
it was redundant, because _kdc_fast_check_armor_pac() would have already
been called to verify the armor ticket; a second round of validation
achieved nothing. And finally, the check was flawed: it checked only
*explicitly* armored PACs, and so would have done nothing for an armored
*AS‐REQ*.
In short, this check was useless; remove it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
321e0ed6 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove unused parameters from samba_kdc_verify_pac()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46c08652 by Joseph Sutton at 2023-10-01T22:45:38+00:00
tests/krb5: Add Device Restriction tests for silos and authentication policies in the KDC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0633e78b by Joseph Sutton at 2023-10-01T22:45:38+00:00
third_party/heimdal_build: Define HAVE_KRB5_PAC_IS_TRUSTED when using embedded Heimdal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c456912 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add ‘samba_kdc_entry_pac’ wrapper type
With embedded Heimdal, we can mark a PAC as being trusted (i.e. not
issued by an RODC). This is convenient, as it saves us needing to carry
that information in flags, hoping it isn’t inadvertently lost.
System Heimdal and MIT Kerberos, however, don’t provide a way to mark a
PAC trusted. So we add a new wrapper type, ‘samba_kdc_entry_pac’, that
contains this extra information if ‘krb5_const_pac’ doesn’t contain it
already. As it also stores a pointer to the client entry, the
structure’s lifetime must therefore be carefully managed. Finally, it
keeps track of whether the PAC came across a trust, to know which is
useful in some circumstances.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45e8e197 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Remove unused declaration
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ea4b271 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79b33eea by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add function to determine whether a KDC entry represents a trust
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bad7a3fc by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Add function to get device PAC entry from Heimdal request structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77b35c42 by Joseph Sutton at 2023-10-01T22:45:38+00:00
s4:kdc: Make use of ‘samba_kdc_entry_pac’ wrapper type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b6c1735 by Joseph Sutton at 2023-10-01T23:46:44+00:00
tests/krb5: Test that the correct Asserted Identity SID is added when inner FX‐FAST padata is used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15477
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Sun Oct 1 23:46:44 UTC 2023 on atb-devel-224
- - - - -
749bc568 by Martin Schwenke at 2023-10-03T03:53:35+00:00
ctdb-doc: Update CTDB manual pages to UTF-8
This will allow Unicode characters to be used, resulting in more
readable source files.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7c468d9d by Martin Schwenke at 2023-10-03T03:53:35+00:00
ctdb-doc: Add some subsection names in description
A subsequent commit will add a new section, which looks out of place
without these new sections.
Best reviewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4981984d by Martin Schwenke at 2023-10-03T03:53:35+00:00
ctdb-scripts: Avoid errors for uninitialised counters
Uninitialised counters are treated as 0, but still produce an error.
The redirect to stderr needs to come before the redirect for a missing
counter file.
The seemingly saner alternative of moving it outside the subshell
works when dash is /bin/sh (e.g. on Debian) but does not work when
bash is /bin/sh (e.g. on Fedora).
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8303c3a5 by Martin Schwenke at 2023-10-03T03:53:35+00:00
ctdb-scripts: Implement failcount handling with thresholds
This can be used for simple failure counting, without restarts, as
used in the 40.vsftpd event script. That case will subsequently be
converted and this functionality can also be used elsewhere.
Add documentation to ctdb-script.options(5) to allow parameters that
use this to be more easily described.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3ee348a9 by Martin Schwenke at 2023-10-03T04:53:38+00:00
ctdb-scripts: Convert 40.vsftpd to use threshold-based fail counting
This effectively provides simple testing for the threshold-based
approach.
Add new script option CTDB_VSFTPD_MONITOR_THRESHOLDS.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Oct 3 04:53:38 UTC 2023 on atb-devel-224
- - - - -
52c3edb2 by Volker Lendecke at 2023-10-04T20:31:36+00:00
tests: We always do smb3 unix extensions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
078db302 by Volker Lendecke at 2023-10-04T20:31:36+00:00
tests: Run smb3unix tests with SMB1
We want to create native FIFOs with smb1 extensions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f1ee32a by Volker Lendecke at 2023-10-04T20:31:36+00:00
pylibsmb: Py_BuildValue can build tuples directly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f91cce1 by Volker Lendecke at 2023-10-04T20:31:36+00:00
libsmb: Allow NULL print_name in reparse_data_buffer_marshall()
read_symlink_reparse() does this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8107aafb by Volker Lendecke at 2023-10-04T20:31:36+00:00
idl: Add smb3posix.idl
Let PIDL take care of encoding SMB2_FILE_POSIX_INFORMATION. This way
we also get parsing.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6874ed6a by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec()
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
36fd98a5 by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Add smb3_file_posix_information_init()
Copy the logic from store_smb2_posix_info() to allow use of
ndr_push_smb3_file_posix_information().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8593ad3 by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b573e1da by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Use Use smb3posix marshalling in in smbd_marshall_dir_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2d6c643e by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b865702 by Volker Lendecke at 2023-10-04T20:31:36+00:00
smbd: Remove unused marshalling of smb3posix file information
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82a12f7a by Volker Lendecke at 2023-10-04T20:31:36+00:00
libndr: Factor out ndr_pull_struct_blob_noalloc()
smb3_file_posix_information is variable length with something behind.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb166028 by Volker Lendecke at 2023-10-04T20:31:36+00:00
libsmb: Pass NTTIME to interpret_long_date()
Separate concerns of conversion and pulling off the wire. Needed soon
for smb311 pidl generated parsing.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb89ea70 by Volker Lendecke at 2023-10-04T21:26:20+00:00
libsmb: Use pidl generated parsing for posix file info
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 4 21:26:20 UTC 2023 on atb-devel-224
- - - - -
4b376fff by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Pass "struct vfs_open_how" to reopen_from_procfd()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7996c07b by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Pass "struct vfs_open_how" to fd_open_atomic()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2a53fdeb by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Pass "struct vfs_open_how" to reopen_from_fsp()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
236df26a by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Slightly simplify open_file()
Replace "truncating" variable reference with what it was defined
as. We use "(flags & O_TRUNC)" a few lines above, so it can't be that
bad.
After we set it to "false" further down, it was never used again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f4c937d by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Remove variable "accmode" from open_file()
We directly look at the flags in many other places in this function,
so do this also for O_ACCMODE for clarity.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ad7b119b by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Don't change incoming flags in open_file()
This will be part of a const struct vfs_open_how soon. Further down in
this function we don't look at O_CREAT or O_EXCL of "flags" anymore
anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
45005d4b by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Simplify open_file()
We can unconditionally just and-out O_CREAT from local_flags, so
remove an if-condition.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df78af98 by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Simplify an if-condition in open_file()
We use the plain (flags&O_TRUNC) a few lines above, make the
if-condition a bit more readable.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f8645c7a by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Simplify open_file()
We handle O_TRUNC further down anyway by passing local_flags&~O_TRUNC to
reopen_from_fsp(). No need for this FIFO special case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
814b37bd by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Simplify open_file()
We have extracted FSP_POSIX_FLAGS_PATHNAMES above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
884b9926 by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Simplify open_file()
Simplify an if-condition:
We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not
creating. In fact, we probably should not end up in open_file() if
we're open a Windows file with a wildcard.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6ec031b2 by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Make open_file() a bit safer
Move adding O_RDWR before the check for read only shares. I haven't
been able to pass this condition through SMB, but in any case we
should not accidentially open with O_RDWR in the !CAN_WRITE(conn)
case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7c356769 by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Remove "local_flags" from open_file()
This needs close review. I could not see where we were actually
referencing the original flags in a way that would not be available in
local_flags. The reason for this patch is that I want to pass in
vfs_open_how into open_file(), and the distinction between flags and
local_flags made this significantly harder to understand for me.
The only place where we really used both versions is the DBG_NOTICE in
the last hunk, and this will come back in the next patch.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
02d9321c by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Pass struct vfs_open_how to open_file()
We want to pass BACKUP_INTENT down into reopen_from_fsp, and the
elegant way is to do this via vfs_open_how.resolve.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f701faf6 by Volker Lendecke at 2023-10-05T12:58:33+00:00
smbd: Remove "flags2" from open_file_ntcreate()
"flags" carried just the O_ACCMODE bits, "flags2" everything
else. Unify them.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d1846452 by Volker Lendecke at 2023-10-05T14:00:33+00:00
vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT
Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request
who wants to add O_NOATIME in this case to avoid metadata updates when
a backup or virus-checking application comes along.
This does not fully handle BACKUP_INTENT correctly, this would require
become_root() appropriately. We might want to do that later after a
lot of careful security audit, but this patch independently might
already provide some infrastructure for it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 5 14:00:33 UTC 2023 on atb-devel-224
- - - - -
8128800c by Michael Tokarev at 2023-10-06T16:14:48+03:00
debian/libldb2.symbols: update
- - - - -
fa5d14d6 by Michael Tokarev at 2023-10-06T16:14:48+03:00
d/control: samba-libs: depend on libldb of the same version
Since libldb ABI is incorrectly versioned resulting in breakage
like #1021371, just require libldb version of the same build.
https://lists.samba.org/archive/samba-technical/2023-September/138422.html
Also, since we changed symbol versioning in the previous commit,
add Breaks: samba-libs << 4.19 by libldb2.
- - - - -
5dbc8ed2 by Michael Tokarev at 2023-10-06T16:14:48+03:00
d/control: disable ceph (libcephfs-dev, librados-dev) on 32bit architectures (#1053202)
- - - - -
127486af by Michael Tokarev at 2023-10-06T16:14:48+03:00
d/control: enable rados on riscv64 once it's available there
- - - - -
0ffd9d8b by Michael Tokarev at 2023-10-06T16:14:48+03:00
d/control: bump mit-krb5 build-dep (on mitkrb5 profile) to 1.20
- - - - -
d3089f73 by Michael Tokarev at 2023-10-06T16:14:48+03:00
remove debconf questions and wins dhcp hooks
WINS is netbios which is not used in modern windows.
Other debconf questions which were there makes no
sense these days too.
smb.conf file should be edited manually in almost
all cases anyway, and asking only about workgroup
(which is not very useful by itself already) is not
a good idea, we should either ask about much more
other things too or not ask at all.
Just drop all this.
- - - - -
5dab2cfd by Jeremy Allison at 2023-10-08T22:05:34+02:00
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
45d58453 by Jeremy Allison at 2023-10-08T22:05:34+02:00
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
f17abf9c by Jeremy Allison at 2023-10-08T22:05:34+02:00
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
2ff6cbcd by Ralph Boehme at 2023-10-08T22:05:54+02:00
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6b6495c7 by Ralph Boehme at 2023-10-08T22:05:54+02:00
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
05c370c4 by Andreas Schneider at 2023-10-08T22:06:12+02:00
CVE-2023-4154 s4:dsdb:tests: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit b29793ffdee5d9b9c1c05830622e80f7faec7670)
- - - - -
937e50b1 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c284a922 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e46a30aa by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9cbf161 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1eca806c by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f70bdb46 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56c13448 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72248a51 by Andrew Bartlett at 2023-10-08T22:06:12+02:00
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5eeba465 by Andrew Bartlett at 2023-10-08T22:06:35+02:00
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88542d6d by Andrew Bartlett at 2023-10-08T22:06:35+02:00
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06a434bc by Andrew Bartlett at 2023-10-08T22:06:59+02:00
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e6d7e10 by Andrew Bartlett at 2023-10-08T22:06:59+02:00
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb9c3524 by Jule Anger at 2023-10-09T22:14:05+02:00
VERSION: Bump version up to Samba 4.19.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
(cherry picked from commit a8c5fe34b639f72c045bc0500d0c053842327556)
- - - - -
67c67785 by Jeremy Allison at 2023-10-09T22:14:05+02:00
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
44d59c38 by Jeremy Allison at 2023-10-09T22:14:05+02:00
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
456a758f by Jeremy Allison at 2023-10-09T22:14:05+02:00
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
2761477b by Ralph Boehme at 2023-10-09T22:14:05+02:00
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
9cd1ad18 by Ralph Boehme at 2023-10-09T22:14:05+02:00
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
52c633af by Andreas Schneider at 2023-10-09T22:14:05+02:00
CVE-2023-4154 s4:dsdb:tests: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit b29793ffdee5d9b9c1c05830622e80f7faec7670)
- - - - -
c04ec1a2 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b398d8af by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad11a871 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7d30cf9 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93424793 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c443a222 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b55e2c32 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b321f44 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5609c68a by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2cb41dd7 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
338021c7 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
81b816c6 by Andrew Bartlett at 2023-10-09T22:14:05+02:00
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f72ef19c by Volker Lendecke at 2023-10-10T08:19:29+00:00
libsmb: Add "flags" to cli_smb2_close_fnum_send()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4047443 by Volker Lendecke at 2023-10-10T08:19:29+00:00
libsmb: Pass "flags" through cli_close_send() and pylibsmb
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
340f0420 by Volker Lendecke at 2023-10-10T08:19:29+00:00
pylibsmb: Add SMB2_CLOSE_FLAGS_FULL_INFORMATION constant
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23deb79a by Volker Lendecke at 2023-10-10T08:19:29+00:00
tests: Add reproducer for bug 15487
Show that smbd crashes if asked to return full information on close of a
stream handle with delete on close disposition set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a4bdbfef by Jule Anger at 2023-10-10T11:04:03+02:00
WHATSNEW: Add release notes for Samba 4.19.1.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
d9e90993 by Jule Anger at 2023-10-10T11:04:49+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.1 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
633a3ee6 by Ralph Boehme at 2023-10-10T09:39:27+00:00
s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.
If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.
Remove knownfail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
- - - - -
58ec8009 by Volker Lendecke at 2023-10-10T13:14:31+00:00
ctdb: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ce3243d7 by Volker Lendecke at 2023-10-10T13:14:31+00:00
ctdb: Reduce indentation in get_tunable_values()
Use an early return tvals; review with "git sh -b".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23ccb1c0 by Volker Lendecke at 2023-10-10T13:14:31+00:00
ctdb: Align variable signedness
ipalloc_state->num_nodes is uint32_t
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ea9cbbd8 by Volker Lendecke at 2023-10-10T13:14:31+00:00
ctdb: setup $CTDB_BASE for deterministic ip alloc tests
ipalloc_deterministic() will require it in the next patch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a6b66661 by Volker Lendecke at 2023-10-10T14:17:19+00:00
ctdb: Add "home_nodes" file to deterministic IP allocation
With a file "home_nodes" next to "public_addresses" you can assign
public IPs to specific nodes when using the deterministic allocation
algorithm. Whenever the "home node" is up, the IP address will be
assigned to that node, independent of any other deterministic
calculation. The line
192.168.21.254 2
in the file "home_nodes" assigns the IP address to node 2. Only when
node 2 is not able to host IP addresses, 192.168.21.254 undergoes the
normal deterministic IP allocation algorithm.
Signed-off-by: Volker Lendecke <vl at samba.org>
add home_nodes
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 10 14:17:19 UTC 2023 on atb-devel-224
- - - - -
ae476e1c by Jeremy Allison at 2023-10-10T14:49:39+00:00
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
c39f90a1 by Jeremy Allison at 2023-10-10T14:49:39+00:00
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
5ed25efb by Jeremy Allison at 2023-10-10T14:49:39+00:00
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
b1fd6569 by Ralph Boehme at 2023-10-10T14:49:39+00:00
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
b70f4f86 by Ralph Boehme at 2023-10-10T14:49:39+00:00
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6578a65e by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07d2b28f by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b644bb06 by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76b8d3ed by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4a71fbe by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a79ed2c by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3d83a8f by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfeb9fe5 by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cf1beed by Andrew Bartlett at 2023-10-10T14:49:39+00:00
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9c32f92 by Andrew Bartlett at 2023-10-10T14:49:40+00:00
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e87c9d8 by Andrew Bartlett at 2023-10-10T14:49:40+00:00
s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds
This demonstration should never be enabled in production, if
echo service is required other software is far better positioned
to provide it. Reflection attacks on echo are a known issue.
This is removed for consistency with the removal of rpcecho, but was
never enabled in the default smb.conf so is mostly harmless.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11ece30a by Andrew Bartlett at 2023-10-10T14:49:40+00:00
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c3fc865 by Michael Tokarev at 2023-10-10T17:50:00+03:00
New upstream version 4.19.1+dfsg
- - - - -
b5d840f8 by Michael Tokarev at 2023-10-10T17:56:04+03:00
update changelog
- - - - -
8de4cbbd by Michael Tokarev at 2023-10-10T17:57:32+03:00
Update upstream source from tag 'upstream/4.19.1+dfsg'
Update to upstream version '4.19.1+dfsg'
with Debian dir 7f6270a649c15e8d64b08ba93949cf27ec9a795a
- - - - -
d9c2932a by Michael Tokarev at 2023-10-10T18:03:19+03:00
update changelog; upload version 4.19.1+dfsg-1 to unstable
- - - - -
6872b662 by Jule Anger at 2023-10-10T17:05:22+02:00
Merge tag 'samba-4.19.1' into v4-19-stable
samba: tag release samba-4.19.1
- - - - -
fe7adbfc by Jule Anger at 2023-10-10T17:46:38+02:00
Merge branch 'v4-19-stable' into v4-19-test
- - - - -
1fbf08e8 by Andrew Bartlett at 2023-10-10T15:47:04+00:00
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Oct 10 15:47:04 UTC 2023 on atb-devel-224
- - - - -
6d875c29 by Jule Anger at 2023-10-10T17:56:21+02:00
VERSION: Bump version up to Samba 4.19.2...
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
32f65c8c by Michael Tokarev at 2023-10-10T19:03:23+03:00
d/rules: sync with-ceph arch list from d/control
- - - - -
fac54ae6 by Michael Tokarev at 2023-10-10T19:03:44+03:00
update changelog; upload version 4.19.1+dfsg-2 to unstable
- - - - -
964c3642 by Michael Tokarev at 2023-10-10T20:11:52+03:00
d/ctdb.install: sync ceph arch list
- - - - -
95a56bbc by Michael Tokarev at 2023-10-10T20:12:12+03:00
d/control: mention other places where ceph arch list is used
- - - - -
fc66ee05 by Michael Tokarev at 2023-10-10T20:12:47+03:00
update changelog; upload version 4.19.1+dfsg-3 to unstable
- - - - -
14705069 by Martin Schwenke at 2023-10-10T17:42:25+00:00
ctdb-daemon: Call setproctitle_init()
Commit 19c82c19c009eefe975ae95c8b709fc93f5f4c39 changed the behaviour
of prctl_set_comment() so it now calls setproctitle(3bsd) by default.
In some Linux distributions (e.g. Rocky Linux 8.8), this results in
messages like this spamming the logs:
ctdbd: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
Most Samba daemons seem to call setproctitle_init(), so do it here.
In the longer term CTDB should also switch to using lib/util's
process_set_title(), like the rest of Samba, for more flexible process
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15479
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Sep 21 00:46:50 UTC 2023 on atb-devel-224
(cherry picked from commit 8b9f464420b66cebaf00654cf8b19165b301b8b6)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Oct 10 17:42:25 UTC 2023 on atb-devel-224
- - - - -
9fc70e18 by Michael Tokarev at 2023-10-10T21:32:41+03:00
d/samba-common.postinst: restore installing of smb.conf using ucf
- - - - -
fa656aee by Michael Tokarev at 2023-10-10T22:33:49+03:00
update changelog; upload version 4.19.1+dfsg-4 to unstable
- - - - -
817f68e4 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Expand IS_DOS_* macros
To me these macros hide more than they clarify. In a lot of places we
already directly check for these flags without those macros. Unify
that.
Also, check for the dosmode bits first, lp_map_* is a bit more effort
to evaluate.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
226a7c7b by Volker Lendecke at 2023-10-10T23:23:40+00:00
libsmb: Expand IS_DOS_* macros
To me these macros hide more than they clarify.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28295775 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Expand IS_DOS_ARCHIVE() macros
Together with the "dosmode | FILE_ATTRIBUTE_ARCHIVE" a line below this
is more obvious to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29895176 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Expand IS_DOS_READONLY() macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c23d336c by Volker Lendecke at 2023-10-10T23:23:40+00:00
examples: Expand IS_DOS_DIR() macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b48d7a8e by Volker Lendecke at 2023-10-10T23:23:40+00:00
libsmb: Expand IS_DOS_DIR() macro
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8cd296e4 by Volker Lendecke at 2023-10-10T23:23:40+00:00
Remove IS_DOS_*() macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
770f279a by Volker Lendecke at 2023-10-10T23:23:40+00:00
pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw()
This is easier to read to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7bc1fa70 by Volker Lendecke at 2023-10-10T23:23:40+00:00
lsa_srv4: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2e5ae1e by Volker Lendecke at 2023-10-10T23:23:40+00:00
dsdb: Slightly simplify dsdb_trust_get_incoming_passwords()
Use talloc_memdup() instead of a manual copy.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
768990ec by Volker Lendecke at 2023-10-10T23:23:40+00:00
rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper()
Use a switch/case statement instead of a if/else chain. Easier to read
to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be1cf356 by Volker Lendecke at 2023-10-10T23:23:40+00:00
rpc_server3: Remove a duplicate comment
Review with "git sh -U20"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
446ae3f8 by Volker Lendecke at 2023-10-10T23:23:40+00:00
rpc_server3: Avoid a pointless DEBUGADD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b38cd8e by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Avoid casts in a DBG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7f5267c by Volker Lendecke at 2023-10-10T23:23:40+00:00
libsmb: Remove unused smb2_create_blob_remove()
Trivial to re-add if needed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8570f73 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Reduce indentation, remove a nested if-statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94dcbed3 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Modernize two DBG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99789537 by Volker Lendecke at 2023-10-10T23:23:40+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4a05fc1 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5130ade6 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT()
Use the dirfsp when we have it available
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8dd943c by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: Remove a pointless NULL check
boolean short-circuiting already gives us this condition.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a77c6b59 by Volker Lendecke at 2023-10-10T23:23:40+00:00
smbd: is_in_path() deals with a NULL namelist
Don't need to check in the callers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ad84c70 by Volker Lendecke at 2023-10-10T23:23:40+00:00
libcli: Convert security_token_debug_privileges() to talloc_asprintf
Reduces the number of DEBUGADD calls which leads to messed debug logs
between processes.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
09c787c3 by Volker Lendecke at 2023-10-10T23:23:40+00:00
libcli: Make security_token_debug() use just one DEBUG statement
This avoids messing up the debug logs when multiple processes are
writing into the same file.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6071220f by Volker Lendecke at 2023-10-11T00:24:58+00:00
libcli: Make debug_unix_user_token() use just one DEBUG statement
This avoids messing up the debug logs when multiple processes are
writing into the same file.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 11 00:24:58 UTC 2023 on atb-devel-224
- - - - -
94462dfa by Ralph Boehme at 2023-10-11T11:47:44+00:00
s4:torture/smb2: fix typo in acls.c
This fixes the failing samba-codecheck CI job and is not part of the functional
security fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d60af10e by Stefan Metzmacher at 2023-10-11T11:47:44+00:00
.codespellignore: adjust in order to pass on ubuntu 22.04
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9a3c558a by Stefan Metzmacher at 2023-10-11T11:47:44+00:00
bootstrap: install codespell, shfmt and shellcheck also on debian/ubuntu
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10a4a977 by Stefan Metzmacher at 2023-10-11T12:52:57+00:00
gitlab-ci: run samba-codecheck on ubuntu22.04
There's no reason to run it on fedora38
and it makes sure autobuild and gitlab-ci use the same.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 11 12:52:57 UTC 2023 on atb-devel-224
- - - - -
928ce91e by Pavel Filipenský at 2023-10-11T15:37:28+00:00
s3:winbindd: Skip check_negative_conn_cache() if saf_servername == NULL
saf_servername can be NULL even after calling saf_fetch(). Avoid
calling check_negative_conn_cache() like it was before commit 0fcf0012
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
027332ce by Pavel Filipenský at 2023-10-11T16:42:15+00:00
s3:winbindd: Call winbind_add_failed_connection_entry() for the correct dc name
We were calling winbind_add_failed_connection_entry() for saf_servername
which is NULL. domain->dcname should be used instead.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Oct 11 16:42:15 UTC 2023 on atb-devel-224
- - - - -
edc451ab by Michael Tokarev at 2023-10-12T14:45:10+03:00
d/samba-common.maintscript: remove obsolete /etc/dhcp/dhclient-enter-hooks.d/samba conffile (#1053780)
- - - - -
8de01c31 by Volker Lendecke at 2023-10-12T16:55:34+00:00
smbclient: Always ask for SMB311 posix in negprot
This does not mean that we're actually using it (yet). We just probe
whether the server is willing to do it.
Enable the posix cli command for smb311 posix extensions.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77001b25 by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmb: Ask for posix semantics if requested
This is so far only for the getattr-style smb311 calls to request
case-sensitive semantics when "posix" was requested over smb311.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
214eef0f by Volker Lendecke at 2023-10-12T16:55:34+00:00
examples: Print file type as part of teststat
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30f4129e by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmb: Add placeholder "mode" parameter to cli_qpathinfo2()
Unused so far: Patch stripped out to not clutter the real patches that
follow.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4c44b6e1 by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmb: Query reparse tag in cli_qpathinfo2
Convert what we find to a file type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e3856ec by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmb: Parse reparse tag in query_directory response
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
feb78035 by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmbclient: Add smbc_[gs]etOptionPosixExtensions()
This is an obvious part of MR2888, not used anywhere yet. It will
eventually result in us requesting SMB311 posix semantics, but for now
it will just allow to change behaviour of libsmbclient that could
break unsuspecting applications.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6a4413c6 by Volker Lendecke at 2023-10-12T16:55:34+00:00
libsmbclient: Read the file type from the server with posix enabled
This does not really request posix extensions, but it depends on them
being activated because it changes behaviour.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
051492c1 by Volker Lendecke at 2023-10-12T16:55:34+00:00
examples: Enable posix for teststat
Show that we can properly detect non-regular files created by the
Windows NFS server. Tested manually against Windows 2022.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b9b7f70 by Volker Lendecke at 2023-10-12T17:51:44+00:00
libsmb: Use cli_smb2_qpathinfo_send() for SMB_QUERY_FILE_ALT_NAME_INFO
Remove one sync-only wrapper
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 12 17:51:44 UTC 2023 on atb-devel-224
- - - - -
704c71da by Joseph Sutton at 2023-10-12T23:13:32+00:00
libcli/security: Initialize conditional ACE token
If the ‘flags’ member is not initialized, we invoke undefined behaviour
when trying to push or evaluate the parsed conditional ACE.
One way this issue can manifest is in the mysterious failure of Unicode
comparisons owing to the CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE
flag being set when it shouldn’t.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7323d70 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_from_db() to ‘entry’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f03b14f8 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename ‘user_info_dc’ parameter of samba_kdc_get_user_info_from_db() to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c464743 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_dc() to ‘entry’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce7c543f by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename ‘user_info_dc_out’ parameter of samba_kdc_get_user_info_dc() to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96ab35bb by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Add ‘msg’ parameter to samba_kdc_get_user_info_dc()
We want to call this function from more places. But some potential
callers, found in db-glue.c, have only a partially‐initialized
‘samba_kdc_entry’ structure, without the crucial ‘msg’ member. These
callers need to be able to pass in the ldb message as a separate
parameter.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a61dc6c by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_get_user_info_dc()
The latter function behaves identically, except that it makes a shallow
copy of the returned structure, thus avoiding lifetime issues.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c35d1fe5 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Inline samba_kdc_get_user_info_from_db() into its only caller
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64326818 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename samba_kdc_get_user_info_dc() to samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d51c505d by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename samba_kdc_entry::user_info_dc to samba_kdc_entry::info_from_db
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54cd2af2 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Pass Kerberos context into samba_kdc_get_device_info_blob()
We shall need it in order to produce an error string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a57d973d by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Modify samba_kdc_get_user_info_from_db() to return a Kerberos error code
instead of an NT status code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16cb8c47 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Make boolean members into bit‐fields
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29c23053 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Add ‘samdb’ parameter to samba_kdc_verify_pac()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b518817 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Add ‘samdb’ parameter to samba_kdc_get_device_info_blob()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
024d8cf5 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Pass ‘samdb’ into samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d02f37b4 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename local variable ‘user_info_dc’ to ‘info’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ed6d11e by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Check parameters of samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5706230 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Initialize out parameter of samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c559e992 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Introduce intermediate variable ‘resource_groups’
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30459085 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ee08114 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename parameter ‘user_info_dc_out’ to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
453bb84e by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename variable ‘user_info_dc’ to ‘info’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
02daf011 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Split samba_kdc_get_user_info_from_pac() out of samba_kdc_obtain_user_info_dc()
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
886bbcdc by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Remove common out path from samba_kdc_obtain_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2bb86bc by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Simplify memory management with talloc stackframe
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7ed1b53 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Check parameters of samba_kdc_get_user_info_from_pac()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f6e6a3c by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Make ‘resource_groups_out’ parameter const
The caller shouldn’t need to modify this.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30cfa9b7 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Pass resource groups parameter only if we are creating a TGT
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
300459e8 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Pass AUTH_EXCLUDE_RESOURCE_GROUPS into samba_kdc_obtain_user_info_dc()
As the ‘group_inclusion’ parameter has an effect only if the
‘resource_groups_out’ parameter is non‐NULL, this does not result in a
change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f3a8ae8 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Remove ‘group_inclusion’ parameter from samba_kdc_obtain_user_info_dc()
It could be equal only to AUTH_EXCLUDE_RESOURCE_GROUPS.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7765d13 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Label ‘resource_groups_out’ parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19b1e31e by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Always fetch resource groups
No behaviour change, and if the caller doesn’t need the resource groups
after all, the cost incurred is little more than the allocation of a
couple of dozen bytes of memory.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37321e6f by Andrew Bartlett at 2023-10-12T23:13:32+00:00
s4-kdc: Do not modify the returned user_info_dc from samba_kdc_get_user_info_dc()
We have the duplicated shallow copy in each caller so that the caller is
clear on what memory can be changed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9937c1c5 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Cache user info and resource groups from PACs
When authentication policies are implemented, we shall need to fetch
SIDs (and claims) from the PACs of users and devices repeatedly — not
just when first looking up a user, but every time a policy needs to be
evaluated.
This will likely be more efficient if we can cache this information,
removing the need to derive it more than once.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72b26d56 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename samba_kdc_obtain_user_info_dc() to samba_kdc_get_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3953e18 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Declare ‘auth_entry’ to be of type ‘samba_kdc_entry_pac’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e5aba62 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims
Having the lifetime of the encoded claims be tied in a predictable
fashion to a caller‐controlled memory context is less prone to error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e09bf1bc by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:auth: Explicitly initialize claims structures
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2462dacc by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Add functions to fetch claims from the DB or from the PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98597115 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data functions
The chief advantage of these functions is that the claims got from the
database are retained in the ‘samba_kdc_entry’ object, allowing them to
be reused should they be needed later during the same request.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e3c3479 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Remove unused function get_claims_blob_for_principal()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6228267c by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Create the Requester SID blob only if we actually need it
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65a6676c by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Simplify samba_kdc_check_device() by calling samba_kdc_get_user_info_dc()
The latter function accomplishes most of what we were doing ourselves.
No intended change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d3d6f9b by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Note use of parent memory context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5ebe74e by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Simplify creation of device claims blob
Let samba_kdc_get_claims_data() and claims_data_encoded_claims_set()
handle the work for us.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b15ef257 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Introduce helper variable ‘server_restrictions_present’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0038cc05 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_add_claims_valid()
It’s only ever equal to SAMBA_CLAIMS_VALID_INCLUDE.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d2424a2 by Andrew Bartlett at 2023-10-12T23:13:32+00:00
s4:kdc: Change the type of ‘compounded_auth’ to boolean
View with ‘git show -b’.
This allows us to make the call to authsam_shallow_copy_user_info_dc()
and samba_kdc_add_compounded_auth() only if required.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
981411ba by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_add_compounded_auth()
It’s only ever equal to SAMBA_COMPOUNDED_AUTH_INCLUDE.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3199a815 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Make samba_kdc_add_compounded_auth() static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43cce1d1 by Joseph Sutton at 2023-10-12T23:13:32+00:00
tests/krb5: Correctly test services that do not support Compound Identity
These two tests now pass against Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
407a979b by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Do not perform compound authentication for services without Compound Identity support
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
430f7a89 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Fetch device claims for server restrictions
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cef5de9 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7336fbb2 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use claims and device info to evaluate server authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
608c8d49 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use device claims to evaluate client authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03e3a3a4 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use ‘claims_data’ functions to create client claims blob
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c511c59 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Make samba_kdc_get_user_info_dc() non‐static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09857f86 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use claims and device info to evaluate server authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3280893a by Joseph Sutton at 2023-10-12T23:13:32+00:00
third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))
The issue here is that only the size of the pointer, not the size
of the struture was allocated with calloc().
This means that the malloc() for the freshness token bytes would
have the memory address written beyond the end of the allocated memory.
Additionally, the allocation was not free()ed, resulting in a memory
leak. This means that a user could trigger ongoing memory allocation
in the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15491
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
204b1f0c by Andrew Bartlett at 2023-10-12T23:13:32+00:00
third_party/heimdal: import lorikeet-heimdal-202310092248 (commit cd12cddd8058d9fe627b5b203e471b8d761dcfbb)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
390be7d3 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Adapt interface to new Heimdal revision
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b13701ac by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Factor creation of user_info_dc out of samba_kdc_check_s4u2proxy_rbcd() into its callers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c02e9ac by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Add comment regarding RODC‐issued evidence tickets for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
310c537f by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Call samba_kdc_get_user_info_dc() to get client information
Among other things, this function can deal with RODC‐issued PACs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51d516cc by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Rename ‘user_info_dc’ to ‘client_info’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b4dbaec by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7064f6f by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use device info to evaluate RBCD conditions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b19a707 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:kdc: Use claims to evaluate RBCD conditions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0ef3b42 by Joseph Sutton at 2023-10-12T23:13:32+00:00
s4:dsdb: Skip allocation of empty device SIDs array
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2d96f5e by Joseph Sutton at 2023-10-13T00:11:08+00:00
s4:kdc: Always regard device info when checking a server authentication policy
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 13 00:11:08 UTC 2023 on atb-devel-224
- - - - -
03ca8c25 by Joseph Sutton at 2023-10-13T02:18:30+00:00
lib:compression: Correctly fix sign extension of long matches (CID 1517275)
Commit 6b4d94c9877ec59081b9da946c00fa2647cad928 was a previous attempt
to fix this issue.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe86989f by Joseph Sutton at 2023-10-13T02:18:30+00:00
lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f4aa350 by Joseph Sutton at 2023-10-13T02:18:30+00:00
lib:replace: Properly check result of write() and read() (CID 1034925)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
757cd49b by Joseph Sutton at 2023-10-13T02:18:30+00:00
tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
700754b0 by Joseph Sutton at 2023-10-13T02:18:31+00:00
util: Remove redundant assertion (CID 1497841)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86f8cde6 by Joseph Sutton at 2023-10-13T02:18:31+00:00
lib:util: Remove always‐false comparison (CID 242193)
‘id’ is an unsigned variable, and so it can never be less than zero.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b28a268b by Joseph Sutton at 2023-10-13T02:18:31+00:00
smbXcli: Remove unreachable code (CID 1444978)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3179fc2a by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:client: Correctly call setgroups() (CID 1449449)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7eb47179 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72817708 by Joseph Sutton at 2023-10-13T02:18:31+00:00
Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL"
Fixes CID 1547073: Control flow issues (DEADCODE).
This reverts commit 184a48d65772f359bd81f83256daada8c9e500b3.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c2d2f83 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:libnet: Remove always‐false comparison (CID 241309)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d53483a5 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:libsmb: Fix array traversal (CID 1034683)
Commit 033185e2a1b2892fe8dc74a18a38e5e13e08cb22 changed the sentinel
value to an empty character array, but failed to update the traversal
code to match.
Commit 48a453996ac161d7c7a7cb15a047e57cbdbb1e87 then tried to fix the
situation, but did not do so correctly.
Fix this code by forgetting about sentinel values altogether.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86b0755a by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:modules: Remove unreachable code (CID 1508998)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c30aa741 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:modules: Initialize mask_permset (CID 1435850)
If this code had ever run, sys_acl_clear_perms() would have attempted to
write to some random address in memory. ‘mask_permset’ must be a valid
non‐NULL pointer.
Commit 9b79d5f2a2f8af75ef13bdc41d2dc296e19ba098 seems to have been a
previous attempt to fix this issue.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67b2dc72 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:nmbd: Remove redundant code (CID 1414756)
‘buf’ is reassigned a few lines down.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e4d4e6a by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbf96126 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:smbd: Avoid integer overflow (CID 1035487)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68fb12cb by Joseph Sutton at 2023-10-13T02:18:31+00:00
Revert "smbd: Fix CID 1504457 Resource leak"
We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter
both construct_reply_chain() and smb_request_done() pass arrays of
automatic storage duration!
Fixes CID 1505354.
This reverts commit a395f752f0748751d4ade533c41066903f26c2dd.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7774ca87 by Joseph Sutton at 2023-10-13T02:18:31+00:00
smb2_server: Remove unreachable code (CID 1444981)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7eaad46f by Joseph Sutton at 2023-10-13T02:18:31+00:00
smb2_server: Check status codes (CID 1474441)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59e16873 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:utils: Avoid integer overflow (CID 1035488)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac00851f by Joseph Sutton at 2023-10-13T02:18:31+00:00
s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79a9a07c by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:auth: Fix resource leak (CID 1107222)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa68f261 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:auth: Remove event context on failure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3b1aa63 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dns_server: Merge similar code paths
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ad4dd92 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0db0ff2 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875)
Commit 6baf7608dfc3517cb3798fc53db849f49c6d157a added a NULL check in
one place, but not everywhere ‘p’ was dereferenced.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61037a85 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Permit forward link to be missing in linked_attributes_fix_forward_link()
We don’t care if a forward link is missing from an object being renamed
during the deletion process.
Nothing yet checks the value returned from this function, so there
should be no change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e8c3860 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Check return code (CID 1444824/1444844)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cf9f43e by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Remove unreachable code (CID 1034686)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b098eb82 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Fix unreachable code (CID 1435967)
Commit ede668e8e24c86f0836dfa5740e76d8aca1e0824 removed this condition
for some unexplained reason, causing the following code to become
unreachable.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4042e88 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1272827)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea561fea by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738)
A ‘continue’ statement creates the misleading impression that this loop
executes more than once.
This also avoids ‘mem_ctx’ being leaked.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b60604b1 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Log correct ldb error
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
244440d1 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:dsdb: Don’t overwrite existing error code (CID 1445263)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
077a7e41 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:libcli: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61534dd2 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:libcli: Check return value of convert_string_talloc() (CID 1272839)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c65411ea by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:messaging: Remove redundant code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bb18ece by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:ntvfs: Remove unneeded NULL check (CID 240771)
We’ve already dereferenced ‘pending’ in the init‐clause of the loop, and
won’t reassign it during the loop.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bea908cf by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:ntvfs: Remove dead code path
‘pending’ will never be NULL.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2daa356 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:ntvfs: Correctly acknowledge PVFS_FLAG_STRICT_SYNC flag (CID 241154)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca2a97b7 by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:rpc_server: Check mkdir() return value (CID 1034649)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
240b082d by Joseph Sutton at 2023-10-13T02:18:31+00:00
s4:rpc_server: Check return values of gnutls functions (CID 1452111)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f3f6530 by Günther Deschner at 2023-10-13T02:18:31+00:00
s3-iremotewinspool: add PAR->RPRN mapping table
There is no 1:1 mapping between the opcodes but between the functions
(including _Ex and _2 naming extensions):
e.g.
winspool_AsyncOpenPrinter (0x00) -> spoolss_OpenPrinterEx (0x45)
winspool_AsyncClosePrinter (0x14) -> spoolss_ClosePrinter (0x1d)
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7a4c868 by Günther Deschner at 2023-10-13T02:18:31+00:00
s3-iremotewinspool: properly map incoming PAR to RPRN requests.
Map the incoming iremotewinspool opnum to match the appropriate call in
the spoolss server in the pull path.
There is no 1:1 mapping in the opnums between the procols, only in the
corresponding functions.
Without doing the mapping we currently forward
e.g. winspool_AsyncOpenPrinter() to spoolss_EnumPrinters() leading to
all sorts of errors.
A correct mapping was in place earlier with an handsorted server call
table but it got removed with the rpc server rewrite.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6b07d42 by Günther Deschner at 2023-10-13T02:18:31+00:00
s4-torture: add testcase to iremotewinspool suite to explore object_uuid handling
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e05c8340 by Günther Deschner at 2023-10-13T02:18:31+00:00
s3-iremotewinspool: check for correct object_uuid in dispatch fn.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
afb33566 by Günther Deschner at 2023-10-13T03:19:59+00:00
s4-torture: add another test to demonstrate identical functions
Create a spoolss_EnumPrinters request and send it to both endpoints and
verify they deliver identical replies.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 13 03:19:59 UTC 2023 on atb-devel-224
- - - - -
2870ef95 by Joseph Sutton at 2023-10-13T03:50:31+00:00
buildtools: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f3d49ed by Joseph Sutton at 2023-10-13T03:50:31+00:00
examples: Don’t use deprecated method ‘has_key()’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
876ee3fb by Joseph Sutton at 2023-10-13T03:50:31+00:00
examples: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c89c588 by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:colour: Fix exception message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08dbb35e by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:subunit: Use now() instead of utcnow()
utcnow() is deprecated and will be removed in a future version of Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2fa838d4 by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Use assertEqual() instead of assertEquals()
assertEquals() was removed in Python 3.12.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2196545 by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Fix exception message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed97b15f by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7efe6b0a by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Correct search expression
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af61444d by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7009e2a by Joseph Sutton at 2023-10-13T03:50:31+00:00
python:tests: Use now() instead of utcnow()
utcnow() is deprecated and will be removed in a future version of Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f5833cb by Joseph Sutton at 2023-10-13T03:50:31+00:00
tests/krb5: Use assertEqual() instead of assertEquals()
assertEquals() was removed in Python 3.12.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a4ec25b by Joseph Sutton at 2023-10-13T03:50:31+00:00
tests/krb5: Fix assertion messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39a4d27a by Joseph Sutton at 2023-10-13T03:50:31+00:00
s3:script: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
079306cf by Joseph Sutton at 2023-10-13T03:50:31+00:00
s4:dsdb:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1513a459 by Joseph Sutton at 2023-10-13T03:50:31+00:00
s4:dsdb:tests: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb77f36f by Joseph Sutton at 2023-10-13T03:50:31+00:00
s4:dsdb:tests: Fix assertion messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e3a8589 by Joseph Sutton at 2023-10-13T03:50:31+00:00
s4:dsdb:tests: Use loadTestsFromTestCase() instead of makeSuite()
makeSuite() is deprecated and will be removed in Python 3.13.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44958f36 by Joseph Sutton at 2023-10-13T03:50:31+00:00
s4:torture: Use assertEqual() instead of assertEquals()
assertEquals() was removed in Python 3.12.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f70da66 by Joseph Sutton at 2023-10-13T03:50:31+00:00
selftest: Use now() instead of utcnow()
utcnow() is deprecated and will be removed in a future version of Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d895c98c by Joseph Sutton at 2023-10-13T04:55:06+00:00
wintest: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 13 04:55:06 UTC 2023 on atb-devel-224
- - - - -
30d22631 by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: introduce DLIST_DEMOTE_SHORT()
It turns out that the overhead of DLIST_DEMOTE() implemented
as DLIST_REMOVE();DLIST_ADD_END(), is very high if the list
contains only 1 or 2 elements.
The next commits will make use of DLIST_DEMOTE_SHORT() for
multiplexing multiple tevent_fd structures for a single fd
and the most important and common case is a list with just
one element.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4fe39d9e by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7672a29f by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
95d6600a by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: split out a tevent_common_fd_disarm() helper
It means tevent_trace_fd_callback(TEVENT_EVENT_TRACE_DETACH)
is always called and similar future changes are only
needed in one place.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b328e990 by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: add tevent_common_fd_mpx infrastructure
Backends may require to map individual tevent_fd instances to
a single low level kernel state (e.g. for epoll).
This generic infrastructure adds helper functions using
a generic (sub)part of struct tevent_fd.
The new code will allow us to support more than 2 tevent_fd
instances per fd, which makes sure all backends can provide
a similar behavior. This will be important when we add
TEVENT_FD_ERROR as a 3rd kind of fd event.
The aim is to use this in order to replace the limited implementation
we already have in tevent_epoll.c.
As these helpers are typically called from within
'void tevent_fd_set_flags(struct tevent_fd *fde, uint16_t flags)'
there's no way to report errors. So in order avoid additional
error handling complexity the helpers try to avoid
any allocations which may fail. It also means the logic in
tevent_epoll.c doesn't have to change much.
These are implemented as static line functions in order to avoid
the function call overhead, which showed up in profiles of the
early implementation.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28bf51fc by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: let tevent_epoll.c use new generic mpx infrastructure
This allows any number of event handlers per low level fd.
It means the epoll backend behaves like the poll backend now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a76056fa by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: add test_fd_speed3
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
55f25eb3 by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: add test_event_fd3
The tests the interaction of multiple event handlers on
the same low level fd.
It shows that poll and epoll backends behave in the
same fair way.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
407cda2f by Stefan Metzmacher at 2023-10-13T09:49:33+00:00
tevent: add support for TEVENT_FD_ERROR
After 12 years we finally got TEVENT_FD_ERROR support :-)
TEVENT_FD_WRITE event handlers never get errors reported
instead the event handler is silently disabled.
There are likely callers relying on that behavior, so
we are not able to chance it.
Now TEVENT_FD_WRITE can be used together with TEVENT_FD_ERROR
in order to get errors reported without waiting for TEVENT_FD_READ.
TEVENT_FD_ERROR can also be used alone in order to detect errors
on sockets in order to cleanup resources.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
acd9248b by Stefan Metzmacher at 2023-10-13T10:45:51+00:00
tevent: version 0.16.0
- the epoll backend is no longer limited to 2 event handlers
per low level fd.
- finally add support for TEVENT_FD_ERROR
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 13 10:45:51 UTC 2023 on atb-devel-224
- - - - -
42d03da3 by David Mulder at 2023-10-16T00:59:32+00:00
gpupdate: Test Drive Maps Client Side Extension
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b76e184c by David Mulder at 2023-10-16T00:59:32+00:00
gpdupate: Implement Drive Maps Client Side Extension
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e862bd3 by Oleg Kravtsov at 2023-10-16T02:01:17+00:00
s4/torture: fix exit status of raw.bench-lookup
Use correct value of 'result' when the test passes.
Signed-off-by: Oleg Kravtsov <oleg at tuxera.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Oct 16 02:01:17 UTC 2023 on atb-devel-224
- - - - -
f0da8219 by Joseph Sutton at 2023-10-16T08:28:32+00:00
CVE-2023-5568 third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))
The issue here is that only the size of the pointer, not the size
of the struture was allocated with calloc().
This means that the malloc() for the freshness token bytes would
have the memory address written beyond the end of the allocated memory.
Additionally, the allocation was not free()ed, resulting in a memory
leak. This means that a user could trigger ongoing memory allocation
in the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15491
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3280893ae80507e36653a0c7da03c82b88ece30b)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Oct 16 08:28:32 UTC 2023 on atb-devel-224
- - - - -
7d9af74c by Jule Anger at 2023-10-16T15:41:13+02:00
WHATSNEW: Add release notes for Samba 4.19.2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
5b54d9e2 by Jule Anger at 2023-10-16T15:41:42+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
29172899 by Jule Anger at 2023-10-16T15:41:56+02:00
VERSION: Bump version up to Samba 4.19.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3be190dc by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c329a0f by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f8b15fa by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the CN=Deleted Objects container
This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
498542be by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70586061 by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97e4aab1 by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c99fe118 by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbb8145d by Stefan Metzmacher at 2023-10-16T14:39:33+00:00
third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))
This allows HDB backends to do special handling for
User2User TGS-REQs. The main reason is to let
the HDB_F_GET_SERVER lookup to succeed even for
non-computer accounts. In Samba these are typically
not returned in HDB_F_GET_SERVER in order to avoid
generating tickets with the user password.
But for User2User the account password is not used,
so it is safe to return the server entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adapted to be an import from lorikeet-heimdal as requested]
- - - - -
7758b7d9 by Michael Tokarev at 2023-10-16T18:20:38+03:00
New upstream version 4.19.2+dfsg
- - - - -
43601ea2 by Michael Tokarev at 2023-10-16T18:21:12+03:00
Update upstream source from tag 'upstream/4.19.2+dfsg'
Update to upstream version '4.19.2+dfsg'
with Debian dir 06fc2f0b2dfb57251d22722879bd707e7fd257d7
- - - - -
0610d767 by Michael Tokarev at 2023-10-16T18:26:35+03:00
update changelog; upload version 4.19.2+dfsg-1 to unstable
- - - - -
bf79979f by Stefan Metzmacher at 2023-10-16T15:38:12+00:00
s4:kdc: fix user2user tgs-requests for normal user accounts
User2User tgs requests use the session key of the additional
ticket instead of the long term keys based on the password.
In addition User2User also asserts that client and server
are the same account (cecked based on the sid).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Oct 16 15:38:12 UTC 2023 on atb-devel-224
- - - - -
219179d5 by Michael Tokarev at 2023-10-16T19:07:08+03:00
d/changelog: remove trailing whitespace and double-word
- - - - -
ec23abfe by Joseph Sutton at 2023-10-17T03:19:38+00:00
buildtools: Don’t call normpath() repeatedly
A non‐negligible fraction of the build process — especially for
incremental builds — is spent calling normpath() over and over again.
Make builds faster by not doing that.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35c7061f by Joseph Sutton at 2023-10-17T03:19:38+00:00
buildtools: Correctly raise exception
This avoids errors like the following:
‘RuntimeError: No active exception to reraise’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5b8b16a by Joseph Sutton at 2023-10-17T03:19:38+00:00
tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD
If we’re verifying that a ticket was permitted to be issued by an RODC,
and not trusting the group SIDs in the ticket, is there any reason to
ban its use with RBCD?
A client with a ticket issued by an RODC that happens to select a DC to
direct an RBCD request at should not have the request mysteriously fail.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52ea4805 by Joseph Sutton at 2023-10-17T03:19:38+00:00
tests/krb5: Expect a status code with policy errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8a18686 by Joseph Sutton at 2023-10-17T03:19:38+00:00
tests/krb5: Fix tests that crash Windows
Expect an actual error code or an outcome, not CRASHES_WINDOWS.
I don’t know which error codes Windows might be expected to produce, so
I’ve chosen some that seem plausible.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1712449a by Joseph Sutton at 2023-10-17T03:19:38+00:00
tests/krb5: Don’t expect groups if we’re expecting an error
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c15a9af8 by Joseph Sutton at 2023-10-17T03:19:38+00:00
tests/krb5: Fix ASN.1 source
It currently fails to compile.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7b4c7ca by Joseph Sutton at 2023-10-17T03:19:38+00:00
s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1449667)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fcace58 by Joseph Sutton at 2023-10-17T03:19:38+00:00
s4:kdc: Make ‘struct user_info_dc’ members const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7405a8fa by Joseph Sutton at 2023-10-17T03:19:38+00:00
s4:kdc: Explicitly initialize SDBFlags structures
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53ff61bb by Joseph Sutton at 2023-10-17T03:19:38+00:00
s4:kdc: Remove unused function int2SDBFlags()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2ace2d6 by Christof Schmitt at 2023-10-17T03:19:38+00:00
build: Add 'make printversion' to provide version string
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497
Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31062950 by Michael Adam at 2023-10-17T04:16:29+00:00
gitignore: add WAF lockfile
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 17 04:16:29 UTC 2023 on atb-devel-224
- - - - -
8a97538c by Pavel Filipenský at 2023-10-17T18:23:32+00:00
s3:tests: The correct name of shell variable is 'samba_smbspool_krb5'
There is no shell variable named 'smbspool_krb5'.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f107f2f by Pavel Filipenský at 2023-10-17T18:23:32+00:00
s3:tests: Add smbspool test using kerberos authentication: test_smbspool_krb.sh
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
237b6fc3 by Pavel Filipenský at 2023-10-17T19:19:32+00:00
s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Oct 17 19:19:32 UTC 2023 on atb-devel-224
- - - - -
09daeba6 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
libcli/util: let win_errstr() fallback to hresult_errstr()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a290dcb by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a38f58ac by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6cb12d39 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f51379d by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d0a5b3a by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ba5016e by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d73b1e0 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae38cfe6 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
This means the rpc_worker_main() logic is the only layer that
needs to call exit() and its able to do some cleanup before.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f35baa4e by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
This mostly matches windows now...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94723b67 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: call reopen_logs before we print the copyright notice
This matches what we do in smbd, winbindd and nmbd.
For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.
We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4bdab65 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
rpc_host.idl: change server_index from uint8 to uint32
This reflects what we're using in the C code already...
Note this is an incompatible change, but we also changed
from named_pipe_auth_req_info7 to named_pipe_auth_req_info8
in master...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb8cf371 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: correctly allow up to 65536 workers processes
We already limit the per worker portion of the association
group id to UINT16_MAX, so we can also use 16-bit instead
of just 8-bit to encode the worker index.
While there we should actually ensure that the max worker
index is UINT16_MAX.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd2cb491 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: simplify rpc_host_find_worker()
This will help me in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2c2c2f43 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: improve debugging in rpc_host_distribute_clients()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40e780ad by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
dcesrv_core: maintain the number of allocated association groups per dce_ctx
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8b76235 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: distribute clients based on available association group slots
The important factor to distribute connection to workers
should be the number of used association group slots instead
of the raw number of connections. If one worker has a lot of
association groups with just one connection each, but another
with few association groups, but multiple connections per
association group. The one with less association groups should
get the connection. Note each worker is only able to allocate
UINT16_MAX allocation groups, but the number of connections
is only limited by RAM.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a697820 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax
This allows specific services to use ndr64.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8eae782 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27d11803 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/echo: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eaf3654d by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/common: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8809994 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/lsa: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06c12033 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/netlogon: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
403bceef by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/remote: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac392c35 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s3:rpc_server: let create_policy_hnd() return a pointer
This allows a TALLOC_FREE() on it to unregister and destroy the
handle easily.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1058382d by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
This handles the full syntax with split major and minor version,
from lhs and rhs.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a7a38b8 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfdb8736 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server: simplify logic in dcesrv_epm_Map matching
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53e4fe64 by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
This already checks for EPM_PROTOCOL_UUID and simplifies the logic.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ec5496d by Stefan Metzmacher at 2023-10-17T19:20:38+00:00
s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
This matches it much easier to understand.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6d0df78 by Andreas Schneider at 2023-10-17T19:20:38+00:00
s4:torture: Increase multichannel timeout
This avoid running into timeouts on Gitlab CI.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f392fdfd by MikeLiu at 2023-10-17T20:22:18+00:00
shadow_copy2: Add missing TALLOC_FREE
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 17 20:22:18 UTC 2023 on atb-devel-224
- - - - -
21bb84ed by Pavel Filipenský at 2023-10-18T14:43:37+00:00
s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6063f3ee by Pavel Filipenský at 2023-10-18T14:43:37+00:00
s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5f7a834e by Pavel Filipenský at 2023-10-18T14:43:37+00:00
s3:libsmb: Improve logging for failover scenarios
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
14600a31 by Pavel Filipenský at 2023-10-18T15:47:09+00:00
s3:libads: Improve logging for failover scenarios
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224
- - - - -
52fd0d79 by Ralph Boehme at 2023-10-18T16:46:00+00:00
smbd: put back code to fill in user and group SID
This is accidentally removed by 6874ed6a9defdf6f842e1e25f1ffd95708534ca6.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Oct 18 16:46:00 UTC 2023 on atb-devel-224
- - - - -
cf30ddb5 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:torture: Check return values of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07ec3457 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:torture: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29176807 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:torture: Check return values of gnutls functions (CID 1547212)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
879e7a3c by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Remove marker
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcdc0101 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc475b2e by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Add ‘expect_edata’ parameter to _user2user()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a365f04d by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59f70522 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Correctly pass arguments to _modify_tgt()
We were passing the new realm as the ‘renewable’ parameter!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88d5ae32 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Have _modify_tgt() accept only keyword arguments
to prevent further accidents.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11835ed5 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Update method names to be consistent with other tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f860d1c by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Remove incorrect functional level check
RBCD has no relevance to a method called _tgs().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ddd8ca3 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Move assignments closer to where the variables are used
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
991e8f5a by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Use None for the default values of parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee43eed6 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69db1b58 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Don’t expect edata if no error is expected
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0d32a39 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Make ‘keybytes’ a bytes object rather than a list
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d363c7bf by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Fix DES3CBC random_to_key()
Because ‘keybytes’ is an immutable bytes object, ‘keybytes[7] = …’ has
no hope of working.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
137499ae by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1babf2f by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e48eb621 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Fix RC4‐only Protected Users tests
We forgot to actually use the ‘supported_enctypes’ parameter.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea10d01b by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Remove unreachable exception handlers
‘IOError’ is a subclass of ‘error’, which has already been handled.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ea71c48 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Make ‘services’ parameter required
We use it unconditionally without a check for None.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
053292a7 by Joseph Sutton at 2023-10-19T21:37:36+00:00
tests/krb5: Delete connection variable
This avoids a ‘variable set but unused’ warning.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc7f64ba by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:dsdb: Remove reference to non‐existent code
Commit 498542be0bbf4f26558573c1f87b77b8e3509371 removed the code in
question.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e83dfb6 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:kdc: Always regard device info when the client performs RBCD
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37594035 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:kdc: Use HDB flag constants instead of SDB ones
These flags are passed to us by Heimdal, and so they are HDB flags, not
SDB flags.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d209cdf4 by Joseph Sutton at 2023-10-19T21:37:36+00:00
s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c291514 by Joseph Sutton at 2023-10-19T22:39:19+00:00
s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 19 22:39:19 UTC 2023 on atb-devel-224
- - - - -
318c89b3 by Michael Tokarev at 2023-10-20T16:39:39+03:00
d/samba-common.maintscript: fix version number for dhcp hook removal (#1053780)
- - - - -
427054ab by Stefan Metzmacher at 2023-10-23T08:37:13+00:00
CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
- - - - -
10673100 by Stefan Metzmacher at 2023-10-23T08:37:14+00:00
CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
- - - - -
31e4015b by Stefan Metzmacher at 2023-10-23T08:37:14+00:00
CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the CN=Deleted Objects container
This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
- - - - -
0e657c31 by Stefan Metzmacher at 2023-10-23T08:37:14+00:00
CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
- - - - -
98d0fa6c by Stefan Metzmacher at 2023-10-23T08:37:14+00:00
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
- - - - -
a72c7228 by Stefan Metzmacher at 2023-10-23T08:37:14+00:00
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
- - - - -
7038794e by Pavel Filipenský at 2023-10-23T08:37:14+00:00
s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6063f3ee733348855d6b144091bbdbbe6862494c)
- - - - -
0bb52082 by Pavel Filipenský at 2023-10-23T08:37:14+00:00
s3:libsmb: Improve logging for failover scenarios
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5f7a834effea56d683f76a801924c7125385e534)
- - - - -
8c0f1206 by Pavel Filipenský at 2023-10-23T08:37:14+00:00
s3:libads: Improve logging for failover scenarios
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224
(cherry picked from commit 14600a3128c6b66de4f9291eeec52e34725030c5)
- - - - -
ba252e24 by Pavel Filipenský at 2023-10-23T09:43:03+00:00
s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 21bb84ed1c30b863b4ef17fcebdd79f147142b9f)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Oct 23 09:43:03 UTC 2023 on atb-devel-224
- - - - -
4e8fb970 by Joseph Sutton at 2023-10-24T00:54:31+00:00
tests/krb5: Remove unnecessary target_creds variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f5033a1 by Joseph Sutton at 2023-10-24T00:54:31+00:00
tests/krb5: Work around Samba’s incorrect krbtgt principal handling
These tests fail only because they are using the ‘krbtgt at REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb21ac87 by Joseph Sutton at 2023-10-24T00:54:31+00:00
tests/krb5: Test whether the device belongs to some default groups
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7728a062 by Joseph Sutton at 2023-10-24T00:54:31+00:00
s4:kdc: Make a copy of the device SIDs to be placed in the security token
We shall need to add extra SIDs on the end.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc2f8864 by Joseph Sutton at 2023-10-24T00:54:31+00:00
s4:kdc: Add a flag indicating that the device should be added to the default groups
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c91d1618 by Joseph Sutton at 2023-10-24T00:54:31+00:00
s4:kdc: Add device to default groups for authentication policy evaluation
This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.
It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.
Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eaffadb8 by Joseph Sutton at 2023-10-24T00:54:31+00:00
s4:kdc: Add a flag indicating that the device should be added to Authenticated Users
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
63aeb645 by Joseph Sutton at 2023-10-24T01:59:32+00:00
s4:kdc: Add device to Authenticated Users for authentication policy evaluation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 24 01:59:32 UTC 2023 on atb-devel-224
- - - - -
f8213ec8 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()
These are copies of the static functions in lib/tsocket/tsocket_bsd.c,
which we will replace in the next commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd964e52 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/tsocket: make use of samba_socket_poll_or_sock_error()
This is just a copy of the existing code...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66b25637 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/tsocket: make use of samba_socket_sock_error()
This is nicer than calling getsockopt(state->fd, SOL_SOCKET, SO_ERROR)
directly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21a18a5b by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82aafa4a by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/async_req: let writev_send/recv use TEVENT_FD_ERROR
Unless err_on_readability is true, we use TEVENT_FD_READ only
to detect errors. Now that we have TEVENT_FD_ERROR we should use it.
As a side effect it makes the code much simpler and clearer, as
we can directly map TEVENT_FD_ERROR to EPIPE.
In addition the err_on_readability=true case is now also
clearer, where we just map TEVENT_FD_READ to EPIPE.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22e3a542 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5bedf167 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()
This makes the logic introduced to fix bug #15202 simpler.
While developing this I noticed that a lot of callers
rely on the fact that they can read the pending bytes out
of the recv queue before EOF is reported.
So I changed the code handle TEVENT_FD_ERROR together with
TEVENT_FD_READ in a way that keep the existing callers happy.
In the next step we'll add a way to let callers opt-in in order
to fail immediately if TEVENT_FD_ERROR appears (even if there
are pending bytes remaining in the recv queue).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71e8727b by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
lib/tsocket: add tstream_bsd_fail_readv_first_error()
This gives the caller the option to fail immediately if
TEVENT_FD_ERROR appear even with pending bytes in the
recv queue.
Servers typically want to activate this in order to avoid
pointless work, while clients typically want to read
pending responses from the recv queue.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a47a276 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
s4:kdc: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e897ccd9 by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
341e800d by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9c416ba by Stefan Metzmacher at 2023-10-24T09:36:37+00:00
s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
391ef8ae by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e83b564 by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false)
As a client we want recv pending responses even if the server
already closed the connection.
While tstream_bsd_fail_readv_first_error(false) is the default for
tstream_bsd, the wins replication protocol is special as it has
a way to switch server and client roles on an existing tcp connection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82b2a379 by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e8f2fa9 by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27b2ca7d by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e6f830d by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5201cd0 by Stefan Metzmacher at 2023-10-24T09:36:38+00:00
s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f4f80ed by Stefan Metzmacher at 2023-10-24T10:32:56+00:00
smb2_server: monitor connections with TEVENT_FD_ERROR
By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.
In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224
- - - - -
9267d9b2 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbind: Ensure parse_domain_user() can't write beyond the end of domain[]
fail if we try to write beyond the fstring boundry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15467
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7e1f210b by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2e06bf9f by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: Add new canonicalize_username function
Add a mew canonicalize_username replacement function for
canonicalize_username_fstr which doesn't use fstrings but instead
uses talloc allocated strings
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aa3febfd by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: in winbindd_ccache_save use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
85e8d33a by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
be6ed28f by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d1beafe7 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c6fe21e1 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: remove canonicalize_username_fstr
not longer any callers to canonicalize_username_fstr so it
can be removed
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
87a91908 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: rename parse_domain_user to parse_domain_user_fstr
prepare to port parse_domain_user function to not use fstrings.
rename function parse_domain_user (and all callers) to use
parse_domain_user_fstr
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d4341d48 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: Add new parse_domain_user function
Adds a new parse_domain_user function which doesn't use fstrings
but instead uses talloc allocated out strings (created from passed in
ctx)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f734b1b2 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user
in winbindd_getgroups_send replace parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9d5652ec by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
in winbindd_getpwnam_send replace parse_domain_user_fstr with
parse_domain_user
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b5427ef8 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In winbindd_ccache_ntlm_auth replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
89fb5eee by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: replace parse_domain_user_fn with parse_domain_user
In winbindd_getgrnam_send use parse_domain_user instead of
parse_domain_user_fstr
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b4bdd341 by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5640d7ab by Noel Power at 2023-10-24T12:43:37+00:00
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In canonicalize_username replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6830b796 by Noel Power at 2023-10-24T13:47:16+00:00
s3:/winbindd: remove parse_domain_user_fstr
Last caller of parse_domain_user_fstr has been removed so
we can safely remove the function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Oct 24 13:47:16 UTC 2023 on atb-devel-224
- - - - -
071b1024 by Ralph Boehme at 2023-10-24T13:48:33+00:00
clang-format: tweak config to bring us closer to README.Coding.
I'm enabling "AllowAllArgumentsOnNextLine" because that's longstanding practice
with many many function calls like tevent_req_callback_data() and
tevent_req_data() and imho results in the most readable code at the place where
this is often seen (variable declartions with tevent_req_* stuff).
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f83d6c53 by Ralph Boehme at 2023-10-24T14:47:57+00:00
clang-format: sort alphabetically
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 24 14:47:57 UTC 2023 on atb-devel-224
- - - - -
e933fd2d by Joseph Sutton at 2023-10-24T14:48:36+00:00
lib/torture: Use portable format specifiers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
46f0c269 by Joseph Sutton at 2023-10-24T14:48:36+00:00
lib/torture: Add torture_assert_size_*() macros
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9f54b94b by Joseph Sutton at 2023-10-24T15:51:40+00:00
s4:torture: Produce more output to help debug smb2.multichannel.bugs.bug_15346
Print the time (as reckoned by tevent) at which each ‘negprot done’ and
‘echo done’ message is produced, and print another message if one of the
requests times out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Oct 24 15:51:40 UTC 2023 on atb-devel-224
- - - - -
825a992a by Ralph Boehme at 2023-10-24T21:31:38+00:00
vfs_fruit: add option fruit:validate_afpinfo = yes|no (default: yes)
Allows disabling validation of AfpInfo stream data. It seems in data migration
scenarios from other SMB servers to Samba with fruit, somehow such invalid
streams are present on the source SMB server and can't be copied to Samba.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c8dea14 by Ralph Boehme at 2023-10-24T22:30:06+00:00
smbtorture: add test for fruit:validate_afpinfo option
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 24 22:30:06 UTC 2023 on atb-devel-224
- - - - -
b543874a by Rob van der Linde at 2023-10-24T23:31:29+00:00
tests: minor indentation and whitespace fixes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
029e0457 by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: tests: make check_run and related methods classmethod for consistency
Before that only run_command was turned into a @classmethod, but not
the other related methods which were left unchanged, this made it
inconsistent.
Some of these methods need to be called from setUpTestData so they
really need to be @classmethod anyway.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22316fea by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: PEP8 fixup whitespace in getopt.py first
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e209b8d7 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: move comment for check_bytes to docstring
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f8b4913 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: update super calls to python3 style
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c688e733 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: correctly group and sort imports
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96959b72 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: move SambaOption to the top of the file
This is needed for the next commit
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b575612 by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: correctly pass Samba option class to OptionParser
On OptionGroups it will set option_class and then this gets used by self.add_option
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3876242 by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: move comment above class to docstring
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99c93c1e by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: PEP8: minor whitespace fix, file did not pass PEP8
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdad257a by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: don't turn exception into CommandError in run_validators
It's the wrong place to do it.
Instead, let it raise the original exception, capture it in _run, and
call existing show_command_error method.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29c99915 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: move validators logic to parent class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc513a82 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: move Validator base class and ValidationError to getopt
It makes more sense for these to exist in the top package, because they are used by SambaOption.
validators.py can still exist in netcmd, just not the base class and exception.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f93e1d1 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: add docstrings to Validator and ValidationError
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90f7ad08 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: tests: fix some hidden tab characters in tests.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a5a5cae by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: ntacl: fix import grouping and order
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a930456f by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: dbcheck: fix import grouping and order
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32032937 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: SUPPRESS_HELP constant has no effect here
Where it is used, on a few options, the constant should be used
directly instead.
This means that in the following commit, the Option subclass of
SambaOption can be removed, as it will become redundant.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f8c46d1 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: remove redundant Option subclass
Instead, just import SambaOption as Option, so all the existing commands don't need changing.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7a1946d by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: fix import grouping and sorting in base first
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d54f52b8 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: parser class in getSamDB should set option_class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f77064c8 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: rename SambaOption to Option
* Nothing uses SambaOption directly, everything imports it through samba.netcmd.Option
* Avoid an unnecessary rename on import
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14b21298 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: catch parent exception class OptParseError instead
This covers both OptionError and OptionValueError
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb058e7f by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: remove OptionError alias to OptionValueError
The other methods in this file already raise optparse.OptionValueError
directly, except for two older ones.
They are using an alias which changes the name to OptionError, the
confusing part about this is that optparse.OptionError actually does
exist, so the incorrect alias needs to be removed.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6943a58b by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: tests: stop checking for ERROR prefix from CommandError
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
837e1d9f by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: subclass OptionParser to populate option_class
The option_class needs to be set correctly for OptionGroups that use self.add_option
Override OptionParser `__init__` to change the default Option class to the samba one.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e60f3afc by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: implement required flag on options and OptionParser
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f3d6d80 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: make use of required flag on Option for claims commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1244ba3 by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: getopt: Add HostOptions to avoid need to manually add -H
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0667708c by Rob van der Linde at 2023-10-24T23:31:29+00:00
python: netcmd: make use of HostOptions for claims and sites commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c389e19 by Rob van der Linde at 2023-10-24T23:31:29+00:00
netcmd: auth policy: add OptionGroup classes for user, service and computer options
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50b8a2de by Rob van der Linde at 2023-10-25T00:31:36+00:00
python: getopt: HostOptions and other option groups inherit from samba OptionGroup class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 25 00:31:37 UTC 2023 on atb-devel-224
- - - - -
3c4714bc by Joseph Sutton at 2023-10-25T21:40:33+00:00
s3:rpc_server: Correctly reset DEVMODE bit
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 25 21:40:33 UTC 2023 on atb-devel-224
- - - - -
0653f78b by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in net
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8482d46f by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in ntlm_auth
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66c76976 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in pdbedit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72add41e by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in regedit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7a8e63f by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in sharesec
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9428fa35 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbcacls
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d482485 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbcontrol
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eee959f by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbcquotas
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f849efeb by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Remove trailing white spaces in smbfilter.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a873f89 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbfilter
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbda37e4 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6aa56331 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Remove trailing white spaces in smbpasswd.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
643e0ae8 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all before exit in smbpasswd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d411cf5 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:utils: Call gfree_all() before exit in smbtree
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e48798cb by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:client: Call gfree_all() before exit in smbclient
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e24900ac by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:client: Call gfree_all() before exit in smbspool
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49424f18 by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:param: Use a talloc stackframe in pyparam
Several parts of the code use talloc_tos() requiring a stackframe to be
present. This is needed as loadparm_init_s3() will call init_globals()
later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e30c404f by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:param: Use the memory context we just created instead of tos
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e45a0ce by Andreas Schneider at 2023-10-25T22:23:37+00:00
s3:param: Make init_globals() public
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7a6488d by Andreas Schneider at 2023-10-25T22:23:37+00:00
lib:param: Set a memory context for the globals if not initialized yet
Typically once the smb.conf starts to be loaded,
loadparm_s3_init_globals() will be called and a memory context for
strings on the static Globals will be created. But we might call
lpcfg_set_cmdline() before we load the smb.conf file, so we (via a
helper pointer) call loadparm_s3_init_globals() to get that
initialisation done earlier, ensuring that all allocations on Globals is
done on a memory context that we can later TALLOC_FREE() before exit().
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04548bdb by Joseph Sutton at 2023-10-25T22:23:37+00:00
.gitattributes: Treat file containing test SDDL as binary
This file contains some very long lines that can make it hard to grep
for things from the terminal.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f4c17e9 by Joseph Sutton at 2023-10-25T22:23:37+00:00
libcli/security: Fix leak on reallocation failure in pull_composite()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4de22a7 by Joseph Sutton at 2023-10-25T22:23:37+00:00
libcli/security: Fix leak on reallocation failure in conditional_ace_encode_binary()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17983427 by Joseph Sutton at 2023-10-25T22:23:37+00:00
python: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c750c1db by Joseph Sutton at 2023-10-25T22:23:37+00:00
python:tests: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
defeb3e6 by Joseph Sutton at 2023-10-25T22:23:37+00:00
tests/krb5: Don’t pass parameters unnecessarily
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0c24a52 by Joseph Sutton at 2023-10-25T22:23:37+00:00
tests/krb5: Sort imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
301cc80b by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:libads: Update code reference in comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0c1c469 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:passdb: Fix code formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee239525 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:dsdb:tests: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c1492c5 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:ntvfs: Avoid signed integer overflow
Signed integer overflow is undefined behaviour.
ubsan reports errors similar to the following:
signed integer overflow: 9223372036854775807 + 2147483682 cannot be represented in type 'long int'
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2543bc04 by Joseph Sutton at 2023-10-25T22:23:37+00:00
selftest: Remove ubsan suppressions
These instances of undefined behaviour ought now to be fixed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49dca847 by Joseph Sutton at 2023-10-25T22:23:37+00:00
tests/krb5: Add more tests of the device belonging to certain groups
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f0ebf08 by Joseph Sutton at 2023-10-25T22:23:37+00:00
tests/krb5: Add tests for group membership with RBCD
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f48afb2b by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:kdc: Add device to default groups for RBCD conditions evaluation
This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.
It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.
Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91046720 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:kdc: Add device to Authenticated Users for RBCD conditions evaluation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1f5965f by Joseph Sutton at 2023-10-25T22:23:37+00:00
SECURITY.md: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
984b3ab7 by Joseph Sutton at 2023-10-25T22:23:37+00:00
auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3bc4d4a by Joseph Sutton at 2023-10-25T22:23:37+00:00
docs-xml: Fix documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2c82834 by Joseph Sutton at 2023-10-25T22:23:37+00:00
examples: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee8820b6 by Joseph Sutton at 2023-10-25T22:23:37+00:00
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97566f1b by Joseph Sutton at 2023-10-25T22:23:37+00:00
lib/fuzzing: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82ec1965 by Joseph Sutton at 2023-10-25T22:23:37+00:00
talloc: Fix documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15035895 by Joseph Sutton at 2023-10-25T22:23:37+00:00
tevent: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53caed5e by Joseph Sutton at 2023-10-25T22:23:37+00:00
lib/util: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47975ea8 by Joseph Sutton at 2023-10-25T22:23:37+00:00
libcli/security: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
093ce69e by Joseph Sutton at 2023-10-25T22:23:37+00:00
libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb57dbe7 by Joseph Sutton at 2023-10-25T22:23:37+00:00
security.idl: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2dc6fab2 by Joseph Sutton at 2023-10-25T22:23:37+00:00
librpc:ndr: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c36163c3 by Joseph Sutton at 2023-10-25T22:23:37+00:00
pidl: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ce4af01 by Joseph Sutton at 2023-10-25T22:23:37+00:00
python:tests: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46f4dd3e by Joseph Sutton at 2023-10-25T22:23:37+00:00
tests/krb5: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cf3e4eb by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:auth: Add missing word to comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58ba1d4c by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:lib: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d6d21bd by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:libads: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3890b129 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:libsmb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a670182 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:passdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5af0e1e by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61d5816e by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9ea773f by Joseph Sutton at 2023-10-25T22:23:37+00:00
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5504971 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
234b9529 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ac1d19d by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:kdc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c73456d7 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:lib: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46a4ce32 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c917254 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:ntvfs: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc1fd9c6 by Joseph Sutton at 2023-10-25T22:23:37+00:00
s4:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
378aa653 by Joseph Sutton at 2023-10-25T22:23:38+00:00
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fef091b6 by Joseph Sutton at 2023-10-25T22:23:38+00:00
script: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3a44012 by Joseph Sutton at 2023-10-25T22:23:38+00:00
testdata: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40b51535 by Joseph Sutton at 2023-10-25T22:23:38+00:00
third_party/heimdal_build: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a50e3483 by Noel Power at 2023-10-25T22:23:38+00:00
codespellignore: ignore some spellings introduced with wsp files
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8800f4f8 by Ralph Boehme at 2023-10-25T22:23:38+00:00
libcli/util: add tstream_full_request_u32 and tstream_full_request_u16
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d1088fa by Ralph Boehme at 2023-10-25T22:23:38+00:00
libcli/util: add struct tstream_context to tstream_read_pdu_blob_full_fn_t
Add struct tstream_context to tstream_read_pdu_blob_full_fn_t and update
all callers of tstream_read_pdu_blob_send() to use the correct callback.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53d87445 by Ralph Boehme at 2023-10-25T22:23:38+00:00
s4/lib: remove packet_full_request_u16, not used anymore
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cc1e25a by Noel Power at 2023-10-25T22:23:38+00:00
libcli/smb: Allow dynamic setting of the max_data in SMB Pipe transaction.
Some services like WSP can send larger messages than the current 'Max Ioctl'
limit, this results in the server producing a BUFFER_OVERFLOW status (and
additionally clipping the message sent). Add support to allow a client to
modify the hardcoded 'Max Ioctl' default value to allow the server to
successfully send larger responses.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a16f3f7e by Ralph Boehme at 2023-10-25T22:23:38+00:00
libcli: Implement a tstream dcerpc_binding_handle
This implements a dcerpc_binding_handle that does just pass request and
response blob passing.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
180f25f7 by Ralph Boehme at 2023-10-25T22:23:38+00:00
libcli/smb: add FSCTL_PIPE_WAIT
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d766729c by Noel Power at 2023-10-25T22:23:38+00:00
librpc/idl: Add idl for WSP and also some required helper functions.
Represent the message data, structures and constants to do with the
WSP (Windows Search Protocol) as idl.
(see: https://msdn.microsoft.com/en-us/library/cc251767.aspx)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3b25146 by Noel Power at 2023-10-25T22:23:38+00:00
s3/build: Add support for WSP in configure script.
Building wsp cli, tools should be controlled by
specifying '--enable-wsp' Note: By default this option is not enabled
as the is an experimental feature however it is enabled if configure
is called with '--selftest'
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62f96d9c by Noel Power at 2023-10-25T22:23:38+00:00
librpc/rpc: Add windows propertyset info and associated accessor and helper api.
wsp_util.c contains property definitions for well known windows
properties that can be used with WSP. These properties are generated from
some csv files (located in the librpc/wsp). The csv files themselves
were generated from a couple of sources e.g. the [MS-WSP]:
Windows Search Protocol document and wireshark mswsp dissector source code.
for more details please see librpc/wsp/README
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8188b37b by Noel Power at 2023-10-25T22:23:38+00:00
docs-xml: Add config param for defining extra wsp properties
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae9d9434 by Noel Power at 2023-10-25T22:23:38+00:00
librpc/wsp: adjust the wsp property api to additionally use a csv file
We have definitions for a number of properties both from the WSP
spec document and from those used by wireshark. These properties
are built into samba (generated from csv files). This commit allows
extra properties to be added on the fly in a custom csv file, the
format of the csv file is the same as that used in the build. This
allows us to add some 'unknown' properties on the fly, although we
would hope that information regarding these properties would be
incorporated into the build in due course.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46b4a99b by Noel Power at 2023-10-25T22:23:38+00:00
librpc/wsp: add some helper functions needed to support AQS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b28fb85a by Noel Power at 2023-10-25T22:23:38+00:00
libcli/wsp: Add support for simplified Advanced Query Syntax
Add support to parse AQS-like (Advanced query syntax)
AQS - see https://learn.microsoft.com/en-gb/windows/win32/search/-search-3x-advancedquerysyntax
The basic (AQS) syntax is supported e.g. a query is built of a sequence of
queries connected by AND, OR and NOT where the query elements are
essentially restrictions defined by a property. There are some
limitations on the operators supported[1] and additionally some things
like enumerated ranges are not supported at all and range values are not
delimited as specified [2]. Some special cases that you see in the
windows search UI are exceptions [3] which are handled more or less as keywords
Some examples:
The following are all exactly the same query just expressed using
different variations of the syntax
'ALL:($<p403 OR $<p404) AND System.Kind:picture AND Scope:"FILE://somemachine/someshare" AND > System.Size:10241-102401'
'ALL:$<p403 OR ALL:$<p404 AND System.Kind:picture AND Scope:"FILE://somemachine/someshare" AND > System.Size:>=10241 AND System.Size:<102401'
'ALL:$<p403 OR ALL:$<p404 AND System.Kind:picture AND Scope:"FILE://somemachine/someshare" AND > System.Size:small'
The queries above by default select the property System.ItemUrl as the
one and only column returned, the query parameter however accepts a
variation to the AQS like syntax to allow arbitrary columns to be
selected e.g.
'SELECT System.ItemName, System.ItemURL, System.Size WHERE ALL:$<p403 OR ALL:$<p404 AND System.Kind:picture AND Scope:"FILE://somemachine/someshare" AND System.Size:small'
[1] supported operators
-------------------
= Equals
!= Not Equals
> Greater than
< Less than
>= Greater than or equals
<= Less than or equals
$= equals
$< starts with
[2] ranges are specified as value-value instead of value..value (seems
my flex/bison skills are not good enough and couldn't get that to
work with '..'
[3] The windows UI has shortcut ranges (presumably represented as enumerated
ranges) providing date ranges like 'today', 'tomorrow',
'lastweek' etc. and similarly sizes like "empty, tiny, small, large..."
These are supported (but implemented as keywords)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68ce6cf6 by Noel Power at 2023-10-25T22:23:38+00:00
librpc/wsp: Add functions to dump restriction as string
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86d43421 by Noel Power at 2023-10-25T22:23:38+00:00
libcli/wsp: Test AQS parser
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8977d0a5 by Noel Power at 2023-10-25T22:23:38+00:00
librpc/wsp: Add some util functions needed for wsp client api
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b2fdd53 by Noel Power at 2023-10-25T22:23:38+00:00
remove problematic include (seems to bring in conflicted definitions)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47a0dc6f by Noel Power at 2023-10-25T22:23:38+00:00
add accessor for tstream_context
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
387c9f3a by Noel Power at 2023-10-25T22:23:38+00:00
libcli/wsp: Add simple client api for wsp client code.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3a7a94f by Noel Power at 2023-10-25T22:23:38+00:00
s3/utils: Add search client
Simple cli client for doing a basic windows search.
example:
wspsearch -U$(USER)%$(PASSWD) //$(SERVER)/$(SHARE) --search='DSC' --kind=Picture
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
704a6155 by Noel Power at 2023-10-25T23:20:33+00:00
docs-xml: add manpage for wspsearch cli client
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 25 23:20:33 UTC 2023 on atb-devel-224
- - - - -
7cf4efe7 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
lib/util/charset: @param typos
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df8ab7ed by Douglas Bagnall at 2023-10-26T01:24:32+00:00
util/charset: disambiguate docs for convert_string twins
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44ce1ad5 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
idl/spoolss: fix spelling of UTF16 charset
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acb0a299 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78658eee by Douglas Bagnall at 2023-10-26T01:24:32+00:00
s4/dsdb: try not to leak on access check failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffdd9dde by Douglas Bagnall at 2023-10-26T01:24:32+00:00
s4:dns_server: loudly warn when a tombstone record has other records
This shouldn't happen -- that is, there should never be non-tombstone
records in conjunction with a tombstone record -- and if it does, the
situation should resolve itself here. But the flow is confusing and
strange things sometimes happen often enough that it would be helpful
to know if this ever occurs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15b7508b by Douglas Bagnall at 2023-10-26T01:24:32+00:00
docs/manpages: fix links to mod_ntlm_winbind and squid
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f870211 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
s4/torture/gentest: remove redundant op entry
Also on line 2994.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5a728e8 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
util/convert string: remove inaccurate misspelt comment
Previous commit to the "embarrassing" line was ce10a7a673e8adf "Fix
typo in comment", which did not completely fix the typo in the
comment.
But there are no gotos anymore, so no embarrassment, however spelt.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58011bc6 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
s4/torture/gentest: explain seemingly redundant initialisation
It seems silly, but it confused me.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7481f94 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
util/charset/torture: test convert_string_talloc with emptyish strings
because it wasn't entirely obvious (a zero length string returns a
length 1 result).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
949fe570 by Douglas Bagnall at 2023-10-26T01:24:32+00:00
libutil/iconv: don't allow wtf-8 surrogate pairs
At present, if we meet a string like "hello \xed\xa7\x96 world", the
bytes in the middle will be converted into half of a surrogate pair,
and the UTF-16 will be invalid. It is better to error out immediately,
because the UTF-8 string is already invalid.
https://learn.microsoft.com/en-us/windows/win32/api/Stringapiset/nf-stringapiset-widechartomultibyte#remarks
is a citation for the statement about this being a pre-Vista
problem.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3960eabc by Douglas Bagnall at 2023-10-26T01:24:32+00:00
libutil/iconv: avoid overflow in surrogate pairs
Consider the non-conforment utf-8 sequence "\xf5\x80\x80\x80", which
would encode 0x140000. We would set the high byte of the first
surrogate to 0xd8 | (0x130000 >> 18), or 0xdc, which is an invalid
start for a high surrogate, making the sequence as a whole invalid (as
you would expect -- the Unicode range was set precisely to that
covered by utf-16 surrogates).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f266f5c6 by Joseph Sutton at 2023-10-26T01:24:32+00:00
tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3917a199 by Joseph Sutton at 2023-10-26T01:24:32+00:00
tests/krb5: Add tests for single‐component krbtgt principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
800f3203 by Joseph Sutton at 2023-10-26T01:24:32+00:00
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2944bc1e by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:dsdb: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a0c5ee4 by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
The existing implementation did not differentiate between the case where
the relevant component was not present, and that where talloc_strndup()
failed. To correct this situation, put the result into an out parameter
on success and return an error on failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
865e4f0f by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
principal_comp_strcmp() cannot yet indicate a failure case, but it will
soon be changed to do so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d7a05bf by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Make use of smb_krb5_principal_is_tgs()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b68f751 by Joseph Sutton at 2023-10-26T01:24:32+00:00
third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ddef0e5e by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
This matches the behaviour of Windows.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12211735 by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Have principal_comp_strcmp_int() properly indicate an error
We should return error codes rather than silently mask failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea6d2ddb by Joseph Sutton at 2023-10-26T01:24:32+00:00
s4:kdc: Check for overflow before calling smb_krb5_princ_component()
smb_krb5_princ_component() takes its component index parameter as ‘int’,
not ‘unsigned int’.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d57f3bdc by Joseph Sutton at 2023-10-26T02:26:02+00:00
s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
We only ever use the principal comparison functions to check equality.
Having these functions only handle equality simplifies their
implementation and makes them a bit easier to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 26 02:26:02 UTC 2023 on atb-devel-224
- - - - -
45643c70 by Ralph Boehme at 2023-10-26T15:29:29+00:00
smbd: fix group marshalling in smb3_file_posix_information_init
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
788dafcc by Ralph Boehme at 2023-10-26T15:29:29+00:00
s3/libsmb: reuse smbXcli_conn_have_posix()
We already store the negotiated POSIX state in smbXcli_connection
and there we only store it if the server actually supports the
version we requested.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
3aedefcc by Ralph Boehme at 2023-10-26T15:29:29+00:00
smbd: add nlinks marshalling in smb3_file_posix_information_init()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
853ae7a9 by Ralph Boehme at 2023-10-26T16:32:30+00:00
smbd: add inode marshalling in smb3_file_posix_information_init()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Oct 26 16:32:30 UTC 2023 on atb-devel-224
- - - - -
b436720e by Samuel Cabrero at 2023-10-26T22:27:44+00:00
s3:rpc_server/wkssvc: Remove get logged on user list from utmp
utmp is not Y2038 safe.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6ae5d66 by Andrew Bartlett at 2023-10-26T23:27:29+00:00
codespell: Ignore .git
Otherwise the first line of commit messages is checked,
because text is found in .git/logs/HEAD, but only on
autobuild and not in CI (which does a shallow clone),
and not the whole commit message either, which is inconsistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15503
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 26 23:27:29 UTC 2023 on atb-devel-224
- - - - -
c22400fd by Rob van der Linde at 2023-10-26T23:32:34+00:00
netcmd: silo command remove combined --policy which set all 3
doesn't make much sense to set all 3 to the same policy, user authentication policy, service authentication policy, computer authentication policy
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15fb8a5f by Rob van der Linde at 2023-10-26T23:32:34+00:00
netcmd: silo command uses more consistent naming for policy args
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
156887c6 by Rob van der Linde at 2023-10-26T23:32:34+00:00
netcmd: silo command uses more consistent naming for tgt args
The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and
--computer-tgt-lifetime-mins suffixed with -mins to be consistent
with Windows tooling.
For these, the internal names don't need to change and neither do
the model fields, only the external cli interface has this.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e9f74a6 by Rob van der Linde at 2023-10-26T23:32:34+00:00
netcmd: claims: rename claims and silo tests
Rename test function names that were starting to get very long.
They were all prefixed with the test name, stop doing that and use double underscore for better separation.
e.g. AuthPolicyCmdTestCase.test_authentication_policy_list_json
becomes AuthPolicyCmdTestCase.test_list__json
The claim types and value types test cases have been split into two testcases.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed245e28 by Rob van der Linde at 2023-10-26T23:32:34+00:00
netcmd: tests: make use of addCleanup
Makes self.members redundant and tearDown method can go completely.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d19e2682 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: tests: function to generate a unique name from caller
Uses the caller function to generate a unique name from the test function name.
Unique name is converted to camel case
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e87d7406 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: tests: addCleanup is always before create operation
This way if it raises during a create, it will still end up running the cleanup.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95cb6a0b by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: tests: qa and developers were not in the correct case
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2dd06ae4 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: tests: improve comments for auth silo and policy tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2aa4d674 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: tests: claims and silo tests make use of unique_name
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47f5bc78 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: silos: add some missing tests for auth policy command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16d52aa5 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: move method escaped_claim_id from test to samba.sd_utils
This is so that it can be used in other places too without the need to import or extend the test base class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84916935 by Rob van der Linde at 2023-10-26T23:32:34+00:00
python: add docstring for escaped_claim_id function
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bb67a3a by Rob van der Linde at 2023-10-27T00:30:05+00:00
python: silos: add support for allowed to authenticate from silo shortcut
this avoids the need to write SDDL, the user just needs to give the silo name
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
- - - - -
a2a31519 by Andreas Schneider at 2023-10-27T05:54:33+00:00
s3:utils: Initialize row variable in wspsearch
../../source3/utils/wspsearch.c:331:25: error: ‘row’ may be used
uninitialized [-Werror=maybe-uninitialized]
331 | *rows_processed = row;
| ~~~~~~~~~~~~~~~~^~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
200a5b76 by Andreas Schneider at 2023-10-27T05:54:33+00:00
lib:util: Add boolean return type for memcache_add()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
842d2eca by Andreas Schneider at 2023-10-27T05:54:33+00:00
lib:util: Add boolean return type for memcache_add_talloc()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3234c55 by Andreas Schneider at 2023-10-27T05:54:33+00:00
s3:passdb: Do not leak memory if memcache add fails
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
#0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63
#6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351
#7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752
#8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273
#9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478
#10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661
#11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdcaac14 by Andreas Schneider at 2023-10-27T05:54:33+00:00
lib:util: Add a gfree_memcache()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89e376c6 by Andreas Schneider at 2023-10-27T05:54:33+00:00
s3:util: Add gfree_memcache() to gfree_all()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1d2a03d by Andreas Schneider at 2023-10-27T06:51:48+00:00
s3:utils: Initialize the memcache for smbpasswd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Oct 27 06:51:48 UTC 2023 on atb-devel-224
- - - - -
9c5a9244 by Gabriel Nagy at 2023-10-27T13:47:30+00:00
gp_pol: Test empty multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
d5d96bed by Gabriel Nagy at 2023-10-27T13:47:31+00:00
gp_pol: Allow null data for REG_MULTI_SZ
The parser is able to convert data from binary to XML (it generates an
empty <Value> tag) but not the other way around. This is a common
occurrence for empty multitext fields.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
03af1176 by Gabriel Nagy at 2023-10-27T14:45:28+00:00
gp_pol: Test multiple values multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Fri Oct 27 14:45:28 UTC 2023 on atb-devel-224
- - - - -
cc1657c5 by Volker Lendecke at 2023-10-27T20:14:30+00:00
tests: Get a file through an absolute symlink within a subdirectory
This shows that read_symlink_reparse() is broken when trying to
replace an absolute with a relative filename within a
share.
read_symlink_reparse() is used only in openat_pathref_fsp_nosymlink()
so far to chase symlinks for non-lcomp path components. Chasing lcomp
symlinks is done through non_widelink_open(), which gets it right.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
952d6c2c by Volker Lendecke at 2023-10-27T21:19:35+00:00
smbd: Fix read_symlink_reparse()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224
- - - - -
9313731e by Martin Schwenke at 2023-10-30T09:19:11+00:00
ctdb-scripts: Update detect_init_style to use /etc/os-release
/etc/os-release is quite universal. It can be found on most Linux
distros and on FreeBSD.
Attempt to use /etc/os-release to detect Red Hat, SUSE and Debian
based distros. If /etc/os-release exists but distro is unknown then
$ID is printed as the detected distro, which will probably result in
sub-optimal behaviour, but when tracing it will at least indicate that
a new distro needs to be handled.
The only way to handle missing /etc/os-release is to set
CTDB_INIT_STYLE - see ctdb.sysconfig(5) for details.
The event script unit tests are updated to use /etc/os-release so
the new logic is exercised.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Oct 30 09:19:11 UTC 2023 on atb-devel-224
- - - - -
8a8f1f3c by Ralph Boehme at 2023-10-31T04:38:42+00:00
libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
4ff144c2 by Ralph Boehme at 2023-10-31T04:38:42+00:00
pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
6944aa7c by Ralph Boehme at 2023-10-31T04:38:42+00:00
CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
ea89dd00 by Ralph Boehme at 2023-10-31T04:38:42+00:00
libsmb: infer posix context from info_level
No need for an explcit additional argument, we can just infer this from the
info_level.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
f52a025a by Ralph Boehme at 2023-10-31T04:38:42+00:00
libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
3dc1911f by Ralph Boehme at 2023-10-31T04:38:42+00:00
libsmb: use K format for parsing unsigned long long
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
d6c8b709 by Ralph Boehme at 2023-10-31T04:38:42+00:00
libsmb: remove mode from struct file_info
There's already the "attr" member and this is even used in list_posix_helper()
in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using "I"
instead of "i" format.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
b6301fd0 by Ralph Boehme at 2023-10-31T04:38:42+00:00
libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in list_posix_helper()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
7a5228ff by Ralph Boehme at 2023-10-31T05:41:17+00:00
CI: smb3unix.py: check basic CreateContexts response
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
- - - - -
de20ee1a by Samuel Cabrero at 2023-11-01T12:52:13+00:00
WHATSNEW: Mention logged on users list removal
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Nov 1 12:52:13 UTC 2023 on atb-devel-224
- - - - -
9f63fad3 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Simplify sys_proc_fd_path()
We know the buffer size up-front, create a struct for that. Also, I
think if we ever hit another /proc pattern this is very likely on a
different OS that could be handled by an #ifdef.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c20ea9d by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Simplify reopen_from_fsp()
Pass down a dummy "file_created" variable in open_directory(), remove
a unneeded if-condition.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
32d15770 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Simplify reopen_from_fsp()
Add the checks in reopen_from_procfd() into an if-condition, remove
the MORE_PROCESSING_REQUIRED logic that confused me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28873a84 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2afaf21 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
252d2cc7 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
846adcb2 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Save errno around unbecome_root()
Probably not required, but better safe than sorry.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba2bc307 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Fix some whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a181283f by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Remove code #ifdef'ed out >23years ago
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e5d7525 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: "have_proc_fds" can only work for a real fd
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45ec0f61 by Volker Lendecke at 2023-11-01T18:55:32+00:00
libcli: SMBntcreateX can return STOPPED_ON_SYMLINK
This does not count as NT_STATUS_IS_ERR, as it starts with 0x8 instead
of 0xC. So we return NT_STATUS_INVALID_NETWORK_RESPONSE, which is
wrong.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
170b67b3 by Volker Lendecke at 2023-11-01T18:55:32+00:00
manpages: Add a missing space
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea168705 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Fix previous_slash()
Untested code is broken code... previous_slash() did not return a
pointer to the slash but after it. This went undetected because so far
we never call symlink_target_path() with "unparsed==0". Once we
started doing that, we would find that the "unparsed==0" case actually
puts parent on the "previous slash", not the character behind it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92606a46 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Move filename_convert_smb1_search_path() to smb1-only code
Just general cleanup.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bdc6d3be by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Remove unused FAKE_FILE_TYPE_NAMED_PIPE enum
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
879db14f by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Open file as REPARSE_POINT in smb_posix_unlink()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93f0a367 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Open file as REPARSE_POINT in rename_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0fc160c6 by Volker Lendecke at 2023-11-01T18:55:32+00:00
smbd: Open file as REPARSE_POINT in reply_rmdir()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1862561d by Volker Lendecke at 2023-11-01T19:56:33+00:00
smbd: Open file as REPARSE_POINT in unlink_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 1 19:56:33 UTC 2023 on atb-devel-224
- - - - -
947d3e59 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Test that the Service Asserted Identity SID is not regarded from an RODC‐issued PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc1e2b41 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Test that the Claims Valid SID is added to RODC‐issued PACs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ba4bb81 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Add tests to see how SIDs are conveyed from PACs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b936623 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:kdc: Add Claims Valid SID to info regenerated from RODC‐issued PACs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12b0c9d0 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:dsdb: Align integer type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01b89669 by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Remove unnecessary return statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce9fbcea by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Correct function documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
487e21ec by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:dsdb: Make sids_contains_sid() usable by other Samba modules
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ff72d0e by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Rename sids_contains_sid() to sids_contains_sid_attrs()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce3f04dc by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Make use of sids_contains_sid_attrs()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04611d9e by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Add sids_contains_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69edfd7b by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Make use of sids_contains_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76e27c3a by Joseph Sutton at 2023-11-01T20:10:45+00:00
libcli/security: Add sid_attrs_contains_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
915b4052 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:auth: Check that the PAC is not NULL before dereferencing it
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0da50b5 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:kdc: Add the Asserted Identity SID to the PAC only if the original RODC‐issued PAC contained it
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b69e1e7 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Use __slots__ to indicate which attributes are used by classes
These should help to catch mistaken attempts to set invalid attributes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66b45978 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Don’t pass unnecessary parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54eb1758 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Rename ‘krbtgt_creds’ to ‘rodc_krbtgt_creds’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6760dd48 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:kdc: Do not add Claims Valid SID twice
samba_kdc_get_user_info_dc() now adds the SID itself.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8bfd607 by Joseph Sutton at 2023-11-01T20:10:45+00:00
tests/krb5: Test device info generated from RODC‐issued tickets without certain SIDs
These tests crash Windows, but we can assume reasonable behaviour for
Samba.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0733ea36 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:kdc: Have samba_kdc_get_device_info_blob() call samba_kdc_get_user_info_dc() instead of adding special SIDs itself
samba_kdc_get_user_info_dc() will add the Asserted Identity and Claims
Valid SIDs as appropriate.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebbba22c by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:auth: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0675138 by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:auth: Comment about claims in the security token
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57c543a1 by Joseph Sutton at 2023-11-01T20:10:45+00:00
third_party/heimdal: Import lorikeet-heimdal-202310310018 (commit 3a433861903ff7c35f3a42c2e88aef2fab7bb5b4) (CID 1544591, CID 1544617)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bea9958b by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:kdc: Call kdc_request_set_e_data() instead of kdc_set_e_data()
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0071a60f by Joseph Sutton at 2023-11-01T20:10:45+00:00
dcerpc.idl: Use simple boolean value instead of flag
One advantage of this is that the type of the switch value is no longer
tied to the type of the NDR flags.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83c68236 by Joseph Sutton at 2023-11-01T20:10:45+00:00
librpc:ndr: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ec7578e by Joseph Sutton at 2023-11-01T20:10:45+00:00
s4:torture: Make static variables constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4f281e9 by Joseph Sutton at 2023-11-01T20:10:45+00:00
librpc:ndr: Introduce ‘libndr_flags’ type
The LIBNDR_FLAG_ namespace is getting dangerously full, with only a
single flag value (1 << 9) remaining for use. After that flag is put
into use, we won’t be able to add any new flags without increasing the
flag width to 64‐bit.
Up to now we’ve used a haphazard mix of int, unsigned, and uint32_t to
store these flags. Introduce a new type, ‘libndr_flags’, to be used
consistently to hold LIBNDR flags. If in the future we find we need to
move to 64‐bit flags, this type gives us an opportunity to do that.
Bump the NDR version to 4.0.0 — an major version increment, for we’re
changing the function ABI and adding the new symbol
ndr_print_libndr_flags.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a396b705 by Joseph Sutton at 2023-11-01T20:10:45+00:00
librpc:ndr: Introduce ‘ndr_flags_type’ type
Instead of ‘int’ or ‘uint32_t’, neither of which convey much meaning,
consistently use a newly added type to hold NDR_ flags.
Update the NDR 4.0.0 ABI.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c75be6c3 by Joseph Sutton at 2023-11-01T20:10:45+00:00
librpc:ndr: Increase size of ‘libndr_flags’ type to 64 bits
This gives us thirty‐two new LIBNDR_ flags to play with.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5319c5bd by Douglas Bagnall at 2023-11-01T20:10:45+00:00
libcli/security: SDDL accepts lowercase "s-" in SIDs
This is what Windows does, and it removes a couple of knownfails.
We can change it here cheaply without affecting the core dom_sid code,
which is good because there seem to be other places where we need the
uppercase S (for example in ldap search <SID=> queries).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc11165e by Douglas Bagnall at 2023-11-01T20:10:45+00:00
libcli/security: sddl: check a talloc_zero
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b57d5cd by Douglas Bagnall at 2023-11-01T20:10:45+00:00
libcli/security: sddl_conditional_ace: ensure message is talloced
It is simpler for the message to have consistent parentage; it
is easier to drop one message we'll never see than to talloc it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93347aa5 by Douglas Bagnall at 2023-11-01T20:10:45+00:00
libcli/security: add sddl_decode_err_msg()
This will return an error message, if it can, along with an indicative
position.
For conditional ACEs the message might be accurate, and the position
fine-grained. For example, you might be able to construct the message
like this:
D:(XA;;CC;;;S-1-2-3;(@User.Title == !(@User.Title)))
^
16: unexpected operator
For non-conditional ACEs, the position typically points to the beginning
of the ACE, like this:
D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)
^
unknown error
Here the error is in the spaces either side of " OICI; ", but the pointer
points to the beginning of the ACE.
The old sddl_decode() function becomes a wrapper around the new function,
which inherits the guts of the old function.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67fa97d6 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
libcli/security: sddl_decode_ace/acl pass through messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c63a8989 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
libcli/security: sddl: remove unreachable debug
As it stands, ace_conditions_compile_sddl() won't produce a message when
it succeeds (i.e. return non-NULL), so this debug is just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c31d41d7 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
libcli/security: sddl: guard against inconsistent msg pointers
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffa08426 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
libcli/security: conditional ace err messages don't hardcode offset
Usually the conditions are embedded in part of some SDDL, and the
offset from the beginning of the condtions is a bit useless and
confusing. Callers of sddl_decode_err_msg get the offset from the
beginning of the SDDL which is a different and more useful number.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d8024e7 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
lib/ldb: py LDBError avoids leak and checks for alloc failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbf8349e by Douglas Bagnall at 2023-11-01T20:10:46+00:00
lib/ldb: pyldb search iterator avoids exception leak
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c123e14 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
ndr/py_security: mod patch reports errors
We can, so we might as well.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05472544 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
s4/librpc/py_security: add SDDLValueError
This will soon be raised for SDDL parsing errors.
It would have been nice to have it as a subclass of
ValueError, meaning that all existing callers would
continue to catch this error as before, but it turns
out that that is quite difficult.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d47c6654 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
pytest: sid_strings: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
328ddf6d by Douglas Bagnall at 2023-11-01T20:10:46+00:00
pytest:security_descriptors: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd8cf82b by Douglas Bagnall at 2023-11-01T20:10:46+00:00
pytest:sddl: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7fe0420 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
s4/librpc/py_security: use SDDLValueError for better error messages
The aim is to allow samba-tool to tell users where their SDDL went
wrong.
Some tests would turn into errors (not knownfail-able failures)
if they were not changed at the same time, so they are changed too.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42b5a09a by Douglas Bagnall at 2023-11-01T20:10:46+00:00
pytest:sddl: assert SDDLValueError values make sense
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc2498f3 by Douglas Bagnall at 2023-11-01T20:10:46+00:00
samba-tool: try to present diagnostics for SDDL errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d915443a by Douglas Bagnall at 2023-11-01T20:10:46+00:00
pytest: samba_tool domain auth policy fix for SDDL err msg
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7f38c3a by Douglas Bagnall at 2023-11-01T21:12:33+00:00
pytest:samba-tool domain test policy: test SDDL diagnostics
The existing 'bad SDDL' test has SDDL so bad that the diagnostics
are not exercised.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 1 21:12:33 UTC 2023 on atb-devel-224
- - - - -
c2fe72fb by Joseph Sutton at 2023-11-02T03:08:37+00:00
third_party/heimdal: Import lorikeet-heimdal-202311012221 (commit 87159bd32148be80a0d9bfc984db481e4a0f2831)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5df344a8 by Joseph Sutton at 2023-11-02T03:08:37+00:00
libcli/security: Remove reference to conditional ACE recursive composites
These have been unsupported since commit
3b6c1f1a9c47d8d76a7cd946468c1c42e4fb097a.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4131179a by Joseph Sutton at 2023-11-02T03:08:37+00:00
libcli/security: Allow empty composites and resource attribute lists
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff1d00e0 by Joseph Sutton at 2023-11-02T03:08:37+00:00
selftest: Sort conditional ACE knownfails
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f865bd1 by Joseph Sutton at 2023-11-02T03:08:37+00:00
tests/krb5: Test conditional ACE expressions with empty composite literals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec687e7c by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:smbd: Remove unreachable code (CID 710840)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7322bb30 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Remove unused‐but‐set variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9e8cf4f by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77183ded by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Check return value of samba_cmdline_init() (CID 1548345)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b226932 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Remove condition that cannot be true (CID 1548341)
‘limit’ is an unsigned integer, and thus will never be less than zero.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55d06fa9 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Align integer type
If ‘count’ is larger than INT_MAX, ‘i’ might overflow in the loop and
lead to undefined behaviour.
See also CID 1548342.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4feb7659 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Avoid integer overflow (CID 1548343)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4db4df28 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:utils: Initialize flags (CID 1499396)
If ‘got_bcast’ is false and ‘give_flags’ is true, this variable will be
used uninitialized.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90505d3a by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:rpc_client: Align integer types (CID 1548342)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c095ec02 by Joseph Sutton at 2023-11-02T03:08:37+00:00
s3:rpc_client: Add missing ‘break’ statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa25793e by Joseph Sutton at 2023-11-02T03:08:37+00:00
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499407)
dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1372ef0e by Joseph Sutton at 2023-11-02T04:04:49+00:00
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)
dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 2 04:04:49 UTC 2023 on atb-devel-224
- - - - -
b5392b55 by Volker Lendecke at 2023-11-02T19:14:37+00:00
tests: Allow to specify share names in smb2symlink tests
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9dd5e12c by Volker Lendecke at 2023-11-02T19:14:37+00:00
tests: Make clean_file() handle directories
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
687b1b99 by Volker Lendecke at 2023-11-02T19:14:37+00:00
tests: Convert the regression test for bug15505 to python
The shell version is flapping, but I can't really figure out
why. Maybe this version is not flapping, and it also shows the failure
if you revert 952d6c2cf48.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0a09a69 by Joseph Sutton at 2023-11-02T19:14:37+00:00
selftest/flapping: Mark smb2.multichannel.bugs.bug_15346(nt4_dc) flapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6033b1c0 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51a4443b by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: No longer pass two‐component form of TGS principal
Samba now handles one‐component TGS principals more correctly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7048f380 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e468a7d6 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Always expect client claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
014c939b by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Add support to test framework for existing device info or claims buffers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e999eab by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69d588a8 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Pass a list of PAC modification functions
This is simpler than chaining functions together.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
622ac53f by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Add tests for PACs containing extraneous buffers
Test that the KDC removes these buffers from RODC‐issued PACs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
224408f9 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Test target authentication policies when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86fb7d17 by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Don’t reuse SID S-1-2-3-4
We’re already using it in ‘client_sids’ to work around a bug in Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62373eee by Joseph Sutton at 2023-11-02T19:14:37+00:00
tests/krb5: Test RODC‐issued TGTs that already contain device info/claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ef68efc by Joseph Sutton at 2023-11-02T20:13:50+00:00
tests/krb5: Fix comments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 2 20:13:50 UTC 2023 on atb-devel-224
- - - - -
cfec96d5 by Joseph Sutton at 2023-11-03T03:53:08+00:00
third_party/heimdal: Import lorikeet-heimdal-202311030123 (commit 2346a67fe25cbf16128501665db41f6840546e15)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Nov 3 03:53:08 UTC 2023 on atb-devel-224
- - - - -
19434fe0 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: remove call to fdos_mode() when setting DOS attrs
This added in 49a754b82d33fb523cda4151a865584ae52a2e2f to work with stored
itime based File-Ids. Since switching back to purely inode based File-Ids we
can remove this call that primed itime from DOS xattr.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b3c0854 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: add and use helper function possibly_set_archive()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c7786a1 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: ignore symlinks in file_set_dosmode()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3c6c677 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: in file_set_dosmode() do an early exit if smb_fname->fsp is NULL
No change in behaviour. Simplifies coming changes.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d1b4d89 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: move POSIX check from possibly_set_archive() to file_set_dosmode()
No change in behaviour. Move the check to the more low-level function
file_set_dosmode() to ensure all callers use this consistently.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5604640 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17bb46ab by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: allow POSIX opens for file_set_dosmode() in mkdir_internal()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec143274 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: allow POSIX opens for file_set_dosmode() in rename_internals_fsp()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4c91f8ac by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbtorture3: reduce indentation in posix_ls_fn()
Prepares for adding more logic in a later commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddc9cb77 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: s/FILE_ATTRIBUTES_INVALID/FILE_ATTRIBUTE_INVALID/g
No idea what got me into having an "S" in the define when I added it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cad82600 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbtorture3: remove unused initializers
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd858a2a by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbtorture3: prepare POSIX tests for differentianting between client flavour in the list callback
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95abd2f5 by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbd: allow setting ARCHIVE bit in POSIX context with "store dos attributes"
Cf https://lists.samba.org/archive/samba-technical/2023-October/138504.html
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ab2d619f by Ralph Boehme at 2023-11-05T18:34:38+00:00
smbtorture3: also check test file and it's attributes in two POSIX tests
Verifies that the correct DOS attribute, FILE_ATTRIBUTE_ARCHIVE in this case,
are returned over SMB1 with UNIX extensions.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
273d4850 by Ralph Boehme at 2023-11-05T19:35:51+00:00
CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Nov 5 19:35:51 UTC 2023 on atb-devel-224
- - - - -
74e121f9 by Volker Lendecke at 2023-11-07T12:46:37+00:00
librpc: Fix error path cleanups in start_rpc_host_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f72f9915 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Remove an assert that never triggers
We've checked that right above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5b0500f0 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Protect ea-reading on symlinks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ae236f8f by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Remove a few pointless return; statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ac60b7a1 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: We don't reopen anything but dirs and files
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
62800d62 by Volker Lendecke at 2023-11-07T12:46:37+00:00
libcli: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c81d1d3f by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Return open_symlink_err from filename_convert_dirfsp_nosymlink()
Don't lose information returned from openat_pathref_fsp_nosymlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cee9586c by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share
filename_convert_dirfsp() is the only caller of
safe_symlink_target_path(). Right now this is not called with
"unparsed==0" because the last component is handled in
openat_pathref_fsp() and thus non_widelink_open(). I have code that
will change this, so that we can simplify
openat_pathref_fsp_case_insensitive() to directly call OPENAT, not
going through non_widelink_open. This will cause
safe_symlink_target_path() also be called for the last component,
which means it needs logic to distinguish between PATH_ and
NAME_NOT_FOUND.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8392a832 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Correct PATH_ vs NAME_NOT_FOUND for not following lcomp
Right now this is handled in openat_pathref_fsp(), but this will
change soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
193df617 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Simplify fsp_fullbasepath()
Don't call snprintf() if not necessary.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6c3c37cf by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Make a fake file's stat a valid regular file
We'll add strict checks to only open IFDIR and IFREG soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8308d25f by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Make in_create_options available in smbd_smb2_create_after_exec()
Enable NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED and _STOPPED_ON_SYMLINK if
not opening with FILE_OPEN_REPARSE_POINT. We only know after all the
open logic what we have.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6ea681f3 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Make create_open_symlink_err() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
552f9e9d by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: We want to delete symlinks as such in reply_unlink()
Even with "follow symlinks = yes" we don't want to delete the target
when being given a symlink name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ab56379c by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Make get_real_filename_cache_key() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d00b0e6 by Volker Lendecke at 2023-11-07T12:46:37+00:00
smbd: Simplify openat_pathref_fsp_case_insensitive()
This is more lines of code, but it's still a simplification. With this
patch we don't call the full openat_pathref_fsp() anymore when looking
up the last component in filename_convert_dirfsp(), instead we do the
direct SMB_VFS_OPENAT(). We don't need the whole complexity of
non_widelink_open() for this case, we do know that we have a real
non-cwd dirfsp.
The other big change that is not obvious just from looking at the
patch: This removes the special case for looking up posix
symlinks. Before this patch, filename_convert_dirfsp() returned a
proper smb_filename but without an attached fsp when a smb1 posix
client hits a symlink. This caused all sorts of special case code
everywhere. For example smbd_do_qfilepathinfo() needs to cover both
cases just for the smb1 posix symlink case. This special-case handling
can go now. We can do the path lookup in the smb1-only qpathinfo code
and call into the common code with a proper fsp.
When hitting a symlink and with O_PATH available, we'll get the
symlink opened with an O_PATH fd. Without O_PATH we obviously can't do
that, there we get fd=-1 and an indication that we don't have the
procfd fallback around.
Why all this?
I want to present FIFOs (and eventually symlinks) as reparse points as
the very next step. Without this patch, there is no real unified way
to get the file attributes from disk. Now we can use the proper logic
of fdos_mode() everywhere and not rely on special cases for fsp==NULL.
This patch also changes some error codes for smb1 posix extensions. I
chose to just change the test instead of going after each and every
change. As long as we do get an error, I'm willing to accept that we
slightly change error path behaviour for this deprecated code.
And, I tried to split this up into smaller patches but I failed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
166035b7 by Stefan Metzmacher at 2023-11-07T12:49:11+00:00
tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
94fa2897 by Stefan Metzmacher at 2023-11-07T12:49:11+00:00
third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))
This allows HDB backends to do special handling for
User2User TGS-REQs. The main reason is to let
the HDB_F_GET_SERVER lookup to succeed even for
non-computer accounts. In Samba these are typically
not returned in HDB_F_GET_SERVER in order to avoid
generating tickets with the user password.
But for User2User the account password is not used,
so it is safe to return the server entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adapted to be an import from lorikeet-heimdal as requested]
(cherry picked from commit cbb8145d0c58b34b76a579afd81f0e19ec7106b6)
- - - - -
d314fc58 by Volker Lendecke at 2023-11-07T13:58:07+00:00
smbd: Make get_real_filename_cache_key() static in files.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Nov 7 13:58:07 UTC 2023 on atb-devel-224
- - - - -
3b649ba0 by Stefan Metzmacher at 2023-11-07T14:00:20+00:00
s4:kdc: fix user2user tgs-requests for normal user accounts
User2User tgs requests use the session key of the additional
ticket instead of the long term keys based on the password.
In addition User2User also asserts that client and server
are the same account (cecked based on the sid).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Oct 16 15:38:12 UTC 2023 on atb-devel-224
(cherry picked from commit bf79979f847de36db9da9646a396cdfe6b0e1c6f)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Nov 7 14:00:20 UTC 2023 on atb-devel-224
- - - - -
f8fb8f02 by Joseph Sutton at 2023-11-07T21:54:32+00:00
tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b2de474 by Joseph Sutton at 2023-11-07T21:54:32+00:00
tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64806f37 by Joseph Sutton at 2023-11-07T21:54:32+00:00
tests/krb5: Correct authentication policy SDDL
There is no claim called ‘abc’, so the condition ‘(abc)’ is always going
to fail. Replace this with a condition using ‘Member_of’.
Furthermore, an ACL containing only Deny ACEs will only ever deny. Add a
trailing Allow ACE so that the ACL might allow other principals.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c277a4d3 by Joseph Sutton at 2023-11-07T21:54:32+00:00
tests/krb5: Add test for an authentication policy that allows a specific account
This is a counterpart to ‘test_conditional_ace_allowed_from_user_deny’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
beaec758 by Joseph Sutton at 2023-11-07T21:54:32+00:00
tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bafd63be by Joseph Sutton at 2023-11-07T21:54:32+00:00
s4:auth: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c1d402f by Joseph Sutton at 2023-11-07T21:54:32+00:00
s4:auth: Add comment about claims going ignored for SamLogon
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2733cd7b by Joseph Sutton at 2023-11-07T21:54:32+00:00
s4:kdc: Move return code checks closer to where the return codes are set
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
091af82f by Joseph Sutton at 2023-11-07T22:54:42+00:00
s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC
Such buffers are not to be trusted.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 7 22:54:42 UTC 2023 on atb-devel-224
- - - - -
b317622a by Christof Schmitt at 2023-11-08T17:40:37+00:00
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
95319351 by Christof Schmitt at 2023-11-08T17:40:37+00:00
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cbdc16a7 by Christof Schmitt at 2023-11-08T17:40:37+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
963fc353 by Christof Schmitt at 2023-11-08T18:42:13+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
- - - - -
6d886792 by Günther Deschner at 2023-11-09T08:00:30+00:00
svcctl: unify operation names and always prefix with svcctl_
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb348e5b by Günther Deschner at 2023-11-09T08:00:30+00:00
svcctl: rename SERVICE_FAILURE_ACTIONS to SERVICE_FAILURE_ACTIONSW
(there will be a SERVICE_FAILURE_ACTIONSA variant also)
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7292e378 by Günther Deschner at 2023-11-09T08:00:30+00:00
librpc: add various new commands and types to SVCCTL IDL.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfedb322 by Günther Deschner at 2023-11-09T08:00:30+00:00
librpc: use SERVICE_CONTROL enum in ControlService calls
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80b4893a by Günther Deschner at 2023-11-09T08:00:30+00:00
s4-torture: add test for svcctl_QueryServiceConfigEx
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51c21f72 by Günther Deschner at 2023-11-09T08:00:30+00:00
librpc: add svcctl_ServiceStopReason enums
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd319adc by Günther Deschner at 2023-11-09T08:00:30+00:00
s4-torture: add test for svcctl_ControlServiceExW()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05ffdaee by Günther Deschner at 2023-11-09T08:00:30+00:00
librpc: add missing service control defines
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff83d4b0 by Joseph Sutton at 2023-11-09T08:00:30+00:00
tests/krb5: Move ‘rfc4120_pyasn1’ to ‘rfc4120_pyasn1_generated’
‘rfc4120_pyasn1_generated’ is not to be used directly. Its contents are
now reexported from ‘rfc4120_pyasn1’, which becomes a simple wrapper.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e802cce4 by Joseph Sutton at 2023-11-09T08:00:30+00:00
tests/krb5: Encode KerberosString objects as UTF‐8
Windows treats Kerberos strings as UTF‐8, but by default, pyasn1 encodes
strings as ISO-8859-1. (There is a UTF8String type that gets encoded as
UTF‐8, but it has a different ASN.1 encoding from GeneralString, and so
can’t be used). asn1ate provides no way to override the encoding.
Except…
It turns out we can force UTF‐8 encoding by cunningly overriding
KerberosString.__getattribute__().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b059daf by Joseph Sutton at 2023-11-09T08:00:30+00:00
tests/krb5: Add ‘expected_sname’ parameter to _fast_as_req()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ebd1b8d by Joseph Sutton at 2023-11-09T08:00:30+00:00
tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0ca1bcd by Joseph Sutton at 2023-11-09T08:00:30+00:00
third_party/heimdal: Import lorikeet-heimdal-202311082119 (commit 844610f06bac2b7b2a208cbabc7414bde23abac7)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a11e0c02 by Joseph Sutton at 2023-11-09T08:00:30+00:00
s4:librpc: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f9f9242 by Joseph Sutton at 2023-11-09T08:00:30+00:00
s4:librpc: Fix leak
We should not leak error messages returned by sddl_decode_err_msg().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c35b374 by Joseph Sutton at 2023-11-09T08:00:30+00:00
libcli/security: Reassign flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e822a4ef by Joseph Sutton at 2023-11-09T08:00:30+00:00
libcli/security: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e388e9a8 by Joseph Sutton at 2023-11-09T08:00:30+00:00
ilbcli/security: Fix duplicated words
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db36a930 by Joseph Sutton at 2023-11-09T08:00:30+00:00
libcli/security: Mark arrays ‘const’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a08a724a by Joseph Sutton at 2023-11-09T08:00:30+00:00
netcmd:tests: Test authentication policies containing device‐specific attributes and operators
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
935f4edd by Joseph Sutton at 2023-11-09T08:00:30+00:00
libcli/security: Optionally disallow device‐specific attributes and operators where they are not applicable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f0f930a by Joseph Sutton at 2023-11-09T08:00:30+00:00
s4:librpc: Add ‘allow_device_in_sddl’ parameter to security.descriptor.from_sddl()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5932c47 by Joseph Sutton at 2023-11-09T08:00:30+00:00
netcmd: Add ‘allow_device_in_sddl’ parameter to SDDLField()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb867873 by Joseph Sutton at 2023-11-09T09:01:25+00:00
netcmd: Disallow device‐specific attributes and operators for allowed‐to‐authenticate‐from fields
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 9 09:01:25 UTC 2023 on atb-devel-224
- - - - -
b8ffb245 by Joseph Sutton at 2023-11-10T01:35:32+00:00
third_party/heimdal: krb5: Try to decode e-data as KERB-ERROR-DATA (falling back to METHOD-DATA) (Import lorikeet-heimdal-202311092338 (commit 50996e5f0b0f22a4eb755a6f22cb7b4ecab2aeea))
Previously we tried to decode KERB-ERROR-DATA as METHOD-DATA,
resulting in a confusing error message. Now we just ignore it; but we
could also choose to set an error message containing the NTSTATUS code
in hexadecimal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15514
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Nov 10 01:35:32 UTC 2023 on atb-devel-224
- - - - -
89897359 by Volker Lendecke at 2023-11-10T01:36:43+00:00
librpc: Fix #define header guard
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f38ed355 by Volker Lendecke at 2023-11-10T01:36:43+00:00
librpc: Fix the build on FreeBSD
ndr_wsp.h included standalone does not find struct timespec on FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29558014 by Volker Lendecke at 2023-11-10T02:33:33+00:00
torture3: Correct use of enum client_flavour defines
enum client_flavour does not define LINUX, it defines WINDOWS and
POSIX.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 10 02:33:33 UTC 2023 on atb-devel-224
- - - - -
2b4a17f5 by Andrew Bartlett at 2023-11-13T01:28:36+00:00
librpc/ndr: Remove confusing case where returned string pointer "as" could be NULL
The failure to talloc_strdup("") is just an error and all other cases set the
string or given an error.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4decb074 by Andrew Bartlett at 2023-11-13T01:28:36+00:00
librpc/ndr: Add support for LIBNDR_FLAG_STR_NO_EMBEDDED_NUL
This requires that, other than termination, no NUL (\0) codepoints
exist in the input string, because bytes beyon that will be lost
in the output string.
This in turn causes trouble for round-trip testing, so it is easiest
to reject it upfront (on an opt-in basis).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
29bb93d0 by Andrew Bartlett at 2023-11-13T02:30:23+00:00
libcli/security: conditional aces: don't allow U+0000 in unicode
Allowing this broke a round-trip decode-encode fuzz test. Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62742
(Comments are from an earlier commit by Douglas Bagnall <douglas.bagnall at catalyst.net.nz>)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 13 02:30:23 UTC 2023 on atb-devel-224
- - - - -
adb1da16 by Ralph Boehme at 2023-11-13T10:02:51+00:00
s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.
If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.
Remove knownfail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
(cherry picked from commit 633a3ee6894cc1d05b44dbe47a278202803d9b21)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Nov 13 10:02:51 UTC 2023 on atb-devel-224
- - - - -
f09c5a3d by Ralph Boehme at 2023-11-13T18:35:32+00:00
python: move clean_file() to samba/tests/libsmb.py
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15517
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ccc809f by Ralph Boehme at 2023-11-13T18:35:32+00:00
CI/smb3unix: add test_delete_on_close
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15517
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95443320 by Ralph Boehme at 2023-11-13T19:34:29+00:00
smbd: fix has_other_nonposix_opens_fn()
Given two opens on a file:
1. Windows open with delete-on-close
2. POSIX open with delete-on-close set
When handle 1 is closed processing in has_other_nonposix_opens_fn() will not
delete the file as (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) is false, so
has_other_nonposix_opens() will return true which is wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15517
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 13 19:34:29 UTC 2023 on atb-devel-224
- - - - -
7dca8a96 by Volker Lendecke at 2023-11-13T23:08:30+00:00
smbd: Alternative fix for smb2.stream.attributes2 test
It confused me that a function that supposedly just retrieves dos
attributes also updates something.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b649007a by Ralph Boehme at 2023-11-14T00:10:19+00:00
smbd: remove now unneccessary wrapper vfs_fget_dos_attributes()
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 14 00:10:19 UTC 2023 on atb-devel-224
- - - - -
426ca4cf by Douglas Bagnall at 2023-11-15T04:05:34+00:00
pytests: sid_strings: do not fail if epoch ending has zeros
To avoid collisions in random OID strings, we started using the epoch
date modulus 100 million. The trouble is we did not strip out the
leading zeros, so the field might be '00000123' when it should be
'123', if the date happened not to correspond to an epoch with a zero
in the eighth to last place. This has been the case for most of the
last 1041 days, but fortunately the bug was only introduced earlier
this year.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15520
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
8ead28b2 by Noel Power at 2023-11-15T04:05:34+00:00
s3/utils: ensure sddl_encode/sddl_decode both use domain_sid
prior to this patch sddl_decode get_global_sam_sid was using
'get_global_sam_sid()' but the reciprocal call to sddl_encode uses
'get_domain_sid()' using the domain_sid (instead of local machine sid)
is 'correct'
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1273f9a2 by Noel Power at 2023-11-15T04:05:34+00:00
s3/utils: Add save and restore config switches (and help output)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd2133ba by Noel Power at 2023-11-15T04:05:34+00:00
s3/utils: Add recursive option to smcacls
Adds new switch (and associated help) note: nothing using it yet
Subsequent following commits will make use of this option with
'save' functionality
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db88697d by Noel Power at 2023-11-15T04:05:34+00:00
s3/utils: Add functionality to smbcacls to save dacl(s) to a restore file
Add similar functionality to 'icacls name /save'
Save dacls for a file/directory to a restore/save file.
When saving dacls associated with a directory, using the 'recusive'
switch '-T' will recursively save the content of the directory.
Note: the save file produced by smbcacls and icacls are interchangeable
as smbcacls produces (and uses) the same file format.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa5725cd by Noel Power at 2023-11-15T04:05:34+00:00
s3/utils: Add support to smbcacls to restore dacls from file
Allow smbcacls to restore dacls to a directory from file created by
with smbcacls '--save' or icalcs /save
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
520e3ac0 by Noel Power at 2023-11-15T04:05:34+00:00
docs-xml: Update manpages for new -T, --save & --restore options
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9c230ff by Noel Power at 2023-11-15T04:05:34+00:00
python/samba/tests: Add smbcacl tests for save/restore
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cae5456a by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E117: code is overindented
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30cb66ae by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E502: backslash is redundant between brackets
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b0cb653 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E127: fix hanging indent not lining up
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1c6d4cb by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E221: fix multiple spaces before operator
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db08030c by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E225: missing whitespace around operator
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
925ec0e6 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: user: PEP8 E303 E305: fix too many or too little blank lines
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a75cbd85 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: model: add missing assigned_policy field on User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
921cc1df by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: model: add a find method to User model to avoid repeating code
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
92505086 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: make use of User.find function
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0eb727a5 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member add and remove should not set assigned_silo
The Windows tools don't do this either
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3e18dbe by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member uses consistent output with other commands
This also includes always spelling out "authentication silo" or "authentication policy" in full, not just calling it "silo."
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4e84177 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: make use of unique_name
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30992e86 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: model: User model str method returns username not cn
If the cn is needed then user.cn can be used, this makes it nicer if using {user} in format strings.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f20fa9b by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: Make output consistent with user command
* Use print with file=self.outf
* Show assigned or unassigned silo
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
422680f8 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: add auth silo and policy sub-commands to samba-tool user
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bcc77601 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: rename base class to be used by more tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca9a11c6 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: rename domain_auth_base.py to silo_base.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9ba99a9 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: add tests for user auth policy and silo commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
172f55fb by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: docs: document samba-tool user auth silo and policy commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efedfab3 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: models: add Query class to replace simple generator
This allows other methods to be added on top of the Query class like .first() and .one()
Sometimes it's useful to raise an exception if 0 rows are returned, while other times it's best to return None.
Having a Query class makes it easy to add methods like .one() and .first() to take care of this requirement.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42be08c1 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: models: Model.query method makes use of Query class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
422cc1d1 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: models: fix incorrect return type should not be User
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19613057 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: rename exceptions to grant and revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abc3b508 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: rename model methods to grant and revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
047ddb10 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: update model docstrings and exception text
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb2453d1 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: rename add and remove commands to grant and revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
becb0ecf by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: update command line options help text for grant + revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9552dc0 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: silo member: update docstrings comments and print statements for grant + revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ee86e78 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: rename add_silo_member and remove_silo_member methods in test
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9708209d by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: rename silo member tests to grant + revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88ea6b17 by Rob van der Linde at 2023-11-15T04:05:34+00:00
netcmd: tests: update silo member grant and revoke docstings and comments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6661e77 by Rob van der Linde at 2023-11-15T05:00:58+00:00
netcmd: docs: update docs for silo member grant + revoke
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 15 05:00:58 UTC 2023 on atb-devel-224
- - - - -
15648b5d by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Modernize a DEBUG statement
Avoid casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46372997 by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Remove a NULL check that became obsolete
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f195df4e by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Directly print errno in openat_pathref_fsp_lcomp()
This is where the error came from.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f905384f by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Rename "fsp" to "dirfsp" in smbd_smb2_query_directory_state
Makes it clearer to me what we have there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
47f36e0b by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Simplify smbd_dirptr_8_3_mode_fn()
Do the smb1-specific code directly in smb1-code. Don't tunnel it
through generic smb1/smb2 code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b1e5ed44 by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Simplify smbd_dirptr_get_entry()
Both mode_fn's are now the same. Fold them into smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
901c7cc6 by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Move mask_match_search() to smb1_reply.c
Only called there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5991f4e6 by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Slightly simplify smbd_dirptr_get_entry()
Check for dirptr being toplevel just once.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6b0cfcdb by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Remove a pointless NULL check
We've dereferenced smb_fname before, and talloc_move() never fails.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c96010a2 by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Simplify smbd_dirptr_get_entry()
This uses the much simpler openat_pathef_fsp_lcomp, avoiding
non_widelink_open where we don't need it. The only case where we still
have to call openat_pathref_fsp() in its full capacity is to find out
whether a symlink we found is dangling or not.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80c98acb by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Centralize wiping the ".." stat info
Make sure this also happens for symlinks etc.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aaa73cce by Volker Lendecke at 2023-11-15T05:10:35+00:00
smbd: Centralize fdos_mode() in smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e585186 by Volker Lendecke at 2023-11-15T06:10:38+00:00
smbd: Get the symlink mode for posix through fdos_mode()
fdos_mode() has special code to deal with symlinks, so we don't have
to replicate that logic here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Nov 15 06:10:38 UTC 2023 on atb-devel-224
- - - - -
5572400a by Anoop C S at 2023-11-15T17:48:42+00:00
vfs_ceph: Add path based fallback mechanism for SMB_VFS_CHOWN
Fallback mechanism was missing in cephwrap_fchown() for path based call.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
14973440 by Anoop C S at 2023-11-15T17:48:42+00:00
vfs_ceph: Fix a comment in cephwrap_fchmod()
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e091febb by Anoop C S at 2023-11-15T17:48:42+00:00
vfs_ceph: Fix the comment quoting module usage
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b1a687a by Anoop C S at 2023-11-15T17:48:42+00:00
vfs_ceph: Replace libceph with libcephfs in comments
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9898ca65 by Anoop C S at 2023-11-15T18:52:16+00:00
docs-xml: Fix a usage for case sensitive parameter
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 15 18:52:16 UTC 2023 on atb-devel-224
- - - - -
05f1ee1a by Christof Schmitt at 2023-11-15T18:54:11+00:00
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
AT_EMTPY_PATH does not exist on AIX. Address this by implementing an
override for fstat. Implement the new override function in nfs4_acls.c
since all stat functions with DAC_CAP_OVERRIDE will be moved there to
allow reuse by other filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
316c96ea by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse by other filesystem modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
6b1e066c by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other filesystem modules. Also rename the function to the slightly
more precise name stat_with_cap_dac_overide.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
f8a23d96 by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other file system modules. Also rename the function to the more
generic name nfs4_acl_stat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
f9301871 by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse.
Move the vfs_gpfs_fstat function and rename to the more generic name
nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
2c119567 by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow
reuse. Move the vfs_gpfs_lstat function and rename to the more generic
name nfs4_acl_lstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
5fd73e93 by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse. Move the vfs_gpfs_fstatat function and rename it to the more
generic name nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
8831eeca by Christof Schmitt at 2023-11-15T18:54:11+00:00
nfs4_acls: Make fstatat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
0f664f01 by Christof Schmitt at 2023-11-15T18:54:11+00:00
nfs4_acls: Make stat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
bffd8bd8 by Christof Schmitt at 2023-11-15T18:54:11+00:00
nfs4_acls: Make fstat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
9cac9154 by Christof Schmitt at 2023-11-15T18:54:11+00:00
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
12e5c15a by Christof Schmitt at 2023-11-15T19:55:07+00:00
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224
- - - - -
b18fe675 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_decode_err_msg(): don't pretend msg is optional (CID1548624)
Having it optionally NULL just complicates the code, and Coverity
rightly complained.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23a83d37 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
pytest:samba-tool domain auth policy: expect error message detail
The knownfail will stay around for a few commits, because the message
we get is slightly wrong.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74c6cf44 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_decode_ace: turn DBG_WARNINGs into messages
This allows the messages to be more reliably presented by client tools
in a useful way.
The messages lose the trailing \n, and some were slightly tweaked (e.g.
s/Resource ACE/Resource Attribute ACE/).
They will still show up in logs for callers of sddl_decode(), but at
NOTICE level rather than WARNING.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f712f8d3 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security: adjust log verbosity in sddl_decode
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
206db403 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_decode_ace: add more messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd41357f by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcl/security:sddl_decode_acl: add a message
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01f8b610 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_decode_ace: fix ';' count message
The wrong number of semicolons is usually one less than count (which
counts sections separated by semicolons), except when count is zero.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15fcf9b7 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcl/security:sddl_decode_acl: expand a comment
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b4f9724 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_parse: add some top level error messages
the way we parse things, we can't really distinguish between complete
nonsense and an ACL that seems to end early because of bad flags. That
is, "D:ZZ(A;;;;;WD)" looks the same as "ZZ" to the parser. But at least
we can point to the right place in the string.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f4e018e by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security/test_sddl_conditional_ace: add message tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
609965b6 by Douglas Bagnall at 2023-11-15T22:07:35+00:00
libcli/security:sddl_decode message offset safety latch
the message offset is largely calculated using the differences
between pointers in many places scattered throughout the code.
If we got one of these wrong, we could easily have a SIZE_MAX-ish
offset, which would be unfortunate if we came decided to display
the offset using spaces.
We can sanely limit the offset to the length of the SDDL.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b11978a0 by Joseph Sutton at 2023-11-15T22:07:35+00:00
librpc:ndr: Fix error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef0109d2 by Joseph Sutton at 2023-11-15T22:07:36+00:00
librpc:ndr: Check return values of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce2f4ecd by Joseph Sutton at 2023-11-15T22:07:36+00:00
librpc:ndr: Prohibit STR_NULLTERM|STR_NOTERM flags combination
ndr_pull_string() prohibited this, but ndr_push_string() always masked
STR_NOTERM out. Now the set of allowed flags should be consistent
between the two functions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b693597 by Joseph Sutton at 2023-11-15T22:07:36+00:00
libndr:ndr: Allow only one string encoding flag
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2562f24d by Joseph Sutton at 2023-11-15T22:07:36+00:00
librpc:ndr: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e029b2c by Joseph Sutton at 2023-11-15T22:07:36+00:00
librpc:ndr: Convert NDR flags types to enumerations
Using an enumeration rather than ‘uint32_t’ or ‘uint64_t’ means that
debuggers such as gdb can now associate the flag constants with their
respective types. This means that if you have an instance of these flags
types, the debugger will show you the individual flags that make up the
value rather than an inscrutable integer value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
982238e9 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a63cf19e by Joseph Sutton at 2023-11-15T22:07:36+00:00
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2a74319 by Joseph Sutton at 2023-11-15T22:07:36+00:00
s4:smb_server: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
542e5a30 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Rename utf16_len_n() to utf16_null_terminated_len_n()
The new name indicates that — contrary to functions such as strnlen() —
the length may include the terminator.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16996d14 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Rename utf16_len() to utf16_null_terminated_len()
The new name indicates that — contrary to functions such as strnlen() —
the length may include the terminator.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
516f35b5 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Add utf16_len()
This function returns the length in bytes of a UTF‐16 string excluding
the null terminator.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74a5a3b7 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Include final UTF‐16 code unit in length calculation loop
Change ‘<’ to ‘<=’ so that we check the final UTF‐16 code unit in our
search for the null terminator. This makes no difference to the result:
if we’ve reached the final code unit without finding a terminator, the
final code unit will be included in the length whether it is a null
terminator or not.
Why make this change? We’re about to factor out this loop into a new
function, utf16_len_n(), where including the final code unit *will*
matter.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4674638 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Add utf16_len_n()
This function returns the length in bytes — at most ‘n’ — of a UTF‐16
string excluding the null terminator.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ebf7f42 by Joseph Sutton at 2023-11-15T22:07:36+00:00
s4:torture: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99e0a0f2 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset/tests: Add tests for UTF‐16 string length functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec3e4208 by Joseph Sutton at 2023-11-15T22:07:36+00:00
util/charset: Prefer PULL_LE_U16() to older SVAL() macro
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
beff3e6d by Joseph Sutton at 2023-11-15T22:07:36+00:00
python:tests: Fix crashing pymessaging tests
Commit 8c75d9fc73614fad29a998d08c4b11034ab2aebb changed
Messaging.deregister() to take a two‐element tuple containing private
data as well as a callback, but it did not change the call in
samba.tests.messaging.MessagingTests.test_register to match.
Since imessaging_deregister() completely ignored the ‘private_data’
parameter passed to it (assuming the callback was registered with
msg_type == -1), everything still appeared to work — until commit
b22c21799527323877b330c16c23057582721abb changed Messaging.deregister()
to no longer leak memory. Now the wrong variable had its reference count
decremented, causing the test to crash.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c1e3f0d by Joseph Sutton at 2023-11-15T23:11:13+00:00
python:tests: Ensure we clean up callbacks in pymessaging tests
Not calling ‘deregister()’ results in memory getting leaked.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 15 23:11:13 UTC 2023 on atb-devel-224
- - - - -
d0d026bd by Noel Power at 2023-11-16T01:51:39+00:00
libcli/security: Debug only when we failed to decode
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b319769e by Noel Power at 2023-11-16T01:51:39+00:00
s3/utils: Detect (and report) failure to parse sddl
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6613b5bd by Noel Power at 2023-11-16T01:51:39+00:00
s3/utils: Use sddl_decode_err_msg instead of sddl_decode
Use sddl_decode_err_msg instead of sddl_decode for possible better
error reporting.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79ef40b0 by Andrew Bartlett at 2023-11-16T01:51:39+00:00
s4-scripting/devel: Fix repl_cleartext_pwd to use built-in RC4
This allows the usage test to pass on our CI hosts without
python-crypto and not uxsuccess on hosts with it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4ec50d91 by Andrew Bartlett at 2023-11-16T01:51:39+00:00
s4-scripting/devel: Fix str() vs bytes() issue in repl_cleartext_pwd.py
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3f908e19 by Andrew Bartlett at 2023-11-16T02:46:57+00:00
s4-scripting: Remove repl_cleartext_pwd.py
This script was the precursor to newer samba-tool commands and no longer
works. The previous commits record some of the work to have it operate in the
modern era, but keeping this around is more trouble than it is worth.
Use these commands instead:
samba-tool drs clone-dc-database --include-secrets
samba-tool user getpassword administrator --attributes=virtualClearTextUTF8
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 16 02:46:57 UTC 2023 on atb-devel-224
- - - - -
3f0809f1 by Joseph Sutton at 2023-11-16T05:18:36+00:00
util/charset: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6ff89f6 by Joseph Sutton at 2023-11-16T05:18:36+00:00
util/charset: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
939ceb23 by Joseph Sutton at 2023-11-16T05:18:36+00:00
util/charset: Add talloc_utf16_str[n]dup()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b03c6de by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Fix code formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e580fad by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Fix error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e2b80f8 by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Introduce common out path in ndr_push_string()
This ensures that ‘dest’ gets freed on failure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e01e6202 by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Move call to convert_string_talloc() on to its own line
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
204a46b7 by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Don’t duplicate strings needlessly
If the source string doesn’t need to be converted, there’s no reason for
it to be talloc‐allocated.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e04f627e by Joseph Sutton at 2023-11-16T05:18:36+00:00
librpc:ndr: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ddb98e7d by Joseph Sutton at 2023-11-16T05:18:36+00:00
pidl: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a9ad610 by Joseph Sutton at 2023-11-16T05:18:36+00:00
pidl: Don’t overwrite exception set by PyUnicode_AsEncodedString()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df19006c by Joseph Sutton at 2023-11-16T05:18:36+00:00
tests/krb5: Allow creating Group Managed Service Accounts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f3f3c0c by Joseph Sutton at 2023-11-16T05:18:36+00:00
s4:librpc: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe1d45cf by Joseph Sutton at 2023-11-16T06:23:35+00:00
s4:librpc: Add functions converting between bytes and UTF‐16 strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 16 06:23:35 UTC 2023 on atb-devel-224
- - - - -
4481a67c by Ralph Boehme at 2023-11-16T18:31:17+00:00
smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor()
VFS modules like streams_xattr use the function fsp_is_alternate_stream() on the
fsp to determine in an fsp is a stream, eg in streams_xattr_close(). If
fspo->base_fsp is arlready set to NULL, this won't work anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15521
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 16 18:31:17 UTC 2023 on atb-devel-224
- - - - -
a1738e82 by Björn Jacke at 2023-11-16T21:38:37+00:00
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c1e2fbb1 by Björn Jacke at 2023-11-16T21:38:37+00:00
dosmode.c: prefer use of capabilities at two places over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
944cb515 by Björn Jacke at 2023-11-16T21:38:38+00:00
token_util.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
06e5c1e3 by Björn Jacke at 2023-11-16T21:38:38+00:00
nfs4_acls.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
12734848 by Björn Jacke at 2023-11-16T21:38:38+00:00
vfs_acl_common.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
0e3836e3 by Björn Jacke at 2023-11-16T21:38:38+00:00
vfs_acl_xattr.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
62464bd2 by Björn Jacke at 2023-11-16T21:38:38+00:00
vfs_default.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
92278418 by Björn Jacke at 2023-11-16T21:38:38+00:00
vfs_posix_eadb.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
4227b011 by Björn Jacke at 2023-11-16T21:38:38+00:00
vfs_recycle.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
b250f25f by Björn Jacke at 2023-11-16T21:38:38+00:00
open.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1edf9eca by Björn Jacke at 2023-11-16T22:39:05+00:00
posix_acls.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Thu Nov 16 22:39:05 UTC 2023 on atb-devel-224
- - - - -
82f021d4 by Günther Deschner at 2023-11-17T00:39:18+00:00
pidl: include scompat headers and servers in s3 server template
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Nov 17 00:39:18 UTC 2023 on atb-devel-224
- - - - -
88174f48 by MikeLiu at 2023-11-17T11:07:01+00:00
vfs_fruit: ignore ENAMETOOLONG in fruit_unlink_rsrc_adouble()
adouble_path() inside fruit_unlink_rsrc_adouble() prepend "._" to a basename,
lenth of apple double filename will exceed NAME_MAX if length of basename
is equal to NAME_MAX (or NAME_MAX-1).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15504
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Nov 17 11:07:01 UTC 2023 on atb-devel-224
- - - - -
19105f51 by Anoop C S at 2023-11-17T18:04:43+00:00
vfs_ceph: Fix some uninitialized structs and pointers
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Nov 17 18:04:43 UTC 2023 on atb-devel-224
- - - - -
b7631bf6 by Björn Jacke at 2023-11-20T03:52:33+00:00
lib/util: move copyright define to copyright.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccfe345f by Björn Jacke at 2023-11-20T03:52:33+00:00
debug.h: introduce DEBUG_STARTUP_NOTICE
this is log level -1 and lowest syslog priority. This is used for start up
messages and copyright notices, which should always be printed but which are no
errors or warnings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
159cfde4 by Björn Jacke at 2023-11-20T03:52:33+00:00
logging: use DBG_STARTUP_NOTICE for startup message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb370b93 by Björn Jacke at 2023-11-20T03:52:33+00:00
README.Coding.md: add DBG_STARTUP_NOTICE macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50337aca by Björn Jacke at 2023-11-20T03:52:33+00:00
lib/util/become_daemon.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72f20311 by Björn Jacke at 2023-11-20T03:52:33+00:00
source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55d895dc by Björn Jacke at 2023-11-20T03:52:33+00:00
profile: issues info message with lower log level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
baa67024 by Björn Jacke at 2023-11-20T03:52:33+00:00
s4/server.c: move some log messages from ERR to NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9501dbee by Günther Deschner at 2023-11-20T03:52:33+00:00
s3-rpcclient: add winreg_enumval command
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36745d63 by Günther Deschner at 2023-11-20T03:52:33+00:00
s4-torture: add torture_assert_werr_equal_goto and torture_assert_werr_ok_goto macros
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43a8a037 by Günther Deschner at 2023-11-20T03:52:33+00:00
s4-torture: add test to check for Windows behavior of EnumValue call
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fd0689f by Günther Deschner at 2023-11-20T03:52:33+00:00
s3-winreg: fix _winreg_EnumValue behavior
When returning WERR_MORE_DATA the winreg server needs to indicate the
required buffer size.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5119d554 by Günther Deschner at 2023-11-20T04:50:00+00:00
s4-winreg: fix dcesrv_winreg_EnumValue behavior
When returning WERR_MORE_DATA the winreg server needs to indicate the
required buffer size.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 20 04:50:00 UTC 2023 on atb-devel-224
- - - - -
af4fe00f by Björn Jacke at 2023-11-20T08:50:22+00:00
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit a1738e8265dd256c5a1064482a6dfccbf9ca44f1)
- - - - -
a5b61b46 by Douglas Bagnall at 2023-11-20T10:00:15+00:00
pytests: sid_strings: do not fail if epoch ending has zeros
To avoid collisions in random OID strings, we started using the epoch
date modulus 100 million. The trouble is we did not strip out the
leading zeros, so the field might be '00000123' when it should be
'123', if the date happened not to correspond to an epoch with a zero
in the eighth to last place. This has been the case for most of the
last 1041 days, but fortunately the bug was only introduced earlier
this year.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15520
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
(cherry picked from commit 426ca4cf4b667aae03f0344cee449e972de90ac7)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Nov 20 10:00:15 UTC 2023 on atb-devel-224
- - - - -
f337fd99 by Andreas Schneider at 2023-11-20T15:37:33+00:00
lib:replace: Add python.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9621a3d7 by Andreas Schneider at 2023-11-20T15:37:33+00:00
Use python.h from libreplace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c290052f by Andreas Schneider at 2023-11-20T15:37:33+00:00
third_party: Build pypamtest with -Wno-error=declaration-after-statement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
362b0d69 by Andreas Schneider at 2023-11-20T15:37:33+00:00
python:tests: Fix assertEquals which doesn't exist in Python 3.12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
938afb8b by Andreas Schneider at 2023-11-20T15:37:33+00:00
python:tests: SHA1 is no longer supported by cryptography module
See https://github.com/pyca/cryptography/issues/8213#issuecomment-1419060001
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34d80fc9 by Andreas Schneider at 2023-11-20T16:38:20+00:00
gitlab-ci: Update Fedora to version 39
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Nov 20 16:38:20 UTC 2023 on atb-devel-224
- - - - -
30dd3488 by Joseph Sutton at 2023-11-20T21:50:32+00:00
librpc:ndr: Don’t try to log always‐NULL string
Commit c51795c747198f9e002505ffa39ad710beff0358 reorganized
ndr_pull_string() so that when we reach this DEBUG(), we don’t yet have
a string to log — ‘as’ will always be NULL. Attempting to log a NULL
string invokes undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4629fc7c by Joseph Sutton at 2023-11-20T21:50:32+00:00
util/charset: Have talloc_utf16_str[n]dup() accept NULL pointers
This is in line with ‘talloc_str[n]dup()’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1e5a617 by Joseph Sutton at 2023-11-20T21:50:32+00:00
s4:librpc: Produce more helpful error message when bytes length is odd
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43681457 by Joseph Sutton at 2023-11-20T21:50:32+00:00
pidl: Add a helper function to determine whether a type is a string type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f94b981e by Joseph Sutton at 2023-11-20T21:50:32+00:00
pidl: Add new ‘u16string’ type
This type represents a UTF‐16–encoded string. These strings are kept
UTF‐16–encoded rather than converted to the Unix charset to be stored in
memory; this avoids issues regarding NULL termination and conversion
between character sets. We want to be able to handle strings that are
not valid UTF‐16.
Not bumping the NDR ABI version, because there hasn’t been an NDR
release since commit c4f281e9ae36c225b6003e0fa1cb8fb2e67bf543.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35611f2b by Joseph Sutton at 2023-11-20T21:50:32+00:00
gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19b4fb8b by Joseph Sutton at 2023-11-20T21:50:32+00:00
librpc: Add NDR test for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21a3f60c by Joseph Sutton at 2023-11-20T21:50:32+00:00
python:tests: Move NDR tests to their own directory
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0e6fe0b by Joseph Sutton at 2023-11-20T21:50:32+00:00
tests/ndr: Add tests for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
028c9054 by Joseph Sutton at 2023-11-20T22:51:17+00:00
python:tests: Add ndrdump test for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 20 22:51:17 UTC 2023 on atb-devel-224
- - - - -
95af9424 by Ralph Boehme at 2023-11-21T10:19:16+00:00
smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor()
VFS modules like streams_xattr use the function fsp_is_alternate_stream() on the
fsp to determine in an fsp is a stream, eg in streams_xattr_close(). If
fspo->base_fsp is arlready set to NULL, this won't work anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15521
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 16 18:31:17 UTC 2023 on atb-devel-224
(cherry picked from commit 4481a67c1b20549a71d6c5132b637798a09f966d)
- - - - -
2feaa755 by Andreas Schneider at 2023-11-21T10:19:16+00:00
lib:replace: Add python.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f337fd995024283f6e1b3f8ec1cc2b3aeb55a2a6)
- - - - -
ec588598 by Andreas Schneider at 2023-11-21T10:19:16+00:00
Use python.h from libreplace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9621a3d7a6949aa833425884cd22379387738cfa)
- - - - -
ec4893ee by Andreas Schneider at 2023-11-21T10:19:16+00:00
third_party: Build pypamtest with -Wno-error=declaration-after-statement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c290052fd28bbfa5b885119f322cb0718073e507)
- - - - -
2f5a1ac1 by Andreas Schneider at 2023-11-21T10:19:16+00:00
python:tests: Fix assertEquals which doesn't exist in Python 3.12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 362b0d69b16c5bbcd0ff7dd7ba12e1ac037a6b3d)
- - - - -
b6c13c49 by Andreas Schneider at 2023-11-21T11:15:30+00:00
python:tests: SHA1 is no longer supported by cryptography module
See https://github.com/pyca/cryptography/issues/8213#issuecomment-1419060001
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 938afb8b28973b0065cc3509b70ebe3f6986de47)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Nov 21 11:15:30 UTC 2023 on atb-devel-224
- - - - -
80ba5456 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s4:rpc_server: Remove trailing white spaces from lsa_init.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c72df15 by Stefan Metzmacher at 2023-11-21T11:16:37+00:00
lsa.idl: Add new functions and types
[MS-LSAD] got new functions in order to use AES encryption
and other security related features.
For our servers we still pretent we don't
know about the new functions and return DCERPC_FAULT_OP_RNG_ERROR.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f5275ae3 by Stefan Metzmacher at 2023-11-21T11:16:37+00:00
lsa.idl: Backport changes from wireshark
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
75e381d4 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s4:torture: Adapt LSA tests for newer Windows versions
Newer Windows version directly disconnect the client. This is what
happens if the test is run against Windows Server 2022.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
15cecaaf by Andreas Schneider at 2023-11-21T11:16:37+00:00
s4:rpc_server: Implement dcesrv_lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d18ce289 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpc_server: Implement _lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f5a4dcb0 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s4:torture: Implement lsa_OpenPolicy3 tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aecd73be by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpc_client: Implement dcerpc_lsa_open_policy3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0db70232 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpc_client: Implement dcerpc_lsa_open_policy_fallback()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
070cfeae by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpc_server: Use dcerpc_lsa_open_policy_fallback() for netlogon
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bea13a02 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_trust.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4f7c395c by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:libnetapi: Use dcerpc_lsa_open_policy_fallback() in localgroup.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
367b946a by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
48fe294e by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5b3e5620 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e5abb584 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_rights.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
28e7a754 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:utils: Use goto to close the policy in rpc_rights_grant_internal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6b6a88cd by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:utils: Use any_nt_status_not_ok() in rpc_rights_grant_internal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
05a006fa by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
417c8180 by Andreas Schneider at 2023-11-21T11:16:37+00:00
s3:winbind: Always close the policy handle we opened
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8863d84d by Andreas Schneider at 2023-11-21T12:21:18+00:00
s3:rpc_client: Remove unused rpccli_lsa_open_policy2()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Nov 21 12:21:18 UTC 2023 on atb-devel-224
- - - - -
af69ea73 by Volker Lendecke at 2023-11-21T17:34:36+00:00
smbd: Convert a void* into the real DIR*
Not sure why this was a void*
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c5380c9 by Volker Lendecke at 2023-11-21T17:34:36+00:00
smbd: Fix a comment
See 84cf205ff435
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2651a7b0 by Volker Lendecke at 2023-11-21T17:34:36+00:00
smbd: Fix/remove a comment that became irrelevant
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66a8a4f0 by Volker Lendecke at 2023-11-21T17:34:36+00:00
utils: Fix Coverity ID 240113
Not a leak, but Coverity does not understand talloc well enough.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a5c2134c by Volker Lendecke at 2023-11-21T17:34:36+00:00
samr4: Fix Coverity ID 1499378
Coverity isn't smart enough to see this is initialized. As it's good
practice to initialize vars, just do it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bc329a3 by Volker Lendecke at 2023-11-21T17:34:36+00:00
lsa4: Fix Coverity ID 1499410
It complains about uninitialized access, and I'm not sure it isn't
right. Just initialize the structure.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc0df4fd by Volker Lendecke at 2023-11-21T17:34:36+00:00
winbind: Fix Coverity ID 1398910
Coverity isn't smart enough for talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f955d9aa by Volker Lendecke at 2023-11-21T18:33:51+00:00
smbd: Fix Coverity ID 1499372 Uninitialized scalar variable
This is real.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 21 18:33:51 UTC 2023 on atb-devel-224
- - - - -
faf0b784 by Rob van der Linde at 2023-11-22T23:35:33+00:00
tests: gensec: docstrings in the middle of code should be comments
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e3491e2 by Rob van der Linde at 2023-11-22T23:35:33+00:00
selftest: move planoldpythontestsuite up so it can be used by blackbox tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf07a979 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: fix typo in groups and computer commands
Everywhere else it is using Group's except for one place which makes it obvious this was incorrect.
Same goes for Computers's vs Computer's
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ce9b753 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: use correct SDDL for authentication silos
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91cc7335 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: add SIDField field
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e256a04d by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: get_base_dn returns default rather than be abstract
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6255d57c by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: add readonly attribute on fields to exclude it from save
There was trouble when saving fields like is system object, these need to be excluded on save.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c1f56fee by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: ensure that backlinks are always readonly
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9b1ac93 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: make systemFlags and systemOnly fields readonly
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96aaa005 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: add a Group model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fe147a0 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: models: add field test for SIDField
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42de24d7 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: add allowed to authenticate to by silo attributes
--user-allowed-to-authenticate-to-by-silo
--service-allowed-to-authenticate-to-by-silo
--computer-allowed-to-authenticate-to-by-silo
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e00952c by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: document allowed to authenticate from silo and to by silo attributes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbeb424e by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: rename "from silo" to "from device silo"
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eaf1bd56 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: add allowed-to-authenticate-to-by-group attributes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b451471 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: fix missing 'by' in help string
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fad29cd0 by Rob van der Linde at 2023-11-22T23:35:33+00:00
netcmd: auth policy: add allowed-to-authenticate-from-device-group attributes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83e8971c by Rob van der Linde at 2023-11-23T00:32:33+00:00
Claims initial black box tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Nov 23 00:32:33 UTC 2023 on atb-devel-224
- - - - -
bd21a0cd by Stefan Metzmacher at 2023-11-24T09:30:38+00:00
lib/util: add debug_set_forced_log_priority()
By default the priority for syslog/systemd is derived from
the log level of the debug message.
But for things like startup messages we want to
change the priority temporary, like this:
debug_set_forced_log_priority(DBGLVL_NOTICE);
D_ERR("Startup...\n");
debug_set_forced_log_priority(-1);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd8dcff9 by Stefan Metzmacher at 2023-11-24T09:30:38+00:00
lib/util: convert DBG_STARTUP_NOTICE() to use debug_set_forced_log_priority(DBGLVL_NOTICE)
Using -1 as log level is not compatible without our infrastructure.
As all backends are initialized with .log_level = -1, which means
they don't log the message, but now they all try to handle the
startup message even if they are not configured.
E.g. is means that systemd's journalctl get the message twice
now, first via the syslog and also the systemd backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5c76c3c by Stefan Metzmacher at 2023-11-24T10:34:58+00:00
Revert "README.Coding.md: add DBG_STARTUP_NOTICE macro"
This reverts commit bb370b9381e5d223ff4ac62f612888f90a63fcc5.
We no longer use log level -1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Nov 24 10:34:58 UTC 2023 on atb-devel-224
- - - - -
98249085 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b317622a8fed0ee195ffe40129eb5bcad28dd985)
- - - - -
9043b07b by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 95319351e37b8b968b798eee66c93852d9ad2d81)
- - - - -
14bb93a4 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e)
- - - - -
26d47c66 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
(cherry picked from commit 963fc353e70b940f4009ca2764e966682400e2dc)
- - - - -
cc0416f1 by Christof Schmitt at 2023-11-25T18:27:15+00:00
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
AT_EMTPY_PATH does not exist on AIX. Address this by implementing an
override for fstat. Implement the new override function in nfs4_acls.c
since all stat functions with DAC_CAP_OVERRIDE will be moved there to
allow reuse by other filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 05f1ee1ae2d8439af0ac9baf64ebba1a3374ea83)
- - - - -
18373c5d by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse by other filesystem modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 316c96ea83a7b70d35879e4743193bb1e9cb566c)
- - - - -
dd266ff2 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other filesystem modules. Also rename the function to the slightly
more precise name stat_with_cap_dac_overide.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 6b1e066c4f354f297fbf99ad93acfaf44e3b89cb)
- - - - -
af89e07c by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other file system modules. Also rename the function to the more
generic name nfs4_acl_stat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit f8a23d960e02f783119c2aef38a6e293ee548df3)
- - - - -
ac17e86b by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse.
Move the vfs_gpfs_fstat function and rename to the more generic name
nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit f9301871c61b066c1ea464e6e9109bb2cde71598)
- - - - -
119586b1 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow
reuse. Move the vfs_gpfs_lstat function and rename to the more generic
name nfs4_acl_lstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 2c1195678d34516744ba4f8b1c5582f4046cba35)
- - - - -
5998e68d by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse. Move the vfs_gpfs_fstatat function and rename it to the more
generic name nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 5fd73e93af9d015c9e65a6d4d16229476a541cfc)
- - - - -
482e205d by Christof Schmitt at 2023-11-25T18:27:15+00:00
nfs4_acls: Make fstatat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 8831eeca1d70c909e15c86c8af6a7b1d7b0d3b5b)
- - - - -
5f157b23 by Christof Schmitt at 2023-11-25T18:27:15+00:00
nfs4_acls: Make stat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 0f664f016207894e0a156b9e1f4db7677c264205)
- - - - -
ada585b6 by Christof Schmitt at 2023-11-25T18:27:15+00:00
nfs4_acls: Make fstat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit bffd8bd8c32fea738824b807eb9e5f97a609493e)
- - - - -
f4d8a339 by Christof Schmitt at 2023-11-25T18:27:15+00:00
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 9cac91542128888bde79391ca99291a76752f334)
- - - - -
5897f213 by Christof Schmitt at 2023-11-25T19:40:32+00:00
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224
(cherry picked from commit 12e5c15a97b45aa01fc3f4274f8ba9cf7d1ddbe9)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Sat Nov 25 19:40:32 UTC 2023 on atb-devel-224
- - - - -
1dd81928 by Björn Jacke at 2023-11-27T01:12:40+00:00
libgpo: fix wrong lineending in admx files
When changing or reviewing admx file patches, make sure, that those files are
dos fileformat and they need to have the magic ^M at the end of each line ...
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e925f97 by Björn Jacke at 2023-11-27T01:12:40+00:00
dosmode: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e3be66a by Douglas Bagnall at 2023-11-27T01:12:40+00:00
pytest: security_descriptors tests get enumerator in name
This will make knownfails easier, given the names contain so many
regular expression metacharacters.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f18ffd11 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: initialise conditional ACE token flags
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ab9cb19 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security:sddl_condtional_ace: log compiler errors at some debug levels
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cda9371b by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security/test_sddl_conditional_ace: adjust RA octet parse tests
We are going to parse octet strings like Windows (as opposed to like
Windows docs), so the tests need changing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33caae43 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: un-invert parse_resource_attr_list, check type first
We were reusing parse_literal() because it almost does what we need,
but it is different enough that check_resource_attr_type() is large
and complicated, and can't handle all the cases (in particular octet-
strings and SIDs are different in resource ACEs).
This way is better because we know the type in advance, so we can use
that to choose the parser, which will help with octet-strings that are
only digits.
In this commit we're leaving the check there, but it soon won't do
anything that the parse_* functions don't, and we will remove it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
800f770e by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: sddl_conditional_ace: add parse_uint for RA aces
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
059610a6 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: sddl_conditional_ace: add parse_bool for RA aces
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ef71399 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: sddl_conditional_ace: remove check_resource_attr_type()
This is unneeded, as now all the checks are done in the relevant
parse_* functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38e7b4dc by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: add a parser for resource attribute ACE byte strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79292c8d by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security/sddl: write RA octet strings the Windows way
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a2e335e by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: parse resource attribute ace SIDs separately
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dc60891d by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: conditional ACE sid parser no longer expects RA ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20ffec71 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security: improve error messages in RA ACE SDDL
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf295c94 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security:sddl: remove vestiges of shared conditional/resource ACE SID parsing
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19129660 by Douglas Bagnall at 2023-11-27T01:12:40+00:00
libcli/security/tests: remove duplicate TX-integer tests from oversized-ACLs
We had two sets of test vectors (Windows ground-truth for SDDL
compilation) that got mixed up.
The "oversized ACLs" set is ACLs that contain repeated ACEs, like
"D:P(D;;;;;MP)(D;;;;;MP)" -- Windows will assign a size to the ACL
that is greater than the sum of the ACEs, while Samba will not (in
part because we don't actually store a size for the ACL, instead
calculating it on the fly from the size of the ACEs).
The "TX integers" set is for resource attribute ACEs with octet-string
data that contains pure integers (lacking '#' characters) in their
SDDL, like «(RA;;;;;WD;("bar",TX,0x0,0077,00,0077,00))». We used to
think that was weird, and that RA-TX ACEs should contain octet-strings
in the conditional ACE style. But now we have realised it's not weird,
it's normal, and we have fixed our handling of these ACEs.
As a result of this mix-up, some of the tests labelled as "oversized
ACLs" started passing when we fixed the TX integer problem, and that
was confusing. All of the removed tests are already on the TX integer
set -- the removed ones were duplicates.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14b17c3d by Douglas Bagnall at 2023-11-27T02:10:12+00:00
libcli/security/tests: gunzip the oversized-acls test vectors
These are just as readable with `less` as they were with `zless`.
This file has been slightly manually edited to add line-breaks. There
is not an easy setting in Python's json module to get good formatting.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 27 02:10:12 UTC 2023 on atb-devel-224
- - - - -
9c5a7d12 by Rob van der Linde at 2023-11-27T03:08:28+00:00
netcmd: auth: set better metavar that matches the docs
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
828d534c by Andrew Bartlett at 2023-11-27T03:08:28+00:00
docs-xml: Improve and consolidate "samba-tool domain auth policy create/modify" docs
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0b74adb3 by Andrew Bartlett at 2023-11-27T04:05:46+00:00
samba-tool: Improve help messages for "samba-tool domain auth policy"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 27 04:05:46 UTC 2023 on atb-devel-224
- - - - -
e4a8049f by Jule Anger at 2023-11-27T13:04:13+01:00
WHATSNEW: Add release notes for Samba 4.19.3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
fcd094b2 by Jule Anger at 2023-11-27T13:04:53+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f45acdaf by Jule Anger at 2023-11-27T13:05:29+01:00
VERSION: Bump version up to Samba 4.19.4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3f73bb59 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: leave comment on broken SMB1 POSIX open handling of SMB_O_DIRECT
Since e0814dc5082dd4ecca8a155e0ce24b073158fd92 the passed in attributes get
replaced by the mode in create_file_default().
As FILE_FLAG_NO_BUFFERING is never checked when doing the final IO, it doesn't
really matter.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bca6f029 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: pass fsp to smbd_do_qfsinfo()
We need the fsp down in fsinfo_unix_valid_level(), start passing it down.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
01022d03 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: pass fsp to fsinfo_unix_valid_level()
We need the fsp down in fsinfo_unix_valid_level(), pass it down.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55d98b29 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: check is POSIX is enabled on the fsp in fsinfo_unix_valid_level()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e300ef7 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: tweak POSIX check in smbd_do_qfilepathinfo()
This check is only needed for SMB2, so check for that, and in the SMB2 codepath
we'll always have a valid fsp, so we can drop that check.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b124c2e1 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: factor out smb2_negotiate_context_process_posix()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
631e6aa0 by Ralph Boehme at 2023-11-27T18:31:35+00:00
smbd: bring back "smb3 unix extensions" option
This basically reverts commit b3cae8dcf192f65031f143e5bb9135c895611d98
with a few important differences:
* SMB3 UNIX extensions are always built, but disabled by default at runtime.
* They are globally enabled in the fileserver test environment.
* It's now a per-share option, so admins can selectively disable them
on a per-share basis. This allows clients to detect early that a share
doesn't support user mount requested POSIX and fail appropiately, passing
the failure to the requesting application (mount command).
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
d709a6ca by Michael Tokarev at 2023-11-27T22:14:22+03:00
New upstream version 4.19.3+dfsg
- - - - -
b3687b7c by Michael Tokarev at 2023-11-27T22:14:35+03:00
Update upstream source from tag 'upstream/4.19.3+dfsg'
Update to upstream version '4.19.3+dfsg'
with Debian dir 97e33510d711775a18c557681edfbd036a9c9e66
- - - - -
1800a05a by Michael Tokarev at 2023-11-27T22:22:58+03:00
update changelog; upload version 4.19.3+dfsg-1 to unstable
- - - - -
8f42b843 by Jeremy Allison at 2023-11-27T19:31:01+00:00
s3: smbd: Allow fchmod from the NFS-style mode ACL in set_nt_acl() for a SMB2 POSIX handle.
To set a mode, send a one-element ACL.
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 27 19:31:01 UTC 2023 on atb-devel-224
- - - - -
fa96bbbe by Douglas Bagnall at 2023-11-27T22:37:31+00:00
libcli/security: avoid leak when converting SID claims
Apart from the leak fix, this is faster and stricter, not accepting
SID string buffers with trailing garbage ("S-1-2-3qwerty" would have
been accepted, but not now).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca572691 by Douglas Bagnall at 2023-11-27T22:37:31+00:00
libcli/security: remove redundant claim SID size check
blob_string_sid_to_sid() immediately checks the size is within 5-191, so the 1-10000
just gives you a different message in chircumstances you'll never see.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6aa6ef4b by Douglas Bagnall at 2023-11-27T22:37:31+00:00
librpc/idl:conditional_ace: make a flags field 32 bit
This allows it to align with
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1.flags, with which it shares
values and will soon share more.
It was 16 bit because we needed few flags, and at one point .type was
8 bit, so 16 bits packed nicely into a smaller struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4ea27b8 by Douglas Bagnall at 2023-11-27T22:37:31+00:00
librpc/idl:condtional_ace: shift CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR to last bit
This region is "available for application-specific data" in the
CLAIM_SECURITY_ATTRIBUTE_ space, according to [MS-DTYP] 2.4.10.1,
so it nicer to use that, even though we are not actually setting the
flag on the V1 claims.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8f83fe8 by Douglas Bagnall at 2023-11-27T22:37:31+00:00
librpc/idl:security: add a couple of claims flags
We don't use these.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e81e0706 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
librpc/idl:security: add claims flag indicating orderly and unique members
The same flag will be used in conditional ACE composites, and on
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structures derived from wire
claims and resource attribute ACEs, when we know we have checked the
claim has no duplicate values.
Resource Attribute ACEs contain CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1
at rest, but we are not going to set the flag there on the off chance
that the ACE could fly off to another application and have another
application specific meaning there. We will only check for uniqueness
and set the flag on ephemeral copies of resource claims during access
check operations.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f40583a by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: test_run_conditional_ace can set debug levels
No -d, just `bin/test_run_conditional_ace 3`.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da077b84 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: test_run_conditional_ace tests more comparisons
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc890742 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: add test_claims_conversion
These are unit tests for converting wire claims into sorted claims v1
structures.
These are based from packets derived from the krb5.conditional_ace
tests, and currently don't test more than they do, but they work about
a hundred thousand times quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e15a202 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: CA: tokens_are_comparable() considers the obvious
Existing callers already make this check, but we are soon going to use
it in contexts that don't.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33d2deec by Douglas Bagnall at 2023-11-27T22:37:32+00:00
lib/security:CA: tokens_are_comparable() accepts NULL operator
In some circumstances we are going to know general comparability
without having an operator around to use.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78506e17 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: conditional ACE sddl writers take const tokens
We don't change these when writing the SDDL.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc480144 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: sddl_conditional_ace: check a talloc_new()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
adf695aa by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: token_factory separate out list_to_claim() helper
This is so conditional_ace_claims test can create claim objects which
can e.g. have the case sensitive flag set.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9f87247 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: token_factory claims can have case_sensitive flag
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51d9444b by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: token_factory copes with empty claims
We don't have a good story yet with regard to empty claims, but we at
least want to be able to create them in tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cc91d28 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: token_factory note that a flag is not set
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bc9da956 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: conditional_ace_claims: write_c_test_on_failure() copes with claims
*copes badly, but better than crashing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cea44421 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security/sddl: improve some SDDL error messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a836ad14 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
pytest: conditional_ace_claims tests large composite comparisons
Our composite comparisons are currently all wrong.
Soon they will be fixed, but we are going to have an inflection point
where we switch from the naive compare-everything approach to a sort
based comparison, and we want to test both sides. Also, we use these
tests for a little bit of timing, which reveals it is all fast enough.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7656d133 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: simplify wire claim conversion mem, 1/3: avoid NULL parent
The reason for this, apart from weighing up possible over-allocations
vs realloc costs, is in the first iteration of the loop,
claim_values = talloc_array(claims,
would allocate onto NULL, which leaks.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7da41a9 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: simplify wire claim conversion mem, 2/3: one tree
These values would have leaked in the event of failure (but only onto
the caller mem_ctx, which might be fleeting -- especially as its
security token is now failing).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10fd3e58 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: simplify wire claim conversion mem, 3/3: rm tmp_ctx
The interstitial tmp_ctx now does nothing but be interstitial, so
let's get rid of it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08096fd5 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: int wire claims drop uniqueness check
And we allocate all the values together as an array, because
we might as well.
This and the next couple of commits might look like steps backwards,
and they are, but they allow us to get a run-up to leap over a big
fence.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c88dfc6 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: wire claims conversion: remove strings uniqueness check
This changes the behaviour when one of the strings is NULL. Previously
a single NULL string would be ignored, and two would cause an error.
That will be restored in the next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ebb488e by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: don't allow two NULL string claims
This restores the behaviour with regard to duplicate NULL strings that
existed before the last commit. I'm putting it separately, because it
seems so strange, and I not entirely certain the behaviour is
intentional.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a19f914f by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: begin claim_v1_check_and_sort with Boolean checks
claim_v1_check_and_sort() is meant to sort the claim values and check
that there are no duplicates, as well as making some value checks.
In order to ease into the idea, we look first at the case where the claim
has Boolean values. There are only two values allowed, which limits the
length of a valid claim set and means we only really need to "sort" in
the {1, 0} case, which we rewrite in place as {0, 1}.
That's what will happen with other types: we'll sort in-place, make
some checks on values, set flags, and return an error if there are
duplicates or value errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b032d25 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: claim_v1_check_and_sort(): add all types
To manage this sort we need a qsort_r-like sort context which holds:
a) the value type,
b) a case sensitive flag for the string compare, and
c) a return flag indicating a failure. Failures are not picked up until
after the sort finishes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8074257c by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: wire claim conversion uses claim_v1_check_and_sort()
This roughly returns things to where they were a few commits ago, with
the claims being checked for uniqueness.
The difference is the claims will be sorted afterwards, and the
uniqueness check will be far more efficient on large claims.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
843fd4d1 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: resource attribute claims use claim_v1_check_and_sort()
Because RA ACEs live a double life, sometimes being ACEs and sometimes
being claims, we make a copy of the claim strucutre for sorting and
further use in conditional ACEs.
We don't need to do that for wire claims, because they are not
persistent or forwarded on to somewhere else.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e223ce4a by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: add_claim_to_token() re-sorts/checks claims
This function is used in tests and fuzzing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f56c702 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: claim_v1_to_ace_token(): avoid unnecessary re-sort
If it is a wire claim (which is probably most common), the checking
and sorting has already happened. We don't need to make a copy to
sort and check.
In either case, there is still a copy step to make the conditional ACE
token.
This shuffles around some knownfails because the claim_v1_copy()
function we were using is checking for duplicates, which we don't
always want. That will be fixed soon.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e338625e by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: avoid leak on SDDL encode failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a07d2fe by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: separate out claim_v1_to_ace_composite_unchecked()
For SDDL Resource ACE conversions we don't want to check too much
claim validity so that a semi-invalid ACE can round-trip through
deserialisation and serialisation. This is because Windows allows it,
but also because if the check puts the values in a sorted order that
makes the round-trip less round (that is, the return string is
semantically the same but possibly different in byte order).
The validity we're talking about is mostly uniqueness. For example
`S:(RA;;;;;WD;("foo",TU,0,7,5,7))` has two 7s, and that would be
invalid as a claim, but this is not checked while in ACE form.
On the other hand `S:(RA;;;;;WD;("foo",TU,0,3,2))` is valid, but the
return string will have 3 and 2 reversed when the check is made. We
prefer the ACE to stay the same while it is just being an ACE.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8bad19c4 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: improve conditional ACE composite comparison
We had the comparison method wrong. Composites are compared as sets or
flabby sets, depending on their origin. Until now we compared them as
something a bit like sets, but not quite, in a maximally inefficient way.
Claims are always sets, and the left hand side is always a claim, but
literal composites on the right hand side can be multi-sets
(containing duplicate values). When it comes to comparison, composites
are reduced down to sets. To do the comparison we sort each side and
compare in order.
The fact that either side might ask for case-sensitive comparison (if
it is a claim) is an interesting complication.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c6f2590 by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: add shortcuts for conditional ACE compare
If the number of members does not match in certain ways we can
say the sets are not equal without comparing the members.
We first need to check for comparability, though, so that we can return
an error if things aren't comparable.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55999b7b by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: shift comparability check to shortcut exits
The ordinary comparison path, using the sorted arrays, already implicitly
checks for comparability. We only need this when we're leaving early.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eb00c0b by Douglas Bagnall at 2023-11-27T22:37:32+00:00
libcli/security: comparability check: claim members are of one type
We know from the way claims are defined, and from the code that checks
sortedness and sets the flag.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a757a51a by Douglas Bagnall at 2023-11-27T23:38:13+00:00
libcli/security: note suboptimality of conditional ACE Contains operators
The Contains and Any_of operators could use a sorted comparison like
compare_composites_via_sort(), rather than O(n²) nested loops. But
that would involve amount of quite fiddly work that I am not starting
on now.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 27 23:38:13 UTC 2023 on atb-devel-224
- - - - -
4d703f71 by Michael Tokarev at 2023-11-28T12:24:38+03:00
d/rules: simplify LDFLAGS assignment
- - - - -
6222d572 by Andrew Bartlett at 2023-11-29T03:11:34+00:00
third_party/heimdal: Provide krb5_init_creds_opt_set_fast_ccache() and krb5_init_creds_opt_set_fast_flags() (import lorikeet-heimdal-202311290114 (commit 4c8517e161396330c76240bf09609a0dd5f9ea20))
It is easier for external callers to manipulate the krb5_get_init_creds_opt
(via the helpers) as this is passed down from higher up than the krb5_init_creds_context.
And just as importantly, alignment with MIT makes end-user callers happier.
Finally, this resolves the ambiguity as to which layer owns the
krb5_ccache, because now we match the MIT behaviour the init_creds code
re-opens a private copy inside libkrb5, meaning the caller closes the
cache it opened, rather than handing it over to the library.
(The unrelated changes are fixes to the test_pac test, also included in this import,
but in distinct lorikeet-heimdal commits, to allow it to compile)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
dbb682f5 by Andrew Bartlett at 2023-11-29T03:11:34+00:00
build: Add build time detection for the MIT FAST ccache API
This will allow us to link against an older system Heimdal.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bed1893a by Andrew Bartlett at 2023-11-29T03:11:34+00:00
auth/credentials: Add API to allow requesting a Kerberos ticket to be protected with FAST
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc2c9b2a by Andrew Bartlett at 2023-11-29T03:11:34+00:00
auth/credentials: Add Python bindings for association of a connection for FAST
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
61b0397d by Andrew Bartlett at 2023-11-29T03:11:34+00:00
python/tests: Import samba.gensec, not gensec
This allows this function to be used by gensec.py (a test) without collision.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ebdb1f6b by Andrew Bartlett at 2023-11-29T03:11:34+00:00
python/tests: Lock in key-word arguments as key-word only in samba.tests.gssapi
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0293d233 by Andrew Bartlett at 2023-11-29T03:11:34+00:00
python/tests: Add test for creds.set_krb5_fast_credentials()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c49fd98e by Andrew Bartlett at 2023-11-29T03:11:34+00:00
s4-auth/kerberos: Use FAST credentials for armor if specified in cli_credentials
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
64212a37 by Andrew Bartlett at 2023-11-29T03:11:34+00:00
selftest: Run samba.tests.gensec in an enviroment build also with MIT Krb5
We would like confidence that the FAST hooks work with both implementations.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dc74caba by Rob van der Linde at 2023-11-29T03:11:34+00:00
tests: claims: blackbox device tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0d907a02 by Rob van der Linde at 2023-11-29T03:11:34+00:00
tests: claims blackbox: use raw strings rather than escaping \
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
834fc223 by Rob van der Linde at 2023-11-29T03:11:34+00:00
python: tests: claims blackbox tests use ntstatus constants
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e2651628 by Rob van der Linde at 2023-11-29T04:15:27+00:00
tests: claims blackbox: add device and server silo restrictions test
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 29 04:15:27 UTC 2023 on atb-devel-224
- - - - -
c4a5d4eb by Andreas Schneider at 2023-11-29T10:47:00+00:00
third_party: Update waf to version 2.0.26
https://gitlab.com/ita1024/waf/-/blob/waf-2.0.26/ChangeLog
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 29 10:47:00 UTC 2023 on atb-devel-224
- - - - -
1f91db22 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Return error from RequestOfflineJoin
The error code must be returned to caller even if the error string is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e4afb211fe32f2aa92cc903df948874046f60305)
- - - - -
0f324795 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Add some comments to document ODJ blob charset conversions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bdab834dfad55776155915f7ec410b5a192406fa)
- - - - -
202b817f by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 740e704bd68a6b618b62336ba1583c0edeb82d6f)
- - - - -
dfa8dfaa by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 532701e3cce9d15e95166ee7c24cd1e4af51fcc4)
- - - - -
224b8dff by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7cabbec2eaf5aefd3751c635c12556eca590f506)
- - - - -
4f81c780 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a8bd8f22aac2c223e85e318dba7af8b64052b053)
- - - - -
df294c92 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:net: Add "net offlinejoin composeodj" command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4a1f2071a6028a761bbe7efee20e9654851b51f0)
- - - - -
152d2592 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:net: Load ODJ blob from file only if "loadfile" parameter is present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b2399b6994c89404f245e1a97ba1c1cf13d7fc86)
- - - - -
89e83025 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
s3:net: Allow to load ODJ blob from stdin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c14a4f51443f67bc46a670a342eed8cb9e81f37d)
- - - - -
4deac6a2 by Samuel Cabrero at 2023-11-29T14:52:09+00:00
testprogs: Cleanup machine account in net offlinejoin tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e92e4b9544231c15eaf0bdbba4505345cd0f6ab5)
- - - - -
e4505c10 by Samuel Cabrero at 2023-11-29T15:59:17+00:00
testprogs: Add net offlinejoin composeodj tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 5 22:11:46 UTC 2023 on atb-devel-224
(cherry picked from commit f3c632e74ba100b455eeac66e8914b11d1d9b0a0)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Wed Nov 29 15:59:17 UTC 2023 on atb-devel-224
- - - - -
9d7bce5b by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25988f5d by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
561537ad by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Fix grammar in warning message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbc9c9bd by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Remove unneeded casts
_pytalloc_get_ptr() returns ‘void *’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3da132a8 by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Fix subscripts of dereferenced arrays
Pidl will generate code like the following:
py_out_2 = PyLong_FromLong((uint16_t)*r->out.out[out_cntr_2]);
As the array subscripting operator has a higher precedence than the
indirection (derference) operator, the argument will be evaluated as
(uint16_t)*(r->out.out[out_cntr_2]), which is wrong.
Fix Pidl to generate the following code instead:
py_out_2 = PyLong_FromLong((uint16_t)(*r->out.out)[out_cntr_2]);
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59b94325 by Joseph Sutton at 2023-11-30T00:02:33+00:00
conditional_ace.idl: Fix undefined shift
If ‘int’ is a 32‐bit type, then 1 << 31 cannot be represented in an
‘int’, and this shift will invoke undefined behaviour.
We have got away with this so far because of a Pidl bug that changed the
expression to ‘(uint32_t)1 << 31’, which is valid. But that bug is about
to be fixed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3f81fa7 by Joseph Sutton at 2023-11-30T00:02:33+00:00
pidl: Make sure to cast whole expressions
$cvar could be an expression such as ‘1 << 10’. In such cases this cast
presumably was intended to apply to the entire expression, not just to
the ‘1’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5571116b by Joseph Sutton at 2023-11-30T00:02:33+00:00
docs-xml: Add missing closing parenthesis
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79f6da42 by Joseph Sutton at 2023-11-30T00:02:33+00:00
librpc:ndr: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
187d3baa by Joseph Sutton at 2023-11-30T00:02:33+00:00
librpc:ndr: Use correct libndr flags type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acb67bd9 by Joseph Sutton at 2023-11-30T00:02:33+00:00
selftest: Remove knownfail entries for non‐existent tests
The corresponding tests were removed in commit
938afb8b28973b0065cc3509b70ebe3f6986de47.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bb031f8 by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/smb: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cee483fd by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/auth: Use correct enumeration constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2482a714 by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/auth: Call correct function to get HMAC output length
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d53ac8a by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/smb: Call correct function to get HMAC output length
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
769b6527 by Joseph Sutton at 2023-11-30T00:02:33+00:00
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99ded98b by Joseph Sutton at 2023-11-30T00:02:33+00:00
s4:libcli: Call correct function to get HMAC output length
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33167207 by Joseph Sutton at 2023-11-30T00:02:33+00:00
s4:utils: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e07da1c by Joseph Sutton at 2023-11-30T00:02:33+00:00
s4:utils: Use correct enumeration constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
150a6ca3 by Joseph Sutton at 2023-11-30T00:02:33+00:00
auth/gensec: Return more consistent status codes on gnutls hashing failure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5b21579 by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/auth: Return more consistent status code on gnutls HMAC failure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30be2446 by Joseph Sutton at 2023-11-30T00:02:33+00:00
libcli/smb: Add ‘algorithm’ parameter to smb2_key_derivation()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
768178be by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2c4b014b by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04b6dc8d by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Add samba_gnutls_sp800_108_derive_key()
Rename smb2_key_derivation() to samba_gnutls_sp800_108_derive_key() and
move it to GNUTLS_HELPERS.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f5b5b75 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Add tests for samba_gnutls_sp800_108_derive_key()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
014f6060 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Split out core of samba_gnutls_sp800_108_derive_key()
We are going to need to alter the structure of this function a little
bit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19f2365c by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Add common out path to samba_gnutls_sp800_108_derive_key()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1c6a930 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Add missing call to gnutls_hmac_deinit()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b5ccd25 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Clean up HMAC handle in one place
This is less error prone than having to ensure it’s cleaned up in every
error path.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd1168a1 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Have samba_gnutls_sp800_108_derive_key() support various output key lengths
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
017c90e1 by Joseph Sutton at 2023-11-30T00:02:33+00:00
lib:crypto: Add ‘FixedData’ parameter to samba_gnutls_sp800_108_derive_key()
Our code won’t use this, but NIST’s test vectors are based on handing a
fixed buffer to the key derivation function.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72c6f38e by Joseph Sutton at 2023-11-30T01:03:28+00:00
lib:crypto: Add test for samba_gnutls_sp800_108_derive_key() using NIST test vectors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 30 01:03:29 UTC 2023 on atb-devel-224
- - - - -
35d71bfc by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: fix missing colon around param in docstring
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bcfcacd by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: PEP275: docstrings should always use double quotes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a45e49b by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: tests: make HRES_SEC_E_* constant an int
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b14ead30 by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: move HRES_SEC_* constants to samba module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
983f222e by Andrew Bartlett at 2023-11-30T01:05:32+00:00
python: Use constants from hresult.h for python constants
This encourages us to keep a single source for constants.
In the future this should be a generated python file like for ntstatus.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e8fda61a by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: get rid of pointless empty overridden methods
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ac48336 by Rob van der Linde at 2023-11-30T01:05:32+00:00
python: tests: update all super calls to python 3 style in tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Some python2 style super() calls remain due
to being an actual, even if reasonable, behaviour change]
- - - - -
42e78285 by Andrew Bartlett at 2023-11-30T01:05:32+00:00
python: Correct Python2 super() calls that called the wrong class
These changes have been checked as safe as skipping a superclass
has no actual impact.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0f2ff51a by Andrew Bartlett at 2023-11-30T01:05:32+00:00
python/samba/tests: Fix incorrect superclass in test_min_domain_uid.py
This was not intentional as far as can be determined.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
af53df6c by Andrew Bartlett at 2023-11-30T02:03:05+00:00
python/samba/tests: Fix incorrect super-class in cred_opt.py setUp()
This will allow TEST_DEBUG_LEVEL to work in this test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 30 02:03:05 UTC 2023 on atb-devel-224
- - - - -
83edfcff by Shachar Sharon at 2023-11-30T12:32:29+00:00
vfs_ceph: call 'ceph_fgetxattr' only if valid fd
Align getxattr logic with the rest of xattr hooks: call ceph_fgetxattr
with appropriate io-fd when 'is_pathref' is false; otherwise, call
ceph_getxattr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15440
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Nov 30 12:32:29 UTC 2023 on atb-devel-224
- - - - -
f65a17e7 by Andreas Schneider at 2023-11-30T20:23:34+00:00
lib:crypto: Use bytearray macros
Do not use old macros which are not descriptive by the name.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b12a33e2 by Andrew Bartlett at 2023-11-30T21:25:56+00:00
third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
Some of our pending PRs for Heimdal were recently accepted,
so this brings in a new update (mostly improved spelling).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 30 21:25:56 UTC 2023 on atb-devel-224
- - - - -
ad0c0dd0 by Andreas Schneider at 2023-12-01T07:07:31+00:00
selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8f496161 by Andreas Schneider at 2023-12-01T07:07:31+00:00
s3:auth: Remove trailing white spaces from auth_util.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
00034d02 by Andreas Schneider at 2023-12-01T08:06:44+00:00
s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a local token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Dec 1 08:06:44 UTC 2023 on atb-devel-224
- - - - -
b3ac235b by Andreas Schneider at 2023-12-05T10:07:09+00:00
selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ad0c0dd071401d98f0b7f595efbdf5312a165ab4)
- - - - -
9b26a0ea by Andreas Schneider at 2023-12-05T10:07:09+00:00
s3:auth: Remove trailing white spaces from auth_util.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8f496161463f110e494201303b96dd14ab3774cd)
- - - - -
62c90dfa by Andreas Schneider at 2023-12-05T11:04:17+00:00
s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a local token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 00034d022896f879bf91bb78eb9e2972162c99ce)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Dec 5 11:04:17 UTC 2023 on atb-devel-224
- - - - -
40de9033 by Andrew Bartlett at 2023-12-07T04:32:37+00:00
pycredentials: Properly check type in creds.set_nt_hash() and samr.encrypt_samr_password()
We should not be just doing a talloc type check, we should check the python
type first.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e5fe856e by Andreas Schneider at 2023-12-07T04:32:37+00:00
s3:tests: Add smbget test for smb://DOAMIN;user%password@server/share/file
This is supported according to the smbget manpage!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
763b2efe by Andreas Schneider at 2023-12-07T05:33:21+00:00
s3:utils: Fix setting the debug level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 7 05:33:21 UTC 2023 on atb-devel-224
- - - - -
261d3ade by Joseph Sutton at 2023-12-08T02:28:33+00:00
python:tests: Permit newer copyright notice
We can use an HTTPS URL (https://www.gnu.org/licenses/) now.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2cb6e37e by Joseph Sutton at 2023-12-08T02:28:33+00:00
gkdi.idl: Add definitions for the Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60e9e3e0 by Joseph Sutton at 2023-12-08T02:28:33+00:00
tests/ndr: Add tests for Group Key Distribution Service blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e607a59c by Joseph Sutton at 2023-12-08T02:28:33+00:00
auth:gensec: Zero digest array in error case
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18d9873e by Joseph Sutton at 2023-12-08T02:28:33+00:00
buildtools: Update docstring to be more accurate
Some more possibilities for output files have been introduced since
commit e916aff9e1d44c3599c30b9ea32d03921f6403f4.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
265e3699 by Joseph Sutton at 2023-12-08T02:28:33+00:00
ctdb: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cec6c7e2 by Joseph Sutton at 2023-12-08T02:28:33+00:00
ctdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af2b5f46 by Joseph Sutton at 2023-12-08T02:28:33+00:00
docs-xml: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7658c9bf by Joseph Sutton at 2023-12-08T02:28:33+00:00
lib:crypto: Remove redundant array zeroing
The call to memset_s() was supposed to replace the use of
ZERO_ARRAY_LEN(), but somehow both lines have crept in.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a9e8849 by Joseph Sutton at 2023-12-08T02:28:33+00:00
lib:crypto: Remove unused Rijndael cipher header
The corresponding code was removed with commit
11b3c6826d19d60937f75825075fc5eb67385e11.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6bc1ad9 by Joseph Sutton at 2023-12-08T02:28:33+00:00
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac860150 by Joseph Sutton at 2023-12-08T02:28:33+00:00
lib/fuzzing: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0691a112 by Joseph Sutton at 2023-12-08T02:28:33+00:00
talloc: Fix documentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a56bf3fa by Joseph Sutton at 2023-12-08T02:28:33+00:00
lib/torture: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1947bd6d by Joseph Sutton at 2023-12-08T02:28:33+00:00
util/charset: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c07f72a5 by Joseph Sutton at 2023-12-08T02:28:33+00:00
util/data_blob: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8aa164ce by Joseph Sutton at 2023-12-08T02:28:33+00:00
util/data_blob: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3199f2a by Joseph Sutton at 2023-12-08T02:28:33+00:00
libcli/security: Remove unused includes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e998655 by Joseph Sutton at 2023-12-08T02:28:33+00:00
libcli/security: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4846ebbd by Joseph Sutton at 2023-12-08T02:28:33+00:00
librpc: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e05c3477 by Joseph Sutton at 2023-12-08T02:28:33+00:00
librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c62d17db by Joseph Sutton at 2023-12-08T02:28:33+00:00
security.idl: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b82abfe0 by Joseph Sutton at 2023-12-08T02:28:33+00:00
gp: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7ab99a8 by Joseph Sutton at 2023-12-08T02:28:33+00:00
python: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eb7b95d by Joseph Sutton at 2023-12-08T02:28:33+00:00
python: Add missing word to comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abab561d by Joseph Sutton at 2023-12-08T02:28:33+00:00
python:tests: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49f54e2b by Joseph Sutton at 2023-12-08T02:28:33+00:00
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5287411b by Joseph Sutton at 2023-12-08T02:28:33+00:00
python:tests: Remove leftover debugging message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7a2c4ba by Joseph Sutton at 2023-12-08T02:28:33+00:00
tests/dcerpc: Correct docstring
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d791bfae by Joseph Sutton at 2023-12-08T02:28:33+00:00
tests/dcerpc: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e891f59 by Joseph Sutton at 2023-12-08T02:28:33+00:00
tests/krb5: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b06fd8d by Joseph Sutton at 2023-12-08T02:28:33+00:00
tests/krb5: Remove unused parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a9e07ad by Joseph Sutton at 2023-12-08T02:28:33+00:00
s3:include: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f27ab6d9 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s3:include: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed908e93 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s3:modules: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51340180 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s3:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
235b518c by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8052eca by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccbaaf26 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Remove unused includes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6eec3ae6 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Use portable integer constant INT64_MIN
Because it is written in hexadecimal, ‘0x8000000000000000LL’ is likely
going to be represented as an ‘unsigned long long int’. Negating it
actually will not change its value at all, so the unary minus achieves
nothing here.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1dc284f by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Use portable integer constant INT64_MAX
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ebe4de1 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Use portable integer constant INT64_MAX
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64f66273 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b58cd077 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d04f62e by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:include: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0982d030 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:include: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
251f39a9 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:kdc: Remove unused includes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43c37551 by Joseph Sutton at 2023-12-08T02:28:33+00:00
pymessaging: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4039bf6 by Joseph Sutton at 2023-12-08T02:28:33+00:00
s4:ntvfs: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c4ee07e by Joseph Sutton at 2023-12-08T02:28:33+00:00
Revert "s4:torture: Increase multichannel timeout"
This reverts commit c6d0df787a1f6007e1f4594f68ff1f75a46bd293.
Said commit did not help with GitLab CI timeouts, but just made the CI
pipeline take longer when the test did time out.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
992f7625 by Joseph Sutton at 2023-12-08T03:25:20+00:00
selftest: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 8 03:25:20 UTC 2023 on atb-devel-224
- - - - -
04ed1206 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest: add an expectedfail directory
We have some tests that are not only known to fail, but which are
intended to fail.
For example, to quote selftest/knownfail.d/dns:
> # These tests are expected to fail because we want to ensure that
> # unauthenticated updates are not permitted against the default
> # configuration, nor against an RODC
In contrast to selftest/knownfail.d/uac_objectclass_restrict, which
says:
> # All these tests need to be fixed and the entries here removed
That one should stay in selftest/knownfail.d.
Some files are mixed. For example, there are lines in
selftest/knownfail.d/smb1-tests which were added in *commits* that say
> We also need to add a knownfail (which will not be removed) for the
> new test which will fail in smb1 envs
but it is not clear to me that the whole file is expected to always
fail.
By moving some knownfails here, we allow selftest/knownfail.d to be a
bit more like a TODO list, containing things that actually constitute
failure.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a6d9a72 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: README memntions expectedfail.d
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ea40efe by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: remove empty files
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f60d7946 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: move labdc to expectedfail.d
To quote the original commit:
> Note that the rpc.echo tests for the testallowed and testdenied users
> fail, because we don't backup the secrets for these users. So these
> tests failing proves that the lab-DC testenv is correct.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bac25597 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: move samba-4.5-emulation to expectedfail.d
These tests are expected to fail because the handling of GET_ANC has
deliberately been degraded in this environment (in order to test an
upgrade path, long story).
> We now show this is in effect by the fact that tests now fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2497a4af by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: move ntlmv1-restrictions to expectedfail.d
These tests have been set up to fail by smb.conf options, partly
in order to test those options.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5af5f980 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail.d: move encrypted_secrets to expectedfail.d
>From the file itself:
> # The fl2000dc environment is provisioned with the --plaintext-secrets option
> # running the ecnrypted secrets tests on it and expecting them to fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54f95df6 by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
Where NETLOGON is disabled, the failure is intended.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
646046cb by Douglas Bagnall at 2023-12-10T21:24:38+00:00
selftest/knownfail: move more parts to expectedfail.d/ntlm-auth
Here NTLM is disabled, so failure is intended.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c14c5dec by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Fix authentication with smbget_user in smbget tests
Currently the smget share is broken. We set `guest ok = yes` so if you
specify invalid names, the authentication will still succeed as we
are mapped to guest.
The smbget_user is a local ad_member user. We need to set the
workstation as the "domain" for the user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2af6946 by Andreas Schneider at 2023-12-10T21:24:38+00:00
selftest: Remove trailing tabs/white spaces in Samba4.pm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56d0c3a0 by Andreas Schneider at 2023-12-10T21:24:38+00:00
selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
We should start using those in future. So we can distinguish which
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
possible should use DOMIAN_USER instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
337034e6 by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Pass down a normal domain user for test_smbget.sh
It is better to test with a normal user than administrator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62b0b79c by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Fix test_kerberos in smbget tests
We switched to a temporary directory, so $PREFIX doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
468fb05d by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Fix the test_kerberos_trust in smbget testsuite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a04fd25 by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
See TODO code comment for details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c46769f3 by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Fix smbget test
Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab4b2596 by Andreas Schneider at 2023-12-10T21:24:38+00:00
auth:creds:tests: Add test for password callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1041dae0 by Andreas Schneider at 2023-12-10T21:24:38+00:00
auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7622bc7 by Andreas Schneider at 2023-12-10T21:24:38+00:00
auth:creds: Add cli_credentials_get_domain_and_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b38f3be by Andreas Schneider at 2023-12-10T21:24:38+00:00
s3:tests: Add interactive smbget test for password entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2f7ed41 by Andreas Schneider at 2023-12-10T22:22:51+00:00
s3:utils: Fix auth callback with smburl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Dec 10 22:22:51 UTC 2023 on atb-devel-224
- - - - -
cdff2b76 by Joseph Sutton at 2023-12-11T01:08:36+00:00
buildtools: Remove unused parameter ‘env’
This parameter goes unused, and nothing passes it in.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e5d7514 by Joseph Sutton at 2023-12-11T01:08:37+00:00
buildtools: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45b7a0c1 by Joseph Sutton at 2023-12-11T01:08:37+00:00
s4:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3ad6753 by Joseph Sutton at 2023-12-11T01:08:37+00:00
buildtools: Pass through parameter ‘keep_underscore’
This parameter has gone unused until now.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62364596 by Joseph Sutton at 2023-12-11T01:08:37+00:00
buildtools: Remove useless ‘keep_underscore’ parameter
SAMBA_LIBARY()’s ‘keep_underscore’ parameter has an effect only if None
is passed in for ‘bundled_name’. However, SAMBA_PLUGIN() always passes
in a string for ‘bundled_name’. Therefore ‘keep_underscore’ will never
have any effect — remove it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f642aff5 by Joseph Sutton at 2023-12-11T02:13:39+00:00
buildtools: Remove ‘keep_underscore’ parameter
Nothing now passes this in.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 11 02:13:39 UTC 2023 on atb-devel-224
- - - - -
fcbda8c7 by Shachar Sharon at 2023-12-11T08:46:17+00:00
vfs_ceph: call 'ceph_fgetxattr' only if valid fd
Align getxattr logic with the rest of xattr hooks: call ceph_fgetxattr
with appropriate io-fd when 'is_pathref' is false; otherwise, call
ceph_getxattr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15440
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Nov 30 12:32:29 UTC 2023 on atb-devel-224
(cherry picked from commit 83edfcff5ccd8c4c710576b6d5612e0578d168c8)
- - - - -
b2d450cc by Volker Lendecke at 2023-12-11T09:45:32+00:00
smbd: Fix read_symlink_reparse()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224
(cherry picked from commit 952d6c2cf48b19807e96a49b95c19c224bd6e732)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Dec 11 09:45:32 UTC 2023 on atb-devel-224
- - - - -
f550e1fc by Michael Tokarev at 2023-12-11T13:18:14+03:00
d/rules: add -mlong-jump-table-offsets to CFLAGS on m68k
- - - - -
be5c630a by Michael Tokarev at 2023-12-11T13:18:24+03:00
d/rules: CFLAGS += -ffile-prefix-map=../../=
- - - - -
442e0b04 by Michael Tokarev at 2023-12-11T13:18:24+03:00
d/control: fix versioned dependency on samba for samba-ad-dc
samba-ad-dc is arch-all package. We need samba >= ${source:Version}~
(note the tilde at the end), not ${binary:Version} (without tilde).
- - - - -
3e706f7f by Michael Tokarev at 2023-12-11T13:18:24+03:00
+python-fix-invalid-escape-sequences.patch from upstream (#1057668)
- - - - -
1c1b448d by Michael Tokarev at 2023-12-11T13:20:01+03:00
update changelog; upload version 4.19.3+dfsg-2 to unstable
- - - - -
402042b5 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Add smbget test for smb://DOAMIN;user%password@server/share/file
This is supported according to the smbget manpage!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e)
- - - - -
63969fe9 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:utils: Fix setting the debug level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d)
- - - - -
79981973 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Fix authentication with smbget_user in smbget tests
Currently the smget share is broken. We set `guest ok = yes` so if you
specify invalid names, the authentication will still succeed as we
are mapped to guest.
The smbget_user is a local ad_member user. We need to set the
workstation as the "domain" for the user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9)
- - - - -
3738e0a9 by Andreas Schneider at 2023-12-12T09:02:18+00:00
selftest: Remove trailing tabs/white spaces in Samba4.pm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4)
- - - - -
4fca2664 by Andreas Schneider at 2023-12-12T09:02:18+00:00
selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
We should start using those in future. So we can distinguish which
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
possible should use DOMIAN_USER instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c)
- - - - -
e6d14a85 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Pass down a normal domain user for test_smbget.sh
It is better to test with a normal user than administrator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 337034e675aaeb366d360a791ec0d003426230af)
- - - - -
fd20e322 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Fix test_kerberos in smbget tests
We switched to a temporary directory, so $PREFIX doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 62b0b79ce065246417996dec61afa6a10f6ab99b)
- - - - -
9fe9f02c by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Fix the test_kerberos_trust in smbget testsuite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 468fb05d6357779228e411076e286abcdb70cf96)
- - - - -
b2e427b4 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
See TODO code comment for details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7)
- - - - -
8dc5d522 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Fix smbget test
Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c46769f3f10d21ed802e17aa79ae17e345168e63)
- - - - -
259cc2b5 by Andreas Schneider at 2023-12-12T09:02:18+00:00
auth:creds:tests: Add test for password callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ab4b25964a43a1ef550f10580ad395e178fe647e)
- - - - -
ec913897 by Andreas Schneider at 2023-12-12T09:02:18+00:00
auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699)
- - - - -
88c29757 by Andreas Schneider at 2023-12-12T09:02:18+00:00
auth:creds: Add cli_credentials_get_domain_and_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a7622bc7db093558c6f6e3da4d2a899a764dec09)
- - - - -
37e24c60 by Andreas Schneider at 2023-12-12T09:02:18+00:00
s3:tests: Add interactive smbget test for password entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce)
- - - - -
1b6096a1 by Andreas Schneider at 2023-12-12T10:01:36+00:00
s3:utils: Fix auth callback with smburl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Dec 12 10:01:36 UTC 2023 on atb-devel-224
- - - - -
e3d0574d by Samuel Cabrero at 2023-12-13T15:07:38+00:00
s3:winbind: talloc the static idmap child
Next commits will use talloc_get_type_abort() to get the reference.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c3593705 by Samuel Cabrero at 2023-12-13T15:07:38+00:00
s3:winbind: talloc the static locator child
Next commits will use talloc_get_type_abort() to get the reference.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8e1f2ee5 by Samuel Cabrero at 2023-12-13T15:07:38+00:00
s3:winbind: Register a messaging filter foreach domain child
Instead of registering the "classic" callback for MSG_SMB_CONF_UPDATED,
install a message filter to allow other parts of the code to also
listen for this message because classic callbacks are delivered only
once (see commit a2436b67e5dd47d955a3bea2b83e0693b627ab96).
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
de2f59c6 by Samuel Cabrero at 2023-12-13T15:07:38+00:00
docs: Document idmap_nss "range" option
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c8e4777a by Samuel Cabrero at 2023-12-13T15:07:38+00:00
idmap_nss: Increase debug on failures
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a7a4d8e5 by Samuel Cabrero at 2023-12-13T15:07:38+00:00
idmap_nss: Add a parameter to use UPNs instead of plain names
idmap config <DOMAIN> : backend = nss
idmap config <DOMAIN> : use_upn = yes|no
When translating a Unix ID to a SID the module calls get[pwu|grg]id() but the
name returned by some NSS modules might be a UPN instead of a plain name. If
the new parameter is enabled the returned name will be parsed and correctly
handled.
On the other hand, when translating a SID to a Unix ID the module first
resolves the SID to a domain + name, and then calls get[pw|gr]name() with the
plain name, or the UPN if the new parameter is enabled.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
086a90d5 by Samuel Cabrero at 2023-12-13T15:07:38+00:00
idmap_nss: Install a messaging filter to reload the configuration
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3a01ef71 by Samuel Cabrero at 2023-12-13T16:05:19+00:00
tests: Add a test for the idmap_nss : use_upn setting
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Wed Dec 13 16:05:19 UTC 2023 on atb-devel-224
- - - - -
e004a5a4 by Douglas Bagnall at 2023-12-14T03:31:36+00:00
libcli/security: SDDL decode stops earlier with too many ACEs
For this purpose, "too many" means we know for sure that it won't fit
in packet format, even if all the ACEs are minimum size. This would
fail anyway.
Credit to OSS-Fuzz, who found that 50 thousand ACEs that took more
than 60 seconds to decode. This will now fail after 4096 ACEs which
should be about 150 times faster than 50k (because the realloc loop in
quadratic), so ~0.5 seconds in the fuzz context with sanitisers
enabled. That is still slowish, but SDDL parsing is not a critical
path and without address sanitisers it will be many times faster.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62511
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a016ce70 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: don't allow conditional ACE SIDs to have trailing bytes
They should be tightly packed, allowing conditional ACEs to
round-trip.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64197
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db6b0657 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: clarify tests for SDDL round trips
The `failed = failed || ok` did the same thing, obscurely.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b247a11e by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: fix tests for SDDL conditional ACE round-trip
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbe21760 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: tests for conditional ACE integer base persistence
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d33ed631 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: allow round-trip for conditional ACE octal integers
The string "00" will decode into an integer tagged as octal, but
`snprintf("%#oll")` will write the string "0", which would decode as
decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would
not be the same as SD2.
The effect is really only relevant to SDDL, which wants to remember
what base the numbers were presented in, though the fuzzers and tests
don't directly compare SDDL, which can have extra spaces and so forth.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66f341e5 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: allow round-trip for conditional ACE hex integers
As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25f8e507 by Douglas Bagnall at 2023-12-14T03:31:37+00:00
libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd9dfb0e by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unfinished join method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dddaed61 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused variable ‘machinesid’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9b22c6d by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Make use of ‘serverdn’ parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e65a368 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8b5cb10 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a341aca1 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Make use of ‘prefix’ parameter
This method is now consistent with the other ‘add_*_record()’ methods.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7064e39f by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘logger’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95e0df78 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a84c5212 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49801372 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6926534 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58814bfd by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e37dfc29 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8439dcb4 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5132771f by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
246666e7 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘message’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9a665a0 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb727331 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘samdb’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
704ad18b by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘netlogon’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83311420 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘name’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c288c6b by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fdf710b by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6dc2116 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘root_gid’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efaa27c4 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cc82345 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘erase’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fbd3435 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘keytab_path’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e7f7d63 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘fill’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
beefbb27 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e67196e1 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10d79ef2 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7750edc1 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
891e1da9 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘serverrole’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ddddf9d4 by Joseph Sutton at 2023-12-14T03:31:37+00:00
python: Remove unused parameter ‘backup’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff52e342 by Joseph Sutton at 2023-12-14T04:32:31+00:00
python: Remove references to removed parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 14 04:32:31 UTC 2023 on atb-devel-224
- - - - -
ddba4a06 by Rob van der Linde at 2023-12-15T02:54:34+00:00
python: pep257: docstring should use double quotes
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3db32513 by Rob van der Linde at 2023-12-15T02:54:34+00:00
netcmd: getpassword: get rid of pointless overridden constructors
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c8ded462 by Rob van der Linde at 2023-12-15T02:54:34+00:00
python: use python3 style super statements
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83e36d97 by Rob van der Linde at 2023-12-15T03:51:55+00:00
netcmd: add shell command
A simple samba-tool shell, can be quite useful to play around with the ldb database and models.
All models get imported and the samdb connection variable made available.
Example usage:
bin/samba-tool shell -H <host> --workgroup <workgroup> --realm <realm>
>>> silos = AuthenticationSilo.query(ldb)
>>> for silo in silos:
... print(silo)
...
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 15 03:51:55 UTC 2023 on atb-devel-224
- - - - -
d23d6145 by Stefan Metzmacher at 2023-12-15T10:44:42+00:00
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
We also prodive a samba_copyright_string() helper similar to
samba_version_string().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224
- - - - -
92badd3b by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f2d9c012 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: add ctdb_canonicalize_ip_inplace() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5f52d140 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()
We could also remove the src_addr and dest_addr helper variables
completely, but that would be too much for this commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
8395fd36 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: add ctdb_connection_same() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c6602b68 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED
With multichannel a ctdb connection from smbd may hold multiple
tcp connections, which can be disconnected before the smbd
process terminates the whole ctdb connection, so we a
way to remove undo 'CTDB_CONTROL_TCP_CLIENT' again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
037e8e44 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED
With multichannel a tcp connection is registered first with
a temporary smbd process, that calls CTDB_CONTROL_TCP_CLIENT
first and then passes the tcp connection to the longterm smbd
that already handles all connections belonging to the specific
client_guid. That smbd process calls CTDB_CONTROL_TCP_CLIENT
again, but the 'tickle' information is already there.
When the temporary smbd process exists/disconnects from ctdb
or calls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, the 'tickle'
information is removed, while the longterm smbd process
still serves the tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
24013937 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()
We dump the structure into the socket, so we need to zero the content
including possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
77a55943 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once
We do the dispatching to multiple handlers in ctdbd_msg_call_back()
and we don't need more than one message from ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
75aa6693 by Volker Lendecke at 2023-12-15T11:06:34+00:00
ctdbd_conn: Add deregister_from_ctdbd()
This is to remove a callback during rundown of smbds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f3a03f3f by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdbd_conn: add ctdbd_unregister_ips()
This reverts the effect of ctdbd_register_ips().
We'll use this in order to disconnect individual
multichannel connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2e784789 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
ctdbd_conn: add ctdbd_passed_ips()
This is similar to ctdbd_unregister_ips(), but with the
difference that ctdb keeps the 'tickle' information for
the tcp connection alive, because another smbd process
took care of that tcp connection in a multichannel scenario.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
38b74d4c by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
selftest: export/use CTDB related envvars in order to run the ctdb command
This makes it easier to test things...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
082c7df4 by Stefan Metzmacher at 2023-12-15T11:06:34+00:00
s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips
This demonstrates the crash that happens if a client connects to a
non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a
use-after-free talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
Note that we also need to mark some subtests as flapping
as there's a 2nd problem that happens in the interaction
between smbd processes and ctdb when passing a multichannel
connection to an existing process, it means we sometimes
loose the 'tickle' information within ctdb to that tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ddf47e7f by Volker Lendecke at 2023-12-15T11:06:34+00:00
smbd: Remove callback for release_ip when "state" is free'ed
If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information. But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
8fc38725 by Martin Schwenke at 2023-12-15T11:06:34+00:00
ctdb-daemon: Use ctdb_connection_to_buf() to simplify
The one case that is no longer handled specially is when the
destination address is IPv4 loopback. This may previously have been
used to avoid flooding the logs when testing. However, that seems
unnecessary - if testing with 127.0.0.1 then make it a public address.
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4b7329f1 by Martin Schwenke at 2023-12-15T12:09:21+00:00
ctdb-server: Drop unnecessary copy of destination address
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 15 12:09:21 UTC 2023 on atb-devel-224
- - - - -
38134f37 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 92badd3bdd82d1fa79727efcf81b6f479016811f)
- - - - -
69c4f498 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: add ctdb_canonicalize_ip_inplace() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit f2d9c012fc803b48564c3203ed640c02f99bcbaa)
- - - - -
0d6a3860 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()
We could also remove the src_addr and dest_addr helper variables
completely, but that would be too much for this commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 5f52d140f7b676ed68b5ce49d4445357bcbcb1a6)
- - - - -
24bd10eb by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: add ctdb_connection_same() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 8395fd369d3c9d216817e922423727748581f133)
- - - - -
b6906f37 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED
With multichannel a ctdb connection from smbd may hold multiple
tcp connections, which can be disconnected before the smbd
process terminates the whole ctdb connection, so we a
way to remove undo 'CTDB_CONTROL_TCP_CLIENT' again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit c6602b686b4e50d93272667ef86d3904181fb1ab)
- - - - -
118d6c81 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED
With multichannel a tcp connection is registered first with
a temporary smbd process, that calls CTDB_CONTROL_TCP_CLIENT
first and then passes the tcp connection to the longterm smbd
that already handles all connections belonging to the specific
client_guid. That smbd process calls CTDB_CONTROL_TCP_CLIENT
again, but the 'tickle' information is already there.
When the temporary smbd process exists/disconnects from ctdb
or calls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, the 'tickle'
information is removed, while the longterm smbd process
still serves the tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 037e8e449deb136ad5ed5e4de05439411b545b6d)
- - - - -
e09f9242 by Stefan Metzmacher at 2023-12-16T15:07:14+00:00
ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()
We dump the structure into the socket, so we need to zero the content
including possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 240139370aa19f53dd3de0ff468afd994d3bd973)
- - - - -
d039fa07 by Stefan Metzmacher at 2023-12-16T15:07:15+00:00
ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once
We do the dispatching to multiple handlers in ctdbd_msg_call_back()
and we don't need more than one message from ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 77a559432ffde2d435e29bed126d20a09d33f48e)
- - - - -
acf08081 by Volker Lendecke at 2023-12-16T15:07:15+00:00
ctdbd_conn: Add deregister_from_ctdbd()
This is to remove a callback during rundown of smbds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 75aa6693940201a928b46f6880b43820c0e1c555)
- - - - -
e3a4feda by Stefan Metzmacher at 2023-12-16T15:07:15+00:00
ctdbd_conn: add ctdbd_unregister_ips()
This reverts the effect of ctdbd_register_ips().
We'll use this in order to disconnect individual
multichannel connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit f3a03f3f774f0795fc1a163f12cccb9cedeebec1)
- - - - -
8add947b by Stefan Metzmacher at 2023-12-16T15:07:15+00:00
ctdbd_conn: add ctdbd_passed_ips()
This is similar to ctdbd_unregister_ips(), but with the
difference that ctdb keeps the 'tickle' information for
the tcp connection alive, because another smbd process
took care of that tcp connection in a multichannel scenario.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 2e784789d78d09dfbc599085e5eb1c70c5b866b8)
- - - - -
d96cb627 by Stefan Metzmacher at 2023-12-16T15:07:15+00:00
selftest: export/use CTDB related envvars in order to run the ctdb command
This makes it easier to test things...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 38b74d4ca9a59e7f12850c20c410f9df26cbad0a)
- - - - -
43b70686 by Stefan Metzmacher at 2023-12-16T15:07:15+00:00
s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips
This demonstrates the crash that happens if a client connects to a
non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a
use-after-free talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
Note that we also need to mark some subtests as flapping
as there's a 2nd problem that happens in the interaction
between smbd processes and ctdb when passing a multichannel
connection to an existing process, it means we sometimes
loose the 'tickle' information within ctdb to that tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 082c7df4d04c2a94c5413c1d6b7eae7be610f950)
- - - - -
2640bae7 by Volker Lendecke at 2023-12-16T15:07:15+00:00
smbd: Remove callback for release_ip when "state" is free'ed
If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information. But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit ddf47e7fe314e0f5bf71ff53e35350e0ba530d08)
- - - - -
2e93e358 by Martin Schwenke at 2023-12-16T15:07:15+00:00
ctdb-daemon: Use ctdb_connection_to_buf() to simplify
The one case that is no longer handled specially is when the
destination address is IPv4 loopback. This may previously have been
used to avoid flooding the logs when testing. However, that seems
unnecessary - if testing with 127.0.0.1 then make it a public address.
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8fc3872557f715dc38f9898754a785fd073ace96)
- - - - -
853efb9d by Martin Schwenke at 2023-12-16T16:08:41+00:00
ctdb-server: Drop unnecessary copy of destination address
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 15 12:09:21 UTC 2023 on atb-devel-224
(cherry picked from commit 4b7329f15820f1b4d9a7b7f0947719c4217b312a)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Sat Dec 16 16:08:41 UTC 2023 on atb-devel-224
- - - - -
3d3cc1bd by Stefan Metzmacher at 2023-12-19T09:43:08+00:00
s3:rpc_server: call reopen_logs before we print the copyright notice
This matches what we do in smbd, winbindd and nmbd.
For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.
We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 94723b6732a67482eb7792e82b01e26a807e8265)
- - - - -
8b913da8 by Björn Jacke at 2023-12-19T09:43:09+00:00
profile: issues info message with lower log level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 55d895dc42248ad524a10812b9975ac05a722fdc)
- - - - -
c05330a9 by Björn Jacke at 2023-12-19T09:43:09+00:00
s4/server.c: move some log messages from ERR to NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit baa67024bca391f2e212b91131f544cc911c6895)
- - - - -
13748870 by Björn Jacke at 2023-12-19T09:43:09+00:00
lib/util: move copyright define to copyright.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7631bf603fbce9b80b19410f0680ce8c4170a1b)
- - - - -
fb08893c by Björn Jacke at 2023-12-19T09:43:09+00:00
debug.h: introduce DEBUG_STARTUP_NOTICE
this is log level -1 and lowest syslog priority. This is used for start up
messages and copyright notices, which should always be printed but which are no
errors or warnings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ccfe345fece0a5a44d766fb9426d43c2e046d040)
- - - - -
51ce833d by Björn Jacke at 2023-12-19T09:43:09+00:00
logging: use DBG_STARTUP_NOTICE for startup message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 159cfde446c95c387ef212be103b109ea0dca93d)
- - - - -
ed2806fd by Björn Jacke at 2023-12-19T09:43:09+00:00
lib/util/become_daemon.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 50337acaa566b6696e035e38f6408f65805182a0)
- - - - -
928dfe6e by Björn Jacke at 2023-12-19T09:43:09+00:00
source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 72f20311acc4ab8851f18ac2b87f7ecc7803afad)
- - - - -
98d79426 by Stefan Metzmacher at 2023-12-19T09:43:09+00:00
lib/util: add debug_set_forced_log_priority()
By default the priority for syslog/systemd is derived from
the log level of the debug message.
But for things like startup messages we want to
change the priority temporary, like this:
debug_set_forced_log_priority(DBGLVL_NOTICE);
D_ERR("Startup...\n");
debug_set_forced_log_priority(-1);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bd21a0cdefb30ef5522f81d865c03d11a182a63c)
- - - - -
2298b92f by Stefan Metzmacher at 2023-12-19T09:43:09+00:00
lib/util: convert DBG_STARTUP_NOTICE() to use debug_set_forced_log_priority(DBGLVL_NOTICE)
Using -1 as log level is not compatible without our infrastructure.
As all backends are initialized with .log_level = -1, which means
they don't log the message, but now they all try to handle the
startup message even if they are not configured.
E.g. is means that systemd's journalctl get the message twice
now, first via the syslog and also the systemd backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cd8dcff9e9cbfffab8c502c8701c00b0c8e3512b)
- - - - -
efc1a606 by Stefan Metzmacher at 2023-12-19T10:43:21+00:00
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
We also prodive a samba_copyright_string() helper similar to
samba_version_string().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224
(cherry picked from commit d23d6145bf08c4765479951237e697c4b2b11aa2)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Tue Dec 19 10:43:21 UTC 2023 on atb-devel-224
- - - - -
99c61fa8 by Volker Lendecke at 2023-12-19T16:05:36+00:00
lib: Fix some whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ed6a659f by Volker Lendecke at 2023-12-19T16:05:36+00:00
lib: Remove duplicate prototypes
They also exist in lib/util/time.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
201d113d by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Remove "conn" from struct dptr_struct
We have it available behind "dir_hnd".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8c08b705 by Volker Lendecke at 2023-12-19T16:05:36+00:00
profile: Fix a small memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e3b4073d by Volker Lendecke at 2023-12-19T16:05:36+00:00
profile: Fix rusage reporting
getrusage already gives accumulated values, so add them to the tdb
record after smbprofile_stats_accumulate. Maybe we should not zero out
our internal copy after writing the tdb, this would save a call to
smbprofile_stats_accumulate() once a second.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d5a0d6f7 by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Introduce srv_put_dos_date2_ts()
All but one uses of srv_put_dos_date2() converted from struct
timespec. Put that into a new routine.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
abf323d0 by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Use srv_put_dos_date2_ts() in reply_printqueue()
srv_put_dos_date2_ts() uses convert_timespec_to_time_t() on the passed
timespec, which for ts_nsec==0 returns just tv_sec.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3046b8b5 by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Remove unused srv_put_dos_date2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c00bec4a by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Give source3/smbd/dir.c its own header file
The prototypes were spread across 3 different files.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a22aeed2 by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Slightly simplify smbd_smb2_query_directory_send()
Avoid an if-statement when just assigning the result of the
if-condition to a boolean.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
9beb22a2 by Volker Lendecke at 2023-12-19T16:05:36+00:00
smbd: Remove an unused function prototype
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6d3146f9 by Volker Lendecke at 2023-12-19T17:07:04+00:00
smbd: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Dec 19 17:07:04 UTC 2023 on atb-devel-224
- - - - -
ff3b5003 by Volker Lendecke at 2023-12-20T10:15:29+00:00
rpcd_classic: Open share_info.tdb as root
srvsvc needs it, but for example NetShareGetInfo() runs as a
user. Opening share_info.tdb at that point is too late.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8cfc6ea9 by Volker Lendecke at 2023-12-20T11:20:51+00:00
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
This reverts commit 80c0b416892bfacc0d919fe032461748d7962f05.
With the previous patch it is no longer required. We open
share_info.tdb as root when starting up rpcd_classic and keep it open.
Commit 80c0b416892bfacc0d919fe032461748d7962f05 only fixed the
problem in one place, but we had it in a lot more places...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224
- - - - -
b236856a by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: function _get_attribute() was in two places
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2f5b0625 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: remove unused imports from virtualCryptSHA tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6ed2b445 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: pep8: fix incorrect number of blank lines
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a30657d4 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: make _get_attribute a method on base class
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9f8786f0 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: make _get_attribute use parse_ldif
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
18fd2e4f by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: make get_loadparm a classmethod
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5e823724 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: add get_env_credentials()
This is like get_credentials but works for tests that are based
on environment variable for usernames and passwords.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ba29bb54 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: require named parameters for callers of connect_samdb() and connect_samdb_ex()
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
587642a6 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
selftest: Avoid assertTrue() and assertFalse() where a better test exists
This allows the unittest framework to show the strings that the value was
not found in.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bf37d538 by Rob van der Linde at 2023-12-21T02:05:38+00:00
netcmd: getpassword: print OK message on stderr
This makes it easier to machine parse the output in tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c5a2d57e by Rob van der Linde at 2023-12-21T02:05:38+00:00
netcmd: models: add object sid field to User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f89a2065 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
While passwords are not normally available for read, Group Managed Service Account
passwords are, as this is how they are distributed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
23326105 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
This copes with random invalid UTF-16 as seen with gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9557140f by Rob van der Linde at 2023-12-21T02:05:38+00:00
netcmd: user: samba-tool support to allow non-windows use of GMSA accounts (show password)
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8b67a865 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
This pre-hashed value may be more practical to use than the random "UTF-16"
password. In particular it is easy to compare with the DB values.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
562bde91 by Rob van der Linde at 2023-12-21T02:05:38+00:00
selftest: fix failing user setpassword test
A side effect of being able to generate at read time unicodePwd for a gMSA is that we can also generate the unicodePwd from a virtualSambaGPG password.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
175a13ca by Andrew Bartlett at 2023-12-21T02:05:38+00:00
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
This is consistant with ;format= support for time attributes and
other users of this parameter style elsewhere in LDAP.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2c54a754 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.
This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).
This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
113d2aab by Andrew Bartlett at 2023-12-21T02:05:38+00:00
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
72f0c99a by Rob van der Linde at 2023-12-21T02:05:38+00:00
samba-tool: fix some grammar in getpassword docstrings
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
339e7ae1 by Rob van der Linde at 2023-12-21T02:05:38+00:00
samba-tool: document that -H can be used with gMSA accounts
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
128710c2 by Rob van der Linde at 2023-12-21T02:05:38+00:00
python: tests: blackbox test for GMSA
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a39e19df by Andrew Bartlett at 2023-12-21T02:05:38+00:00
WHATSNEW: Add entry for "samba-tool user getpassword" changes
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8eadc19f by Andrew Bartlett at 2023-12-21T02:05:38+00:00
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d8b3b1fe by Andrew Bartlett at 2023-12-21T02:05:38+00:00
python/netcmd: Improve documentation for "samba-tool user getpassword"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7c9fa280 by Andrew Bartlett at 2023-12-21T02:05:38+00:00
selftest: Add tests for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
31637d40 by Andrew Bartlett at 2023-12-21T03:04:12+00:00
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Dec 21 03:04:12 UTC 2023 on atb-devel-224
- - - - -
828f3c99 by Stefan Metzmacher at 2023-12-21T11:09:30+00:00
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
- - - - -
26e704d1 by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58c6e46a by Joseph Sutton at 2023-12-21T20:21:34+00:00
s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dac9cd00 by Joseph Sutton at 2023-12-21T20:21:34+00:00
s4:auth: Clarify comment about requiring FAST armor
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52c29ebc by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Parenthesize macro parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a62d38b by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Cast macro parameter ‘val’ to expected type
These macros are now consistent with PUSH_BE_U8() and with the
PUSH_LE_*() macros.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d88280b by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a334ad85 by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Remove redundant casts in PUSH_*() macros
The PUSH_*() macros already cast their arguments to the expected type,
so we don’t need to cast the arguments *again* prior to invoking the
macros.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93379df9 by Joseph Sutton at 2023-12-21T20:21:34+00:00
librpc:ndr: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b150354 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python:tests: Use ‘False’ in boolean expression rather than ‘None’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6256ad74 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python:tests: Raise exception of more specific type NotImplementedError
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10553111 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python:tests: Rename parameter to be consistent with overridden method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
507ff192 by Joseph Sutton at 2023-12-21T20:21:34+00:00
s3:param: Remove unnecessary use of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7df67d0 by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:util: Use portable integer constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74ca3134 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python:tests: Don’t needlessly create single‐element tuple
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
edb4c3b3 by Joseph Sutton at 2023-12-21T20:21:34+00:00
pyglue: Remove unnecessary uses of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2146e4a by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:cmdline: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfefdcb1 by Joseph Sutton at 2023-12-21T20:21:34+00:00
buildtools: Use correct variable in error message
When this error message was copied from CHECK_FUNCS_IN(), the variable
name was not changed. This results in messages like this:
“Mandatory library 'lib' not found for functions '<class 'list'>'”
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a65dff4 by Joseph Sutton at 2023-12-21T20:21:34+00:00
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbfb19b7 by Joseph Sutton at 2023-12-21T20:21:34+00:00
tests/krb5: Remove redundant definitions
These items are already defined elsewhere.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b39a3e7 by Joseph Sutton at 2023-12-21T20:21:34+00:00
s3:utils: Do not pass invalid file descriptor to close() (CID 1550131)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
183fd79c by Joseph Sutton at 2023-12-21T20:21:34+00:00
gkdi.idl: Comment on domain and forest name fields
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5ae3954 by Joseph Sutton at 2023-12-21T20:21:34+00:00
gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27231a96 by Joseph Sutton at 2023-12-21T20:21:34+00:00
selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
858f7003 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e67be78 by Joseph Sutton at 2023-12-21T20:21:34+00:00
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f86d6511 by Joseph Sutton at 2023-12-21T20:21:34+00:00
s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
The inner values of HRESULT and WERROR are 32‐bit unsigned integers,
which might not be representable in type ‘int’. We must then use the ‘k’
format specifier, which corresponds to ‘unsigned long’, a type
guaranteed to be at least 32 bits in size.
Commit c81aff362fe99a65385c6f8337ffcb47c9456829 fixed
PyErr_FromNTSTATUS(), but it did not attempt to fix the other cases.
PyErr_FromHRESULT() might return a tuple like this:
(-2147024809, 'One or more arguments are invalid.')
which, after this commit, will become this:
(2147942487, 'One or more arguments are invalid.')
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
44f6bfea by Joseph Sutton at 2023-12-21T20:21:34+00:00
gkdi.idl: Verify magic numbers of pulled GKDI structures
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6369f2cf by Joseph Sutton at 2023-12-21T20:21:34+00:00
lib:crypto: Add GKDI module with some constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ed2544d by Joseph Sutton at 2023-12-21T20:21:34+00:00
pyglue: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e19d74bb by Joseph Sutton at 2023-12-21T20:21:34+00:00
pyglue: Export some more HRESULT constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5a58918 by Joseph Sutton at 2023-12-21T20:21:34+00:00
pyglue: Export some GKDI constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6bb2d40 by Joseph Sutton at 2023-12-21T20:21:34+00:00
python: Add NT Time utility functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
080a62bb by Joseph Sutton at 2023-12-21T21:19:30+00:00
tests/krb5: Add Python implementation and tests for Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 21 21:19:30 UTC 2023 on atb-devel-224
- - - - -
85c4d03e by Ralph Boehme at 2023-12-21T23:48:46+00:00
s3/lib: factor out call_panic_action() from smb_panic_s3()
No change in behaviour. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a38025b3 by Ralph Boehme at 2023-12-21T23:48:46+00:00
s3/lib: add log_panic_action()
Can be used to log a nice stack backtrace with full debug symbols by setting
"panic action" to something like
panic action = cd /home/slow/git/samba/master && /home/slow/git/samba/master/selftest/gdb_backtrace %d
This is similar to log_stack_trace(), but that doesn't come with debug symbols.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65db36ca by Joseph Sutton at 2023-12-21T23:48:46+00:00
librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
346844b7 by Joseph Sutton at 2023-12-21T23:48:46+00:00
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.
Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a9f3958 by Joseph Sutton at 2023-12-21T23:48:46+00:00
librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46f61570 by Douglas Bagnall at 2023-12-21T23:48:46+00:00
libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f0c91f3 by Douglas Bagnall at 2023-12-21T23:48:46+00:00
libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21853b01 by Douglas Bagnall at 2023-12-21T23:48:46+00:00
libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4563a24 by Douglas Bagnall at 2023-12-22T00:51:13+00:00
fuzz: allow max size conditional ACE round-trip failure
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
- - - - -
bd3091df by Joseph Sutton at 2023-12-22T05:33:31+00:00
tests/krb5: Check properties of current GKDI key
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8277d7ac by Joseph Sutton at 2023-12-22T05:33:31+00:00
tests/krb5: Create root key just for implicit root key tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4946ab4c by Joseph Sutton at 2023-12-22T05:33:31+00:00
tests/krb5: Test that root key data is the correct length in bytes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d280fac by Joseph Sutton at 2023-12-22T05:33:31+00:00
tests/krb5: Raise an error if root key data is the wrong length
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f16157f by Joseph Sutton at 2023-12-22T05:33:31+00:00
lib:crypto: Add implementation of GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f5a49d7 by Joseph Sutton at 2023-12-22T06:31:29+00:00
lib:crypto: Add tests for GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 22 06:31:29 UTC 2023 on atb-devel-224
- - - - -
8c63b219 by Stefan Metzmacher at 2023-12-28T17:15:55+00:00
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
(cherry picked from commit 828f3c99122fb033ecb79e24ed24821b8510f0f8)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Thu Dec 28 17:15:55 UTC 2023 on atb-devel-224
- - - - -
2073bbf9 by Björn Jacke at 2023-12-29T12:49:34+00:00
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b9f32b32 by Björn Jacke at 2023-12-29T12:49:34+00:00
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b41f95f8 by Björn Jacke at 2023-12-29T12:49:34+00:00
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d4168fce by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: fix a NULL dereference
Signed-off-by: Bjoern Jacke <bjacke at samba.org>>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
10002e94 by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: change a printf %d to %u for results
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1324732e by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: encode: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
54a88491 by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: unwilling: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6d4bb12c by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: SearchRequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac3ed248 by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: modifyrequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9129042e by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: addrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a4d291e by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: delrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
24a01b67 by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: modifydnrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
70a5309b by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: CompareRequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
80c2513d by Björn Jacke at 2023-12-29T12:49:34+00:00
s4/ldap_backend: abandonrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bab0ac77 by Björn Jacke at 2023-12-29T13:50:05+00:00
s4/ldap_backend: do_call: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 29 13:50:05 UTC 2023 on atb-devel-224
- - - - -
314eb730 by Stefan Metzmacher at 2024-01-01T10:20:06+01:00
Happy New Year 2024!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a0bfadb3 by Volker Lendecke at 2024-01-02T19:39:37+00:00
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2cfbf43f by Volker Lendecke at 2024-01-02T20:37:01+00:00
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
- - - - -
25021b83 by Andreas Schneider at 2024-01-04T10:29:32+00:00
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1134c4f3 by Andreas Schneider at 2024-01-04T11:26:52+00:00
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 4 11:26:52 UTC 2024 on atb-devel-224
- - - - -
b1d0d5d5 by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
Event scripts run the "ipreallocated" hook in order to notice that some ip addresses
in the cluster potentially changed.
CTDB_SRVID_IPREALLOCATED gives C code a chance to get notified as well once the event
scripts are finished.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
cad1969b by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
ctdb: let "moveip" also use disable_takeover_runs()
That makes the behavior more consistent compared to a takeover run
started from the within ctdbd.
The behavior is the same but ctdb_message_disable_ip_check() used
a legacy code path and the next commits will also touch some
of the moveip logic...
The logic and comments are copied from control_reloadips().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2c6b455b by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
ctdb: remove unused ctdb_message_disable_ip_check()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
589ebabc by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
This matches the behavior of takeover_send/recv() from
ctdb_takeover_helper.c.
It means we consistently call the ipreallocated event scripts
and also send CTDB_SRVID_IPREALLOCATED after moving ips.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
62654f0a by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
"addip"/"delip" are different from "moveip" so they don't need to
call ipreallocate() nor send_ipreallocated_control_to_nodes().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
318fd95d by Jones Syue at 2024-01-04T11:39:36+00:00
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
533e5daf by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
wafsamba: introduce SAMBA_LIBRARY(force_unversioned=False)
This can be used in order to avoid a library to be
catched by --private-libraries=ALL.
It is needed for our wrapper libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a80614fe by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
third_party/*_wrapper: use SAMBA_LIBRARY(force_unversioned=True)
This prevents --private-libraries=ALL from creating unuseable
wrapper libraries, as they can't work with symbol versioning.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ae5afa6 by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
script/autobuild.py: nonshared-test works now
I guess the problem was related to wrapper libraries...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f22df59b by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
wscript: use opt.PRIVATE_EXTENSION_DEFAULT('private-samba')
The problem was that we used opt.PRIVATE_EXTENSION_DEFAULT('samba4') and
libndr as private will become libndr-samba4 and that already exists as
libndr-samba4 as we don't append the extension if it's already there.
So meant with --private-libraries=ALL we hit the following problem:
$ ./configure --private-libraries=ALL
$ make smbd/smbd
Waf: Leaving directory `/samba/bin/default'
Task dependency cycle in "run_after" constraints:
{task ...: cshlib dcerpc-samba4.empty.c.12.o,ndr_winbind_c.c.229.o -> libdcerpc-samba4.so}
make: *** [Makefile:131: smbd/smbd] Error 1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6da49582 by Stefan Metzmacher at 2024-01-04T11:39:36+00:00
wafsamba: fix the usage of --private-extension-exception
It was completely unused...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
16d802f9 by Stefan Metzmacher at 2024-01-04T12:45:58+00:00
script/autobuild.py: add some --private-libraries=ALL testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 4 12:45:58 UTC 2024 on atb-devel-224
- - - - -
f8a75f83 by Volker Lendecke at 2024-01-04T16:03:36+00:00
lib: Avoid memcpy in debug_systemd_log()
sd_journal_send() understands the %.*s format.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c3399cd4 by Volker Lendecke at 2024-01-04T16:03:36+00:00
lib: Avoid memcpy in debug_lttng_log()
tracef() understands the %.*s format.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f2dbcea6 by Volker Lendecke at 2024-01-04T17:06:19+00:00
lib: Confine the copy_no_nl memcpy to debug_gpfs_log()
gpfswrap_add_trace() seems not to have a format string that could
understand the %.*s notation.
While there this removes >4k of r/w memory from every smbd.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 4 17:06:19 UTC 2024 on atb-devel-224
- - - - -
7e0a18ac by Shachar Sharon at 2024-01-04T21:09:54+00:00
vfs_ceph: use extra 'ceph_*at()' calls when available
As of libcephfs version-10.0.3 the high-level API has few more '*at()'
calls. Prefer those newer hooks over path-based when having an
appropriate directory fd (namely: ceph_mkdirat, ceph_openat,
cepth_unlinkat, ceph_symlinkat, ceph_readlinkat).
Ceph commit: https://github.com/ceph/ceph/commit/3831aa12f3067d8cc362f39f7136dd53cb946d22
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15516
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Gunther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Jan 4 21:09:54 UTC 2024 on atb-devel-224
- - - - -
e84437ea by Björn Jacke at 2024-01-05T00:40:49+00:00
set_process_capability: log which capability was set or failed to be set
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5c2286ec by Björn Jacke at 2024-01-05T00:40:49+00:00
vfs_worm: add connect function to cache parameters
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1047abf3 by Björn Jacke at 2024-01-05T01:43:51+00:00
selftest: let list_servers.NT1 really use NT1 protocol
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Fri Jan 5 01:43:51 UTC 2024 on atb-devel-224
- - - - -
50f74d04 by Jones Syue at 2024-01-05T13:47:03+00:00
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 318fd95d5ea63724798592eb6b4eebaecfa0cbfb)
Autobuild-User(v4-19-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-19-test): Fri Jan 5 13:47:03 UTC 2024 on atb-devel-224
- - - - -
78e7c103 by Michael Tokarev at 2024-01-07T12:41:40+03:00
d/control: drop pkg.samba.nouring build profile: was needed for focal which we do not support anymore
- - - - -
069ed2f9 by Michael Tokarev at 2024-01-07T12:41:40+03:00
d/samba.maintscript, d/winbind.maintscript: remove old rm_connfiles (pre-buster versions)
- - - - -
34a86406 by Michael Tokarev at 2024-01-07T12:41:40+03:00
d/samba.cron.daily, d/samba.maintscript: remove /etc/cron.daily/samba
there's no reason to keep backing it up, most stuff
is in ldb/tdb files these days.
- - - - -
e97ec6ff by Volker Lendecke at 2024-01-08T12:50:18+00:00
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a0bfadb32b83ab1e58290f84c298d345e21866d9)
- - - - -
f11643fe by Volker Lendecke at 2024-01-08T12:50:18+00:00
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
(cherry picked from commit 2cfbf43f706d5d29a5b1a5b13aac0661e42da0b1)
- - - - -
3a39e21d by Björn Jacke at 2024-01-08T12:50:18+00:00
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2073bbf9dcab5fabe5e683c12e16c195239fcba1)
- - - - -
98e62c70 by Andreas Schneider at 2024-01-08T12:50:18+00:00
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 25021b836f74d3d247bce44c6c02a2d8b2cc39ea)
- - - - -
2084a27c by Andreas Schneider at 2024-01-08T12:50:18+00:00
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1134c4f3a63c9618c3fb79abefb40a798c7c1701)
- - - - -
a8ab61b8 by Björn Jacke at 2024-01-08T12:50:18+00:00
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b41f95f891ab5b1d1878735a513be5d9a13f63c6)
- - - - -
c6c14c07 by Björn Jacke at 2024-01-08T14:02:25+00:00
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b9f32b32e0e1463b8ca3e696d682ecf86503464b)
Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-19-test): Mon Jan 8 14:02:25 UTC 2024 on atb-devel-224
- - - - -
44fe0868 by Jule Anger at 2024-01-08T15:33:18+01:00
WHATSNEW: Add release notes for Samba 4.19.4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
95474d85 by Jule Anger at 2024-01-08T15:33:18+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b453ff5d by Michael Tokarev at 2024-01-08T18:50:04+03:00
d/rules: provide *.service files in debian/ (#1059187)
Instead of building .service files from incomplete upstream serice.in
templates and changing the generated files in numerous ways afterwards
(starting with renaming smb->smbd etc, also fixing the wrong /etc/sysconfig/
dir, etc), provide the ready-to-use .service files in debian/.
This way it is easier to see what will be installed.
This also fixes part of #1059187 (for systemd unit files).
- - - - -
157711ff by Michael Tokarev at 2024-01-08T18:53:21+03:00
d/rules: run dh_movetouser if exists (#1059187)
- - - - -
78119edb by Ralph Boehme at 2024-01-08T15:53:35+00:00
selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.
To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.
This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.
Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c62484bc by Ralph Boehme at 2024-01-08T15:53:35+00:00
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
537eedfe by Ralph Boehme at 2024-01-08T15:53:35+00:00
smbtorture: expand smb2.twrp.write test
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
276c5bd8 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: return the correct error in can_rename()
This is what Windows returns for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
76c8fe16 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: set fsp_flags.is_fsa to true on printer file handles
Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.
This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
96b577c3 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: rename check_access_fsp() to check_any_access_fsp()
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bf497819 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.
Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.
I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a0ae45be by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: return correct error when trying to create a hardlink to a VSS file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ee303521 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
995a31c8 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
02ed9934 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: use check_any_access_fsp() for all access checks
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fd4e4114 by Ralph Boehme at 2024-01-08T15:53:36+00:00
smbd: check for previous versions in check_any_access_fsp()
Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f883cd82 by Michael Tokarev at 2024-01-08T18:56:00+03:00
update changelog
- - - - -
e9c8aa5d by Michael Tokarev at 2024-01-08T19:02:44+03:00
New upstream version 4.19.4+dfsg
- - - - -
348a0639 by Michael Tokarev at 2024-01-08T19:02:56+03:00
Update upstream source from tag 'upstream/4.19.4+dfsg'
Update to upstream version '4.19.4+dfsg'
with Debian dir 1c92f7ce0afb22503996385a4e3adaf14af42d4d
- - - - -
8fb70524 by Michael Tokarev at 2024-01-08T19:11:38+03:00
update changelog; upload version 4.19.4+dfsg-1 to unstable
- - - - -
f14a7065 by Ralph Boehme at 2024-01-08T16:58:26+00:00
smbd: move access override for previous versions to the SMB layer
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
- - - - -
db7a5356 by Michael Tokarev at 2024-01-08T20:45:28+03:00
d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@
- - - - -
9885cf6b by Michael Tokarev at 2024-01-08T20:45:39+03:00
update changelog; upload version 4.19.4+dfsg-2 to unstable
- - - - -
6331d33a by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f94d2ed1 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
These and more are also defined in security_token.h, which is later included
from security.h anyway.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8a3707e3 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
We can announce the ip of the current connection even if it's
a moveable cluster address... as the client is already connected to it.
This change means in a typical ctdb cluster, where we only have public
addresses, the client can at least have more than one multichannel'ed
connection to the public ip.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
475784d6 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
client can keep it's session alive. Otherwise a windows client believes
the whole session is gone and all other channels are invalid.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
10b084f8 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
s3:smbd multichannel: improve smbXsrv_connection_dbg()
client_guid as well as local and remote address help a lot
for debugging...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d52f7279 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
lib/util: let is_zero_addr() return true for AF_UNSPEC
It means the completely zero'ed structure is detected
as zero address, as AF_UNSPEC is 0.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
88b1c872 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
s3:sessionid: export smbXsrv_session_global via sessionid->global
This will allow smbstatus --json to dump more details.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c1c326eb by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
smbXsrv_session: store session_global->client_guid
This is very useful for debugging...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f92a684 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
smbstatus: let --json report the client_guid a session belongs to
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b96ce32f by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
smbstatus: let --json dump also session channels
This makes if easier to see how tcp connections belong
to a session or client_guid.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8e850685 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
smbXsrv.idl: add python bindings
This is useful for some scripting examples and debugging...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3c73d201 by Ralph Boehme at 2024-01-09T10:21:34+00:00
examples/scripts: add smbXsrvdump
A simple python tool to dump smbXsrv TDB databases.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
78ec47a6 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
tdb: fix python/tdbdump.py example
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5beef878 by Samuel Cabrero at 2024-01-09T10:21:34+00:00
witness.idl: Set cifs as auth service name for the witness interface
Windows clients use the 'cifs' service name to bind to the witness interface.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
290b0b04 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
witness.idl: make some types public in order to be used elsewhere
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
87e37e73 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
witness.idl: add flag(NDR_PAHEX) to some hex based enums
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e829f5d8 by Stefan Metzmacher at 2024-01-09T10:21:34+00:00
dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
Requests might be cancelled if the connection got disconnected,
we got an ORPHANED or CO_CANCEL pdu.
But this is all opt-in for the backends to choose.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b6ef968 by Stefan Metzmacher at 2024-01-09T11:26:55+00:00
dcesrv_reply: just drop responses if the connection is already terminating
There's no reason to waste resources...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 9 11:26:55 UTC 2024 on atb-devel-224
- - - - -
179641bf by Andreas Schneider at 2024-01-09T13:17:34+00:00
s3:rpc_server: Mark _lsa_CreateTrustedDomain as NOT_IMPLMENTED
There is no PDB backend which is supporting this.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e9c9615a by Andreas Schneider at 2024-01-09T14:17:40+00:00
s3:rpc_server: Mark _lsa_CreateTrustedDomainEx as NOT_IMPLMENTED
There is no PDB backend supporting this.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jan 9 14:17:40 UTC 2024 on atb-devel-224
- - - - -
8eb42425 by Andreas Schneider at 2024-01-10T09:54:34+00:00
python:gp: Print a nice message if cepces-submit can't be found
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 10 09:54:34 UTC 2024 on atb-devel-224
- - - - -
9ea124e2 by Andreas Schneider at 2024-01-12T14:51:56+00:00
docs: Update idmap_ad.8 that rfc2307 is the default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 12 14:51:56 UTC 2024 on atb-devel-224
- - - - -
71f1aee6 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Align integer types
Commit a41112fcc984c19d5123e4a49a5f5fd4341e811d updated the generated
code, but not the corresponding generation script.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
446ef0aa by Joseph Sutton at 2024-01-15T00:48:40+00:00
libcli:util: Update HRESULT definitions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
da545372 by Joseph Sutton at 2024-01-15T00:48:40+00:00
libcli:util: Update NTSTATUS definitions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
575a7010 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Initialize ‘isWinError’ in constructor
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a1bf1b22 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Initialize line number to (possibly) more appropriate value
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
484a1a30 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Let error definition generation scripts tolerate empty lines
Commit beb99b80612556bc47e72a63f89fca75839d91d4 add a similar check just
for gen_hresult.py.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b70f4b0d by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Correctly report number of parsed lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6b446b51 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Remove blank line
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a846ebb4 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Use common function to parse error descriptions
The version of parseErrorDescriptions() from gen_error_common is almost
the same as the one we’ve been using. One minor difference is that
ErrorDef.error_code is now an integer rather than a string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
edff07c7 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Remove global list of errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2e82159d by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Ensure generated error definition files are closed after use
This helps to avoid warnings like this one:
/data/samba/source4/scripting/bin/gen_hresult.py:178: ResourceWarning: unclosed file <_io.TextIOWrapper name='/data/samba/bin/default/libcli/util/hresult.c' mode='w' encoding='UTF-8'>
main()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cce290e8 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Generate HRESULT definitions as part of the build process
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
16e55406 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5199d788 by Joseph Sutton at 2024-01-15T00:48:40+00:00
s4:scripting: Remove obsolete references to function prototypes
These prototypes were removed in commit
0ffe030c0dcd46b51ffb2f11c03d5b48e93d32b9.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f30a79d7 by Joseph Sutton at 2024-01-15T01:56:53+00:00
python: Generate HRESULT definitions automatically
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Mon Jan 15 01:56:53 UTC 2024 on atb-devel-224
- - - - -
1a89b523 by Björn Jacke at 2024-01-16T14:37:31+00:00
test_smbget.sh: reduce sleep time
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2df2e34c by Björn Jacke at 2024-01-16T14:37:31+00:00
time.c: fix ctime which was feeded with the mtime seconds
This bug was introduced with 53a1d034f3e47ed3c in 2020.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f02b0b98 by Björn Jacke at 2024-01-16T14:37:31+00:00
tests: add a test for vfs_recycle
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d27180bd by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_recycle: add connect function to cache parameters
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
58847271 by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_worm: factor out readonly check
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0022acac by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_worm: move write_access_flags to global
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
30fea0e9 by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_worm: add some more vfs functions that worm needs to take care of
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10430
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
24227f7e by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_worm: add my copyright
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
abe1e959 by Björn Jacke at 2024-01-16T14:37:31+00:00
vfs_worm: add FILE_WRITE_EA to write access mask
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
85f7d9d5 by Björn Jacke at 2024-01-16T14:37:31+00:00
tests: add test for vfs_worm
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
56c3dbc2 by Bjoern Jacke at 2024-01-16T14:37:31+00:00
system.c: fix fake directory create times
This was broken by c9c3d4312d7281904fc back in 2009 already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c09d1a3a by Björn Jacke at 2024-01-16T15:44:10+00:00
tests: add a test for "fake directory create times"
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jan 16 15:44:10 UTC 2024 on atb-devel-224
- - - - -
6afcb7f0 by Volker Lendecke at 2024-01-16T18:40:32+00:00
testing: case insensitive lookups fail in shadow_copy2 snapshots
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15556
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0caaa2d1 by Volker Lendecke at 2024-01-16T19:44:53+00:00
vfs: Remove shadow_copy2_get_real_filename_at()
The synthetic_pathref() call in shadow_copy2_get_real_filename_at()
fails if shadow:snapdir is set outside of the share root, it creates
an absolute path and non_widelink_open() blocks that.
We don't need shadow_copy2_get_real_filename_at() anymore because the
dirfsp already points at the correct directory in the snapshot
directory. So get_real_filename_full_scan_at() just works fine.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15556
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 16 19:44:53 UTC 2024 on atb-devel-224
- - - - -
c82a267b by Jones Syue at 2024-01-18T10:28:19+00:00
s3:passdb: smbpasswd reset permissions only if not 0600
Browsing files or download files from samba server, smbd would check user's
id to decide whether this user could access these files, by lookup user's
information from the password file (e.g. /usr/local/samba/private/smbpasswd).
smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
make sure the password file has valid permissions 0600.
Consider a scenario: we are doing a read performance benchmark about
downloading a bunch of files (e.g. a thousand files) from a samba server,
monitoring file system i/o activities counters, and expecting that should
be only read operations on file system because this is just downloading, no
uploading is involved. But actually found that still write operations on file
system, because smbd lookup user and always reset 0600 permissions on password
file while access each file, it makes dirty pages (inode modification) in ram,
later triggered a kernel journal daemon to sync dirty pages into back storage
(e.g. ext3 kjournald, or ext4 jbd2).
This looks like not friendly for read performance benchmark if it happened on
an entry-level systems with much less memory and limited computation power,
because dirty pages syncing in the meantime slows down read performance.
This patch adds fstat() before [f]chmod(), it would check whether password
file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
to avoid making dirty pages on file systems. If not 0600 smbd would warn and
go through [f]chmod() to set valid permissions 0600 to password file as
earlier days.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224
- - - - -
340753a2 by Ralph Boehme at 2024-01-20T13:20:37+00:00
net: remove a newline
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
15c07723 by Ralph Boehme at 2024-01-20T13:20:37+00:00
net: fix credentials in trustdom establish
This was broken by ea071d278a614f17b5417d3ff98e1b8d1fd8970d. I guess the whole
opt_user_specified dance should be ripped out, but that's a fix for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
449a968d by Ralph Boehme at 2024-01-20T13:20:37+00:00
net: support NT4 trusts in "net rpc trust create"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b2920fd by Ralph Boehme at 2024-01-20T13:20:37+00:00
net: create creds for other domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
95bb2acb by Ralph Boehme at 2024-01-20T13:20:37+00:00
winbindd: also apply schannel logic as an NT4 DC
This applies the same logic we already added in
06601b3a9293db35feda1b033fa864dc1a764164 for AD DCs wrt to IPC authentication
when running as an NT4 DC in cm_prepare_connection(). Similarily adjust the
check in cm_connect_lsa() added in 3e17a3b7cd4083299037ba9377931bea792b2d18 and
in cm_connect_netlogon_transport() added by
532a14dc684e7a6d8c584d5671a4ebbad00aa4fc for cm_connect_netlogon_transport().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
60ac5b03 by Ralph Boehme at 2024-01-20T13:20:37+00:00
winbindd: make add_trusted_domains_dc() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9d933abd by Ralph Boehme at 2024-01-20T13:20:37+00:00
winbindd: call add_trusted_domains_dc() in smbcontrol reload-config handler
This allows reloading trust info on an NT4 DC without restarting winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0cdc81a by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: fix domain name of nt4_dc_smb1 environment
It had the same workgroup as the nt4_dc environment:
$ grep workgroup st/nt4_dc/lib/server.conf st/nt4_dc_smb1/lib/server.conf
st/nt4_dc/lib/server.conf: workgroup = SAMBA-TEST
st/nt4_dc_smb1/lib/server.conf: workgroup = SAMBA-TEST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5420af69 by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: do early exit in setup_fl2008r2dc() if provision_fl2008r2dc() fails
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9725aa93 by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: rename a variable in setup_fl2008r2dc()
Prepares for adding another variable with a similar name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
645a7256 by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: create trust between fl2008r2dc and nt4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3a95e135 by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: add a test for NT4 trusts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
53ca1985 by Ralph Boehme at 2024-01-20T13:20:37+00:00
s4/rpc_server: return NULL dns_name for NT4 trusts
That's what Windows returns for an NT4 trust:
array: struct netr_DomainTrust
netbios_name : *
netbios_name : 'NT4TRUST'
dns_name : NULL
trust_flags : 0x00000020 (32)
0: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_DOWNLEVEL (1)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION
0: LSA_TRUST_ATTRIBUTE_PIM_TRUST
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION
sid : *
sid : S-1-5-21-4267984555-3675415144-1682400025
guid : 00000000-0000-0000-0000-000000000000
Even though when creating the trust the DNS name must not be NULL and the
trustPartner and name attributes are set to the flatName in the trustedDomain
object:
dn: CN=NT4TRUST,CN=System,DC=wdom2,DC=site
objectClass: top
objectClass: leaf
objectClass: trustedDomain
cn: NT4TRUST
distinguishedName: CN=NT4TRUST,CN=System,DC=wdom2,DC=site
instanceType: 4
whenCreated: 20240118175040.0Z
whenChanged: 20240118175040.0Z
uSNCreated: 4939915
uSNChanged: 4939916
showInAdvancedViewOnly: TRUE
name: NT4TRUST
objectGUID: c2273b74-19ff-4f5a-b528-9e5ae21960dd
securityIdentifier: S-1-5-21-4267984555-3675415144-1682400025
trustDirection: 1
trustPartner: NT4TRUST
trustPosixOffset: 0
trustType: 1
trustAttributes: 0
flatName: NT4TRUST
objectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=wdom2,DC=site
isCriticalSystemObject: TRUE
dSCorePropagationData: 16010101000000.0Z
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
000bbede by Ralph Boehme at 2024-01-20T13:20:37+00:00
selftest: test listing trusted domains that includes an NT4 domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
201edcb5 by Ralph Boehme at 2024-01-20T14:23:51+00:00
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
- - - - -
45962d41 by Anoop C S at 2024-01-20T18:43:10+00:00
source3/lib: Properly log the change in capability
We used to log the following message for both adding and dropping
capability:
DBG_INFO("added capability %d\n", capability);
For better clarity indicate the change as "added" or "dropped"
based on available functional arguments.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Sat Jan 20 18:43:10 UTC 2024 on atb-devel-224
- - - - -
fdf3656d by Pavel Filipenský at 2024-01-22T08:17:32+00:00
autobuild: Run ad_member_idmap_nss tests as part of samba-admem
Those are currently running as part of the normal 'samba' target. It
makes more sense to run them togehter with the other ad_member tests.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Jan 22 08:17:32 UTC 2024 on atb-devel-224
- - - - -
5c2f9644 by Ralph Boehme at 2024-01-22T10:53:29+00:00
vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time
This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
That gives what a classix UNIX like AIX or Solaris offers feature wise.
Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
62cbe145 by Ralph Boehme at 2024-01-22T10:53:29+00:00
CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner
This is a more sensible combination of missing Linux specific features:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
Currently only O_PATH is disabled for these jobs, but that doesn't really match
and know OS.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX
systems like AIX.
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0515dded by Ralph Boehme at 2024-01-22T10:53:29+00:00
smbd: pass symlink target path to safe_symlink_target_path()
Moves creating the symlink target path via symlink_target_path() to the
caller. This prepares for using this in non_widelink_open(), where it will
replace symlink_target_below_conn() with the same functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fc80c72d by Ralph Boehme at 2024-01-22T10:53:29+00:00
smbd: add a directory argument to safe_symlink_target_path()
Existing caller passes NULL, no change in behaviour. Prepares for
replacing symlink_target_below_conn() in open.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1965fc77 by Ralph Boehme at 2024-01-22T10:53:29+00:00
smbd: use safe_symlink_target_path() in symlink_target_below_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
27130232 by Ralph Boehme at 2024-01-22T12:00:56+00:00
smbd: use dirfsp and atname in open_directory()
On systems without /proc/fd support this avoid the expensive chdir()
logic in non_widelink_open(). open_file_ntcreate() already passes
dirfsp and atname to reopen_from_fsp(), it was just missed in the
conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 22 12:00:56 UTC 2024 on atb-devel-224
- - - - -
0d1ff699 by Gabriel Nagy at 2024-01-22T15:41:36+00:00
gpo: Test certificate policy without NDES
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
cert auto-enroll can use the certificate from the LDAP request.
However, 157335ee93e changed the implementation to convert the LDAP
certificate to base64 due to it failing to cleanly convert to a string.
Because of insufficient test coverage I missed handling the part where
NDES is disabled or not reachable and the LDAP certificate was imported.
The call to load_der_x509_certificate now fails with an error because it
expects binary data, yet it receives a base64 encoded string.
This adds a test to confirm the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f3ddfa6 by Gabriel Nagy at 2024-01-22T15:41:36+00:00
gpo: Decode base64 root cert before importing
The reasoning behind this is described in the previous commit message,
but essentially this should either be wrapped in certificate blocks and
imported as PEM, or converted back to binary and imported as DER.
I've opted for the latter since it's how it used to work before it
regressed in 157335ee93e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8579340f by Gabriel Nagy at 2024-01-22T16:48:57+00:00
gpo: Do not get templates list on first run
This is a visual fix and has no impact on functionality apart from
cleaner log messages.
The point of this is to get the list of supported templates in order to
compute a diff between the current applied templates and the updated
list, so we are able to unapply and reapply the policy in case there are
differences.
However this code path is executed on first applies as well, at which
point the root CA is not yet set up. This causes the
`get_supported_templates` call to fail, which is not a hard failure but
still pollutes the logs. In this case it's safe to avoid executing the
command as the policy will be applied regardless.
Signed-off-by: Gabriel Nagy <gabriel.nagy at canonical.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224
- - - - -
f05b61b4 by David Mulder at 2024-01-23T11:20:35+00:00
gp: Skip site GP list if no site is found
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224
- - - - -
18913d38 by Andreas Schneider at 2024-01-23T13:23:33+00:00
s3:passdb: Do not leak memory in pdb_tdb
==19938==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 77 byte(s) in 1 object(s) allocated from:
#0 0x7f7d482841f8 in strdup (/lib64/libasan.so.8+0x841f8) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7f7d47204846 (bin/shared/libsamba-util.so.0+0x4c846) (BuildId: 43b084eb9013442ac68eb1fc17649f142cbb0f94)
#2 0x7f7d40b1d97a in pdb_init_tdbsam ../../source3/passdb/pdb_tdb.c:1361
#3 0x7f7d4715f266 (bin/shared/libsamba-passdb.so.0+0x76266) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
#4 0x7f7d4715f57a (bin/shared/libsamba-passdb.so.0+0x7657a) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
#5 0x7f7d47163700 (bin/shared/libsamba-passdb.so.0+0x7a700) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
#6 0x55a9177d3853 in main ../../source3/smbd/server.c:1928
#7 0x7f7d434281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
dc18e2a2 by Andreas Schneider at 2024-01-23T13:23:33+00:00
s3:libads: Fix memory leaks in ads_create_machine_acct()
Indirect leak of 291 byte(s) in 2 object(s) allocated from:
#0 0x7fd77b6dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7fd77b094bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fd77b096034 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fd77b096034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7fd77b096034 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7fd779996633 in add_string_to_array ../../lib/util/util_strlist.c:504
#6 0x7fd77b10c754 in ads_create_machine_acct ../../source3/libads/ldap.c:2662
#7 0x7fd77b46705f in libnet_join_precreate_machine_acct ../../source3/libnet/libnet_join.c:390
#8 0x7fd77b46705f in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2852
#9 0x7fd77b46705f in libnet_Join ../../source3/libnet/libnet_join.c:3036
#10 0x55fb9788d91a in net_ads_join ../../source3/utils/net_ads.c:1853
#11 0x55fb9793ab86 in net_join ../../source3/utils/net_join.c:45
#12 0x55fb9793084f in net_run_function ../../source3/utils/net_util.c:454
#13 0x55fb97889859 in main ../../source3/utils/net.c:1372
#14 0x7fd7768281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
13d98c8f by Andreas Schneider at 2024-01-23T14:30:58+00:00
s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid()
Direct leak of 68 byte(s) in 1 object(s) allocated from:
#0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38
#2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90
#3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
#4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
#5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110
#6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
#7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
#8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416
#9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464
#10 0x557a1f121129 in main ../../source3/utils/net.c:1372
#11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224
- - - - -
24ad425e by Volker Lendecke at 2024-01-23T23:28:31+00:00
lib: Simplify hresult.c
Functions don't need a ; at the end.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6877e484 by Volker Lendecke at 2024-01-23T23:28:31+00:00
lib: Avoid 70k of r/w memory
This adds more .text than it strips .data, but .text is shared between
all processes, .data is copied.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36303bbd by Volker Lendecke at 2024-01-23T23:28:31+00:00
libsmb: Fix whitespace and a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e741b59 by Volker Lendecke at 2024-01-23T23:28:31+00:00
lib: Modernize (and fix) a DBG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
995d1958 by Volker Lendecke at 2024-01-23T23:28:31+00:00
lib: Simplify grant_privilege_bitmap()
ZERO_STRUCT on a uint64_t doesn't really make sense...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73a27939 by Volker Lendecke at 2024-01-23T23:28:31+00:00
samr_server: Avoid a DEBUGADD()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebb8084c by Volker Lendecke at 2024-01-23T23:28:31+00:00
samr_server: Modernize a DBG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39e3300b by Volker Lendecke at 2024-01-24T00:35:33+00:00
smbd: Some README.Coding in smbd_do_qfilepathinfo()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 24 00:35:33 UTC 2024 on atb-devel-224
- - - - -
697d4142 by Anoop C S at 2024-01-26T10:26:30+00:00
Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
This reverts commit 0e3836e3961f2b7c39173ce1023d3c92addef630.
With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".
Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.
[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
49b6137f by Noel Power at 2024-01-26T10:26:30+00:00
s3: Make build of wspsearch client enabled by default
Although wspsearch client is experimental it is probably better to
enable its building by default so it gets has some opportunity to be
used/tested by users.
Signed-off-by: Noel Power <noel.power at suse.com>
- - - - -
a9028f25 by Noel Power at 2024-01-26T10:26:30+00:00
WHATSNEW: Add entry for wspsearch client utility
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d63e972a by Noel Power at 2024-01-26T11:30:07+00:00
WHATSNEW: Add entry for new save/restore options for smbcacls
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224
- - - - -
e657fca5 by Anoop C S at 2024-01-26T15:53:33+00:00
vfs_ceph: Fix a usage in comments
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
858b1d06 by Anoop C S at 2024-01-26T15:53:33+00:00
vfs_ceph: Indicate a successful connection in logs
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
fe16ae1f by Anoop C S at 2024-01-26T15:53:33+00:00
source3/wscript: Announce deprecation of old Ceph version support
*at() variants for various libcephfs APIs were added with Ceph v17.x.
Any other version less than v17.x is soon to be considered EOL[1] which
we will now indicate with the help of a warning message during configure
time. Going further such a situation will result in disabling the module
altogether with the next major Samba version after v4.20.
[1] https://docs.ceph.com/en/latest/releases/#ceph-releases-index
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
fe8d866d by Anoop C S at 2024-01-26T16:56:59+00:00
vfs_ceph: Implement SMB_VFS_FSTATAT
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224
- - - - -
b9bd7e89 by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
smbstatus: let --json include session.{creation,expiration,auth}_time
This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
f21e3800 by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
witness.idl: make witness_interfaceList public to that ndr_print works in python
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
ceda79b6 by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()
In future we also want to ask other nodes for their public_ips.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
3106709c by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
s3:ctdbd_conn: split out ctdbd_control_get_nodemap()
This will simplify future changes...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
9083f49e by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper
This can we used to traverse through all ip addresses ctdb knows
about.
The caller can select node ips and/or public ips.
This will we useful to monitor the addresses from a witness
service...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
85f30bcf by Stefan Metzmacher at 2024-01-26T17:00:32+00:00
s3:rpc_server: add basic rpcd_witness template
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
cb1d711e by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
The design is relatively simple in the end:
- We use ctdbd_all_ip_foreach() in order to build an
in memory list of interfaces(ip addresses) and
record if:
- they are currently available or not
- if they node local or not
- The current list is would we use for the
GetInterfaceList() call.
- Register[Ex] will create an in memory structure
holding a queue for pending AsyncNotify requests.
- Unregister() will cancel pending AsyncNotify requests and
let them return NOT_FOUND.
- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
with ctdbd_all_ip_foreach():
- this will detect changes in the interface state
and remove stale interfaces.
- for each change the list of registrations is checked
for a matching ip address and a RESOURCE_CHANGE
will be scheduled in the queue of the registration,
the started queue will trigger AsyncNotify responses
- We also register the connections with ctdb in order
to give other nodes a chance to generate tickle-acks
for the witness tcp connections.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
bc2a7737 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
selftest/Samba3: get NETBIOSNAME correct for clusteredmember
It was missed in commit
7598b9069d3b983f8eb3b89b8459ec993ee43c80
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
15b17f1f by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
selftest/Samba3: remove unused variable in setup_clusteredmember
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
2f9dfaae by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
selftest/Samba3: start samba_dcerpcd in clusteredmember
This enables the rpcd_witness to be available.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
3ede6955 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
It means ctdb/tests/local_daemons.sh will be easily useable
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
ea1ec424 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'
Otherwise tests won't find the custom tdb python bindings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
b3c51c4b by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python/tests: add TestCase.get_loadparm(s3=True) support
This will be used for tests with registry shares,
as the top level loadparm system doesn't support them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
b17e090e by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python/blackbox: add rpcd_witness_samba_only.py test
This tests the witness service and its interaction with
ctdb.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
a9829ce6 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
fcc8e097 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records
This will allow 'net witness list' to be implemented in the end.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
46fdeca6 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:utils: add 'net witness list' command
It lists the entries from the rpcd_witness_registration.tdb.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
3e70b31f by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python:tests/rpcd_witness_samba_only: add tests for 'net witness list'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
0744d55b by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
b722dc74 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
4fba5bca by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
This implements the server side features for the
'net witness [client-move,...]' commands in the end.
These are administrator driven notifications for the witness client.
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
df3b5f93 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:utils: add 'net witness client-move' and 'net witness share-move'
These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
290ef547 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
8536a217 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:utils: add 'net witness force-unregister'
This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.
Any pending AsyncNotify will get WERR_NOT_FOUND.
Typically this triggers a clean re-registration on the client.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
8a643fea by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
946bf100 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
s3:utils: add 'net witness force-response'
This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.
This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
941f53f0 by Stefan Metzmacher at 2024-01-26T17:00:33+00:00
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
447e131e by Stefan Metzmacher at 2024-01-26T18:04:10+00:00
smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jan 26 18:04:10 UTC 2024 on atb-devel-224
- - - - -
6e6d8384 by Anoop C S at 2024-01-27T00:01:12+00:00
vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224
- - - - -
6a9630ef by Andreas Schneider at 2024-01-29T09:32:46+00:00
python:gp: Avoid path check for cepces-submit
find_cepces_submit() uses which(), which returns None if not found.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
6d5507e0 by Andreas Schneider at 2024-01-29T09:32:46+00:00
python:gp: Improve logging for certificate enrollment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
728757cd by Andreas Schneider at 2024-01-29T09:32:46+00:00
python:gp: Do not print an error, if CA already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
98dc4428 by Andreas Schneider at 2024-01-29T09:32:46+00:00
python:gp: Do not print an error if template already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
367756b8 by Andreas Schneider at 2024-01-29T09:32:46+00:00
python:gp: Log an error if update fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
1f823424 by Andreas Schneider at 2024-01-29T10:37:29+00:00
python:gp: Improve working of log messages to avoid confusion
We should not use the word "Failed". We are totally fine if we can't
connect to NDES in the meantime. This logs:
Try to get root or server certificates.
Unable to install root certificates (requires NDES).
Installing the server certificate only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224
- - - - -
f28966c1 by Jule Anger at 2024-01-29T14:39:32+00:00
talloc: release 2.4.2
- build with Python 3.12 (bug #15513)
- documentation fixes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5032ab71 by Jule Anger at 2024-01-29T14:39:32+00:00
tdb: release 1.4.10
- build with Python 3.12 (bug #15513)
- documentation fixes
- minor build fixes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0ba05d5b by Jule Anger at 2024-01-29T14:39:32+00:00
tevent: release 0.16.1
- build with Python 3.12 (bug #15513)
- documentation fixes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ec912043 by Jule Anger at 2024-01-29T14:39:32+00:00
ldb: release 2.9.0 for use in Samba 4.20.x
- documentation fixes
- build with Python 3.12 (bug #15513)
- a lot of additional error checking in
the python bindings
- minor code fixes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8e31cb20 by Jule Anger at 2024-01-29T14:39:32+00:00
WHATSNEW: Up to Samba 4.20.0rc1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d05af785 by Jule Anger at 2024-01-29T14:39:32+00:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0ecb2407 by Michael Tokarev at 2024-01-29T19:55:12+03:00
prepare 4.20-rc (experimental)
- - - - -
629deed6 by Michael Tokarev at 2024-01-29T19:55:47+03:00
New upstream version 4.20.0~rc1+dfsg
- - - - -
c7ca2c9d by Michael Tokarev at 2024-01-29T19:56:00+03:00
Update upstream source from tag 'upstream/4.20.0_rc1+dfsg'
Update to upstream version '4.20.0~rc1+dfsg'
with Debian dir 10972e1376d9219a45a4cb7074b7529b1da00b9c
- - - - -
0ad20de3 by Michael Tokarev at 2024-01-29T19:56:52+03:00
d/changelog: start 4.20
- - - - -
af41a5f1 by Michael Tokarev at 2024-01-29T19:57:59+03:00
d/control: bump tevent/talloc/tdb versions for Build-Depends
- - - - -
b415c12c by Michael Tokarev at 2024-01-29T20:29:38+03:00
d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0)
- - - - -
bebbc9aa by Michael Tokarev at 2024-01-29T20:30:00+03:00
d/patches/meaningful-error-if-no-python3-markdown.patch: fixup
- - - - -
c7d6ed69 by Michael Tokarev at 2024-01-29T20:30:19+03:00
d/patches/python-fix-invalid-escape-sequences.patch: remove, applied upstream
- - - - -
00393950 by Michael Tokarev at 2024-01-29T20:39:24+03:00
d/*.install: internal library names changed, libfoo-samba4.so.0 => libfoo-private-samba.so.0
- - - - -
d6222c23 by Michael Tokarev at 2024-01-29T21:06:00+03:00
d/samba-libs.install: update names for libdcerpc & libndr private libraries
- - - - -
99dc9f7d by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/{samba,samba-libs}.lintian-overrides: accomodate for private samba libs rename
- - - - -
07352e3a by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/samba-libs.install: libndr has soversion 4 now
This version isn't compatible with libndr3 anymore, due to different
types (uint32_t vs uint64_t) used for flags in various functions.
- - - - -
f01ae03c by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/samba-libs.links: remove, was for libndr links only
- - - - -
21ea47cb by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/samba-libs.symbols: update with new ndr4 symbols
- - - - -
100de616 by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/libsmbclient.symbols: update with new symbols
- - - - -
8db4722b by Michael Tokarev at 2024-01-29T21:20:50+03:00
d/samba-dev.install: add smb3posix.h
- - - - -
08e8ad41 by Michael Tokarev at 2024-01-29T21:25:12+03:00
d/control: bump minimum mit-krb5 version in Build-Depends to 1.21 (for pkg.samba.mitkrb5 build profile)
- - - - -
91f3f849 by Michael Tokarev at 2024-01-29T21:32:07+03:00
d/not-installed: add usr/bin/wspsearch experimental windows search client
- - - - -
f72d793b by Michael Tokarev at 2024-01-29T21:32:20+03:00
d/control: libperl-json is not needed for build anymore
- - - - -
c3dcd48e by Michael Tokarev at 2024-01-29T21:43:34+03:00
update changelog; upload version 4.20.0~rc1+dfsg-1 to experimental
- - - - -
30 changed files:
- .clang-format
- + .codespellignore
- + .codespellrc
- .gitattributes
- .gitlab-ci-default-runners.yml
- .gitlab-ci-main.yml
- Makefile
- SECURITY.md
- VERSION
- WHATSNEW.txt
- auth/auth_sam_reply.c
- auth/common_auth.h
- auth/credentials/credentials.c
- auth/credentials/credentials.h
- auth/credentials/credentials_internal.h
- auth/credentials/credentials_krb5.c
- auth/credentials/credentials_ntlm.c
- auth/credentials/pycredentials.c
- auth/credentials/tests/test_creds.c
- auth/credentials/wscript_build
- auth/gensec/gensec_start.c
- auth/gensec/schannel.c
- auth/kerberos/kerberos_pac.c
- auth/ntlmssp/ntlmssp_sign.c
- bootstrap/.gitlab-ci.yml
- bootstrap/config.py
- bootstrap/generated-dists/Vagrantfile
- bootstrap/generated-dists/centos7/bootstrap.sh
- bootstrap/generated-dists/centos7/packages.yml
- bootstrap/generated-dists/centos8s/bootstrap.sh
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/1a36a16eb2eadbd2f1e8e5297ff5fabbab2b2be6...c3dcd48e1594724d13f215991a2d847c969785e0
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/1a36a16eb2eadbd2f1e8e5297ff5fabbab2b2be6...c3dcd48e1594724d13f215991a2d847c969785e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20240129/8af64675/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list